forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
43 lines
1.1 KiB
PHP
Executable File
43 lines
1.1 KiB
PHP
Executable File
<?php
|
|
|
|
// must be called POST validation
|
|
|
|
/**
|
|
* Transform that supplies default values for the src and alt attributes
|
|
* in img tags, as well as prevents the img tag from being removed
|
|
* because of a missing alt tag. This needs to be registered as both
|
|
* a pre and post attribute transform.
|
|
*/
|
|
class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
|
|
{
|
|
|
|
public function transform($attr, $config, $context) {
|
|
|
|
$src = true;
|
|
if (!isset($attr['src'])) {
|
|
if ($config->get('Core', 'RemoveInvalidImg')) return $attr;
|
|
$attr['src'] = $config->get('Attr', 'DefaultInvalidImage');
|
|
$src = false;
|
|
}
|
|
|
|
if (!isset($attr['alt'])) {
|
|
if ($src) {
|
|
$alt = $config->get('Attr', 'DefaultImageAlt');
|
|
if ($alt === null) {
|
|
$attr['alt'] = basename($attr['src']);
|
|
} else {
|
|
$attr['alt'] = $alt;
|
|
}
|
|
} else {
|
|
$attr['alt'] = $config->get('Attr', 'DefaultInvalidImageAlt');
|
|
}
|
|
}
|
|
|
|
return $attr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|