mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-17 05:23:26 +01:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
24 lines
524 B
PHP
Executable File
24 lines
524 B
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Pre-transform that changes proprietary background attribute to CSS.
|
|
*/
|
|
class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform {
|
|
|
|
public function transform($attr, $config, $context) {
|
|
|
|
if (!isset($attr['background'])) return $attr;
|
|
|
|
$background = $this->confiscateAttr($attr, 'background');
|
|
// some validation should happen here
|
|
|
|
$this->prependCSS($attr, "background-image:url($background);");
|
|
|
|
return $attr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|