mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-03 04:37:39 +02:00
Commit live demo, implement unified interface, and fix some security bugs (involving forgotten calls to strategies).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
@@ -12,6 +12,12 @@ HTMLPurifier_ConfigDef::define(
|
||||
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
var $required = false;
|
||||
|
||||
function HTMLPurifier_AttrDef_URI($required = false) {
|
||||
$this->required = $required;
|
||||
}
|
||||
|
||||
function validate($uri, $config, &$context) {
|
||||
|
||||
// We'll write stack-based parsers later, for now, use regexps to
|
||||
@@ -47,7 +53,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
||||
// retrieve the specific scheme object from the registry
|
||||
$scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
|
||||
$scheme_obj =& $registry->getScheme($scheme, $config);
|
||||
if (!$scheme_obj) return false; // invalid scheme, clean it out
|
||||
if (!$scheme_obj) return $this->required ? '' : false; // invalid scheme, clean it out
|
||||
} else {
|
||||
$scheme_obj =& $registry->getScheme(
|
||||
$config->get('URI', 'DefaultScheme'), $config
|
||||
|
||||
@@ -1,5 +1,10 @@
|
||||
<?php
|
||||
|
||||
require_once 'HTMLPurifier/AttrDef/Enum.php';
|
||||
require_once 'HTMLPurifier/AttrDef/Color.php';
|
||||
require_once 'HTMLPurifier/AttrDef/Composite.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSSLength.php';
|
||||
|
||||
class HTMLPurifier_CSSDefinition
|
||||
{
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@ require_once 'HTMLPurifier/AttrDef.php';
|
||||
require_once 'HTMLPurifier/AttrDef/MultiLength.php';
|
||||
require_once 'HTMLPurifier/AttrDef/NumberSpan.php';
|
||||
require_once 'HTMLPurifier/AttrDef/URI.php';
|
||||
require_once 'HTMLPurifier/AttrDef/CSS.php';
|
||||
require_once 'HTMLPurifier/AttrTransform.php';
|
||||
require_once 'HTMLPurifier/AttrTransform/Lang.php';
|
||||
require_once 'HTMLPurifier/AttrTransform/TextAlign.php';
|
||||
@@ -315,12 +316,13 @@ class HTMLPurifier_Definition
|
||||
$e_URI = new HTMLPurifier_AttrDef_URI();
|
||||
$this->info['a']->attr['href'] =
|
||||
$this->info['img']->attr['longdesc'] =
|
||||
$this->info['img']->attr['src'] =
|
||||
$this->info['del']->attr['cite'] =
|
||||
$this->info['ins']->attr['cite'] =
|
||||
$this->info['blockquote']->attr['cite'] =
|
||||
$this->info['q']->attr['cite'] = $e_URI;
|
||||
|
||||
$this->info['img']->attr['src'] = new HTMLPurifier_AttrDef_URI(true);
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
// UNIMP : info_tag_transform : transformations of tags
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@ require_once 'HTMLPurifier/Strategy/Composite.php';
|
||||
require_once 'HTMLPurifier/Strategy/RemoveForeignElements.php';
|
||||
require_once 'HTMLPurifier/Strategy/MakeWellFormed.php';
|
||||
require_once 'HTMLPurifier/Strategy/FixNesting.php';
|
||||
require_once 'HTMLPurifier/Strategy/ValidateAttributes.php';
|
||||
|
||||
class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
|
||||
{
|
||||
@@ -13,6 +14,7 @@ class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
|
||||
$this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
|
||||
$this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
|
||||
$this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
|
||||
$this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user