mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-22 21:53:32 +02:00
Code Issues Releases Wiki Activity

Merged r608-621 for 1.3.2 release from trunk.

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/1.3@622 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2006-12-26 17:10:29 +00:00
parent 3b979ee846
commit 54f615f1d3
14 changed files with 405 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
smoketests/preserveYouTube.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
require_once 'common.php';
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>HTML Purifier Preserve YouTube Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>HTML Purifier Preserve YouTube Smoketest</h1>
<?php
class HTMLPurifierX_PreserveYouTube extends HTMLPurifier
{
function purify($html, $config = null) {
$pre_regex = '#<object[^>]+>.+?'.
'http://www.youtube.com/v/([A-Za-z0-9]+).+?</object>#';
$pre_replace = '<span class="youtube-embed">\1</span>';
$html = preg_replace($pre_regex, $pre_replace, $html);
$html = parent::purify($html, $config);
$post_regex = '#<span class="youtube-embed">([A-Za-z0-9]+)</span>#';
$post_replace = '<object width="425" height="350" '.
'data="http://www.youtube.com/v/\1">'.
'<param name="movie" value="http://www.youtube.com/v/\1"></param>'.
'<param name="wmode" value="transparent"></param>'.
'<!--[if IE]>'.
'<embed src="http://www.youtube.com/v/\1"'.
'type="application/x-shockwave-flash"'.
'wmode="transparent" width="425" height="350" />'.
'<![endif]-->'.
'</object>';
$html = preg_replace($post_regex, $post_replace, $html);
return $html;
}
}
$string = '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/JzqumbhfxRo"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/JzqumbhfxRo" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>';
$regular_purifier = new HTMLPurifier();
$youtube_purifier = new HTMLPurifierX_PreserveYouTube();
?>
<h2>Unpurified</h2>
<p><a href="?break">Click here to see the unpurified version (breaks validation).</a></p>
<div><?php
if (isset($_GET['break'])) echo $string;
?></div>
<h2>Without YouTube exception</h2>
<div><?php
echo $regular_purifier->purify($string);
?></div>
<h2>With YouTube exception</h2>
<div><?php
echo $youtube_purifier->purify($string);
?></div>
</body>
</html>

37
smoketests/printDefinition.php
View File

@@ -36,6 +36,7 @@ echo '<?xml version="1.0" encoding="UTF-8" ?>';
<style type="text/css">
form table {margin:1em auto;}
form th {text-align:right;padding-right:1em;}
form .c {display:none;}
.HTMLPurifier_Printer table {border-collapse:collapse;
border:1px solid #000; width:600px;
margin:1em auto;font-family:sans-serif;font-size:75%;}
@@ -62,11 +63,9 @@ influences the internal workings of the definition objects.</p>
<p>You can specify an array by typing in a comma-separated
list of items, HTML Purifier will take care of the rest (including
transformation into a real array list or a lookup table). If a
directive can be set to null, that usually means that the feature
is disabled when it is null (not that, say, no tags are allowed).</p>
transformation into a real array list or a lookup table).</p>
<form id="edit-config" method="get" action="printDefinition.php">
<form id="edit-config" name="edit-config" method="get" action="printDefinition.php">
<table>
<?php
$directives = $config->getBatch('HTML');
@@ -91,27 +90,31 @@ is disabled when it is null (not that, say, no tags are allowed).</p>
<tr>
<th>
<a href="http://hp.jpsband.org/live/configdoc/plain.html#<?php echo $directive ?>">
%<?php echo $directive; ?>
<label for="<?php echo $directive; ?>">%<?php echo $directive; ?></label>
</a>
</th>
<td>
<?php if (is_bool($value)) { ?>
Yes <input type="radio" name="<?php echo $directive; ?>" value="1"<?php if ($value) { ?> checked="checked"<?php } ?> /> &nbsp;
No <input type="radio" name="<?php echo $directive; ?>" value="0"<?php if (!$value) { ?> checked="checked"<?php } ?> />
<label for="Yes_<?php echo $directive; ?>"><span class="c">%<?php echo $directive; ?>:</span> Yes</label>
<input type="radio" name="<?php echo $directive; ?>" id="Yes_<?php echo $directive; ?>" value="1"<?php if ($value) { ?> checked="checked"<?php } ?> /> &nbsp;
<label for="No_<?php echo $directive; ?>"><span class="c">%<?php echo $directive; ?>:</span> No</label>
<input type="radio" name="<?php echo $directive; ?>" id="No_<?php echo $directive; ?>" value="0"<?php if (!$value) { ?> checked="checked"<?php } ?> />
<?php } else { ?>
<?php if($allow_null) { ?>
Null/Disabled <input
type="checkbox"
value="1"
onclick="toggleWriteability('<?php echo $directive ?>',checked)"
name="Null_<?php echo $directive; ?>"
<?php if ($value === null) { ?> checked="checked"<?php } ?>
/> or <br />
<label for="Null_<?php echo $directive; ?>"><span class="c">%<?php echo $directive; ?>:</span> Null/Disabled*</label>
<input
type="checkbox"
value="1"
onclick="toggleWriteability('<?php echo $directive ?>',checked)"
name="Null_<?php echo $directive; ?>"
id="Null_<?php echo $directive; ?>"
<?php if ($value === null) { ?> checked="checked"<?php } ?>
/> or <br />
<?php } ?>
<input
type="text"
id="<?php echo $directive; ?>"
name="<?php echo $directive; ?>"
id="<?php echo $directive; ?>"
value="<?php echo escapeHTML($value); ?>"
<?php if($value === null) {echo 'disabled="disabled"';} ?>
/>
@@ -128,6 +131,10 @@ is disabled when it is null (not that, say, no tags are allowed).</p>
</td>
</tr>
</table>
<p>* Some configuration directives make a distinction between an empty
variable and a null variable. A whitelist, for example, will take an
empty array as meaning <em>no</em> allowed elements, while checking
Null/Disabled will mean that user whitelisting functionality is disabled.</p>
</form>
<h2>HTMLDefinition</h2>
<?php echo $printer_html_definition->render($config) ?>