mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-09-20 11:15:18 +00:00
b1b3377b9c
+ Transparently handles inline elements in block context (blockquote) ! Added GET method to demo for easier validation, added 50kb max input size ! New directive %HTML.BlockWrapper, for block-ifying inline elements ! New directive %HTML.Parent, allows you to only allow inline content - Added missing type to ChildDef_Chameleon . ChildDef_Required guards against empty tags . Lookup table HTMLDefinition->info_flow_elements added . Added peace-of-mind variable initialization to Strategy_FixNesting git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@560 48356398-32a2-884e-a903-53898d9a118a
103 lines
3.4 KiB
PHP
103 lines
3.4 KiB
PHP
<?php
|
|
|
|
require_once 'HTMLPurifier/ChildDef.php';
|
|
|
|
/**
|
|
* Definition that allows a set of elements, but disallows empty children.
|
|
*/
|
|
class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
|
{
|
|
/**
|
|
* Lookup table of allowed elements.
|
|
*/
|
|
var $elements = array();
|
|
/**
|
|
* @param $elements List of allowed element names (lowercase).
|
|
*/
|
|
function HTMLPurifier_ChildDef_Required($elements) {
|
|
if (is_string($elements)) {
|
|
$elements = str_replace(' ', '', $elements);
|
|
$elements = explode('|', $elements);
|
|
}
|
|
$elements = array_flip($elements);
|
|
foreach ($elements as $i => $x) {
|
|
$elements[$i] = true;
|
|
if (empty($i)) unset($elements[$i]);
|
|
}
|
|
$this->elements = $elements;
|
|
$this->gen = new HTMLPurifier_Generator();
|
|
}
|
|
var $allow_empty = false;
|
|
var $type = 'required';
|
|
function validateChildren($tokens_of_children, $config, &$context) {
|
|
// if there are no tokens, delete parent node
|
|
if (empty($tokens_of_children)) return false;
|
|
|
|
// the new set of children
|
|
$result = array();
|
|
|
|
// current depth into the nest
|
|
$nesting = 0;
|
|
|
|
// whether or not we're deleting a node
|
|
$is_deleting = false;
|
|
|
|
// whether or not parsed character data is allowed
|
|
// this controls whether or not we silently drop a tag
|
|
// or generate escaped HTML from it
|
|
$pcdata_allowed = isset($this->elements['#PCDATA']);
|
|
|
|
// a little sanity check to make sure it's not ALL whitespace
|
|
$all_whitespace = true;
|
|
|
|
// some configuration
|
|
$escape_invalid_children = $config->get('Core', 'EscapeInvalidChildren');
|
|
|
|
foreach ($tokens_of_children as $token) {
|
|
if (!empty($token->is_whitespace)) {
|
|
$result[] = $token;
|
|
continue;
|
|
}
|
|
$all_whitespace = false; // phew, we're not talking about whitespace
|
|
|
|
$is_child = ($nesting == 0);
|
|
|
|
if ($token->type == 'start') {
|
|
$nesting++;
|
|
} elseif ($token->type == 'end') {
|
|
$nesting--;
|
|
}
|
|
|
|
if ($is_child) {
|
|
$is_deleting = false;
|
|
if (!isset($this->elements[$token->name])) {
|
|
$is_deleting = true;
|
|
if ($pcdata_allowed && $token->type == 'text') {
|
|
$result[] = $token;
|
|
} elseif ($pcdata_allowed && $escape_invalid_children) {
|
|
$result[] = new HTMLPurifier_Token_Text(
|
|
$this->gen->generateFromToken($token, $config)
|
|
);
|
|
}
|
|
continue;
|
|
}
|
|
}
|
|
if (!$is_deleting || ($pcdata_allowed && $token->type == 'text')) {
|
|
$result[] = $token;
|
|
} elseif ($pcdata_allowed && $escape_invalid_children) {
|
|
$result[] =
|
|
new HTMLPurifier_Token_Text(
|
|
$this->gen->generateFromToken( $token, $config )
|
|
);
|
|
} else {
|
|
// drop silently
|
|
}
|
|
}
|
|
if (empty($result)) return false;
|
|
if ($all_whitespace) return false;
|
|
if ($tokens_of_children == $result) return true;
|
|
return $result;
|
|
}
|
|
}
|
|
|
|
?>
|