mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-13 05:32:46 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
28 lines
679 B
PHP
Executable File
28 lines
679 B
PHP
Executable File
<?php
|
|
|
|
// VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the
|
|
// email is valid, but be careful!
|
|
|
|
/**
|
|
* Validates mailto (for E-mail) according to RFC 2368
|
|
* @todo Validate the email address
|
|
* @todo Filter allowed query parameters
|
|
*/
|
|
|
|
class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme {
|
|
|
|
public $browsable = false;
|
|
|
|
public function validate(&$uri, $config, $context) {
|
|
parent::validate($uri, $config, $context);
|
|
$uri->userinfo = null;
|
|
$uri->host = null;
|
|
$uri->port = null;
|
|
// we need to validate path against RFC 2368's addr-spec
|
|
return true;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|