mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-08 11:02:56 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
39 lines
1.1 KiB
PHP
Executable File
39 lines
1.1 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Allows multiple validators to attempt to validate attribute.
|
|
*
|
|
* Composite is just what it sounds like: a composite of many validators.
|
|
* This means that multiple HTMLPurifier_AttrDef objects will have a whack
|
|
* at the string. If one of them passes, that's what is returned. This is
|
|
* especially useful for CSS values, which often are a choice between
|
|
* an enumerated set of predefined values or a flexible data type.
|
|
*/
|
|
class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
|
|
{
|
|
|
|
/**
|
|
* List of HTMLPurifier_AttrDef objects that may process strings
|
|
* @todo Make protected
|
|
*/
|
|
public $defs;
|
|
|
|
/**
|
|
* @param $defs List of HTMLPurifier_AttrDef objects
|
|
*/
|
|
public function __construct($defs) {
|
|
$this->defs = $defs;
|
|
}
|
|
|
|
public function validate($string, $config, $context) {
|
|
foreach ($this->defs as $i => $def) {
|
|
$result = $this->defs[$i]->validate($string, $config, $context);
|
|
if ($result !== false) return $result;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|