mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-19 06:23:12 +01:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
43 lines
1.1 KiB
PHP
Executable File
43 lines
1.1 KiB
PHP
Executable File
<?php
|
|
|
|
// must be called POST validation
|
|
|
|
/**
|
|
* Transform that supplies default values for the src and alt attributes
|
|
* in img tags, as well as prevents the img tag from being removed
|
|
* because of a missing alt tag. This needs to be registered as both
|
|
* a pre and post attribute transform.
|
|
*/
|
|
class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
|
|
{
|
|
|
|
public function transform($attr, $config, $context) {
|
|
|
|
$src = true;
|
|
if (!isset($attr['src'])) {
|
|
if ($config->get('Core', 'RemoveInvalidImg')) return $attr;
|
|
$attr['src'] = $config->get('Attr', 'DefaultInvalidImage');
|
|
$src = false;
|
|
}
|
|
|
|
if (!isset($attr['alt'])) {
|
|
if ($src) {
|
|
$alt = $config->get('Attr', 'DefaultImageAlt');
|
|
if ($alt === null) {
|
|
$attr['alt'] = basename($attr['src']);
|
|
} else {
|
|
$attr['alt'] = $alt;
|
|
}
|
|
} else {
|
|
$attr['alt'] = $config->get('Attr', 'DefaultInvalidImageAlt');
|
|
}
|
|
}
|
|
|
|
return $attr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|