mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-08 11:02:56 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
40 lines
1.0 KiB
PHP
Executable File
40 lines
1.0 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Validate all attributes in the tokens.
|
|
*/
|
|
|
|
class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
|
|
{
|
|
|
|
public function execute($tokens, $config, $context) {
|
|
|
|
// setup validator
|
|
$validator = new HTMLPurifier_AttrValidator();
|
|
|
|
$token = false;
|
|
$context->register('CurrentToken', $token);
|
|
|
|
foreach ($tokens as $key => $token) {
|
|
|
|
// only process tokens that have attributes,
|
|
// namely start and empty tags
|
|
if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) continue;
|
|
|
|
// skip tokens that are armored
|
|
if (!empty($token->armor['ValidateAttributes'])) continue;
|
|
|
|
// note that we have no facilities here for removing tokens
|
|
$validator->validateToken($token, $config, $context);
|
|
|
|
$tokens[$key] = $token; // for PHP 4
|
|
}
|
|
$context->destroy('CurrentToken');
|
|
|
|
return $tokens;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|