egroupware/phpgwapi/inc/htmlpurifier/library/HTMLPurifier/Strategy/ValidateAttributes.php
Ralf Becker 8f797be836 Added HTMLPurifier (http://htmlpurifier.org/) Version 3.3.0
- can be used via html class like: 

        $clean_html = html::purify($html);

- using it now in eTemplate to remove malicious code from html:
  a) when displaying "formatted text"
  b) when "formatted text" get's input by the user
2009-05-19 17:32:06 +00:00

40 lines
1.0 KiB
PHP
Executable File

<?php
/**
* Validate all attributes in the tokens.
*/
class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
{
public function execute($tokens, $config, $context) {
// setup validator
$validator = new HTMLPurifier_AttrValidator();
$token = false;
$context->register('CurrentToken', $token);
foreach ($tokens as $key => $token) {
// only process tokens that have attributes,
// namely start and empty tags
if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) continue;
// skip tokens that are armored
if (!empty($token->armor['ValidateAttributes'])) continue;
// note that we have no facilities here for removing tokens
$validator->validateToken($token, $config, $context);
$tokens[$key] = $token; // for PHP 4
}
$context->destroy('CurrentToken');
return $tokens;
}
}
// vim: et sw=4 sts=4