mirror of
https://github.com/e107inc/e107.git
synced 2025-08-02 12:48:26 +02:00
New parser extends existing one.
This commit is contained in:
@@ -2342,7 +2342,7 @@ class e_parse
|
|||||||
* Start Fresh and Build on it over time to become eventual replacement to e_parse.
|
* Start Fresh and Build on it over time to become eventual replacement to e_parse.
|
||||||
* Cameron's DOM-based parser.
|
* Cameron's DOM-based parser.
|
||||||
*/
|
*/
|
||||||
class e_parser
|
class e_parser extends e_parse
|
||||||
{
|
{
|
||||||
private $domObj = null;
|
private $domObj = null;
|
||||||
private $removedList = array();
|
private $removedList = array();
|
||||||
@@ -2358,7 +2358,8 @@ class e_parser
|
|||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->domObj = new DOMDocument();
|
$this->domObj = new DOMDocument();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
$meths = get_class_methods('DomDocument');
|
$meths = get_class_methods('DomDocument');
|
||||||
sort($meths);
|
sort($meths);
|
||||||
@@ -2391,7 +2392,7 @@ class e_parser
|
|||||||
*/
|
*/
|
||||||
public function test()
|
public function test()
|
||||||
{
|
{
|
||||||
$tp = e107::getParser();
|
// $tp = e107::getParser();
|
||||||
$sql = e107::getDb();
|
$sql = e107::getDb();
|
||||||
|
|
||||||
$html = $this->getXss();
|
$html = $this->getXss();
|
||||||
@@ -2404,17 +2405,17 @@ class e_parser
|
|||||||
echo "<h3>\$tp->dataFilter()</h3>";
|
echo "<h3>\$tp->dataFilter()</h3>";
|
||||||
// echo $tp->dataFilter($html); // Remove Comment for a real mess!
|
// echo $tp->dataFilter($html); // Remove Comment for a real mess!
|
||||||
$sql->db_Mark_Time('Start Parser Test');
|
$sql->db_Mark_Time('Start Parser Test');
|
||||||
print_a($tp->dataFilter($html));
|
print_a($this->dataFilter($html));
|
||||||
$sql->db_Mark_Time('tp->dataFilter');
|
$sql->db_Mark_Time('tp->dataFilter');
|
||||||
|
|
||||||
echo "<h3>\$tp->toHtml()</h3>";
|
echo "<h3>\$tp->toHtml()</h3>";
|
||||||
// echo $tp->dataFilter($html); // Remove Comment for a real mess!
|
// echo $tp->dataFilter($html); // Remove Comment for a real mess!
|
||||||
print_a($tp->tohtml($html));
|
print_a($this->tohtml($html));
|
||||||
$sql->db_Mark_Time('tp->toHtml');
|
$sql->db_Mark_Time('tp->toHtml');
|
||||||
|
|
||||||
echo "<h3>\$tp->toDB()</h3>";
|
echo "<h3>\$tp->toDB()</h3>";
|
||||||
// echo $tp->dataFilter($html); // Remove Comment for a real mess!
|
// echo $tp->dataFilter($html); // Remove Comment for a real mess!
|
||||||
print_a($tp->toDB($html));
|
print_a($this->toDB($html));
|
||||||
$sql->db_Mark_Time('tp->toDB');
|
$sql->db_Mark_Time('tp->toDB');
|
||||||
|
|
||||||
|
|
||||||
@@ -2440,15 +2441,17 @@ class e_parser
|
|||||||
/**
|
/**
|
||||||
* Process and clean HTML from user input.
|
* Process and clean HTML from user input.
|
||||||
* @param $html raw HTML
|
* @param $html raw HTML
|
||||||
|
* TODO Html5 tag support.
|
||||||
*/
|
*/
|
||||||
public function cleanHtml($html='')
|
public function cleanHtml($html='')
|
||||||
{
|
{
|
||||||
if(!vartrue($html)){ return; }
|
if(!vartrue($html)){ return; }
|
||||||
|
|
||||||
$html = "<!doctype html><html><body>".$html."</body></html>"; // Set it up for processing.
|
$html = '<!DOCTYPE html ><html><head><meta charset="UTF-8"><title>html 5 test</title></head><body>'.$html.'</body></html>'; // Set it up for processing.
|
||||||
$doc = $this->domObj;
|
$doc = $this->domObj;
|
||||||
|
|
||||||
$doc->loadHTML($html);
|
$doc->loadHTML($html);
|
||||||
|
$doc->resolveExternals = true;
|
||||||
|
|
||||||
$tmp = $doc->getElementsByTagName('*');
|
$tmp = $doc->getElementsByTagName('*');
|
||||||
|
|
||||||
@@ -2615,8 +2618,10 @@ Some example text<br />
|
|||||||
<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
|
<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
|
||||||
<input onfocus=write(1) autofocus>
|
<input onfocus=write(1) autofocus>
|
||||||
<video poster=javascript:alert(1)//></video>
|
<video poster=javascript:alert(1)//></video>
|
||||||
|
<video>somemovei.mp4</video>
|
||||||
<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
|
<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
|
||||||
|
<a href='somewhere.html' src='invalidatrribute' />Test</a>
|
||||||
|
<article id="something">Some text goes here</article>
|
||||||
EOF;
|
EOF;
|
||||||
|
|
||||||
return $html;
|
return $html;
|
||||||
|
Reference in New Issue
Block a user