mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-11 04:22:07 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
35 lines
972 B
PHP
Executable File
35 lines
972 B
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Decorator that, depending on a token, switches between two definitions.
|
|
*/
|
|
class HTMLPurifier_AttrDef_Switch
|
|
{
|
|
|
|
protected $tag;
|
|
protected $withTag, $withoutTag;
|
|
|
|
/**
|
|
* @param string $tag Tag name to switch upon
|
|
* @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
|
|
* @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token
|
|
*/
|
|
public function __construct($tag, $with_tag, $without_tag) {
|
|
$this->tag = $tag;
|
|
$this->withTag = $with_tag;
|
|
$this->withoutTag = $without_tag;
|
|
}
|
|
|
|
public function validate($string, $config, $context) {
|
|
$token = $context->get('CurrentToken', true);
|
|
if (!$token || $token->name !== $this->tag) {
|
|
return $this->withoutTag->validate($string, $config, $context);
|
|
} else {
|
|
return $this->withTag->validate($string, $config, $context);
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|