mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-17 05:23:26 +01:00
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
57 lines
1.8 KiB
PHP
Executable File
57 lines
1.8 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Processes an entire attribute array for corrections needing multiple values.
|
|
*
|
|
* Occasionally, a certain attribute will need to be removed and popped onto
|
|
* another value. Instead of creating a complex return syntax for
|
|
* HTMLPurifier_AttrDef, we just pass the whole attribute array to a
|
|
* specialized object and have that do the special work. That is the
|
|
* family of HTMLPurifier_AttrTransform.
|
|
*
|
|
* An attribute transformation can be assigned to run before or after
|
|
* HTMLPurifier_AttrDef validation. See HTMLPurifier_HTMLDefinition for
|
|
* more details.
|
|
*/
|
|
|
|
abstract class HTMLPurifier_AttrTransform
|
|
{
|
|
|
|
/**
|
|
* Abstract: makes changes to the attributes dependent on multiple values.
|
|
*
|
|
* @param $attr Assoc array of attributes, usually from
|
|
* HTMLPurifier_Token_Tag::$attr
|
|
* @param $config Mandatory HTMLPurifier_Config object.
|
|
* @param $context Mandatory HTMLPurifier_Context object
|
|
* @returns Processed attribute array.
|
|
*/
|
|
abstract public function transform($attr, $config, $context);
|
|
|
|
/**
|
|
* Prepends CSS properties to the style attribute, creating the
|
|
* attribute if it doesn't exist.
|
|
* @param $attr Attribute array to process (passed by reference)
|
|
* @param $css CSS to prepend
|
|
*/
|
|
public function prependCSS(&$attr, $css) {
|
|
$attr['style'] = isset($attr['style']) ? $attr['style'] : '';
|
|
$attr['style'] = $css . $attr['style'];
|
|
}
|
|
|
|
/**
|
|
* Retrieves and removes an attribute
|
|
* @param $attr Attribute array to process (passed by reference)
|
|
* @param $key Key of attribute to confiscate
|
|
*/
|
|
public function confiscateAttr(&$attr, $key) {
|
|
if (!isset($attr[$key])) return null;
|
|
$value = $attr[$key];
|
|
unset($attr[$key]);
|
|
return $value;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|