forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
31 lines
964 B
PHP
Executable File
31 lines
964 B
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* @file
|
|
* Emulation layer for code that used kses(), substituting in HTML Purifier.
|
|
*/
|
|
|
|
require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
|
|
|
|
function kses($string, $allowed_html, $allowed_protocols = null) {
|
|
$config = HTMLPurifier_Config::createDefault();
|
|
$allowed_elements = array();
|
|
$allowed_attributes = array();
|
|
foreach ($allowed_html as $element => $attributes) {
|
|
$allowed_elements[$element] = true;
|
|
foreach ($attributes as $attribute => $x) {
|
|
$allowed_attributes["$element.$attribute"] = true;
|
|
}
|
|
}
|
|
$config->set('HTML', 'AllowedElements', $allowed_elements);
|
|
$config->set('HTML', 'AllowedAttributes', $allowed_attributes);
|
|
$allowed_schemes = array();
|
|
if ($allowed_protocols !== null) {
|
|
$config->set('URI', 'AllowedSchemes', $allowed_protocols);
|
|
}
|
|
$purifier = new HTMLPurifier($config);
|
|
return $purifier->purify($string);
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|