mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-08 11:02:56 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
27 lines
958 B
PHP
Executable File
27 lines
958 B
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Definition that allows a set of elements, and allows no children.
|
|
* @note This is a hack to reuse code from HTMLPurifier_ChildDef_Required,
|
|
* really, one shouldn't inherit from the other. Only altered behavior
|
|
* is to overload a returned false with an array. Thus, it will never
|
|
* return false.
|
|
*/
|
|
class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
|
|
{
|
|
public $allow_empty = true;
|
|
public $type = 'optional';
|
|
public function validateChildren($tokens_of_children, $config, $context) {
|
|
$result = parent::validateChildren($tokens_of_children, $config, $context);
|
|
// we assume that $tokens_of_children is not modified
|
|
if ($result === false) {
|
|
if (empty($tokens_of_children)) return true;
|
|
elseif ($this->whitespace) return $tokens_of_children;
|
|
else return array();
|
|
}
|
|
return $result;
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|