Set up configuration class, implement attr_id_blacklist

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@155 48356398-32a2-884e-a903-53898d9a118a
2025-07-30 19:00:10 +02:00 · 2006-08-04 01:47:48 +00:00
parent 66f6cdcf3f
commit a0ee772423
9 changed files with 95 additions and 22 deletions
--- a/library/HTMLPurifier.php
+++ b/library/HTMLPurifier.php
@@ -34,12 +34,9 @@ class HTMLPurifier
    
    /**
     * Initializes the purifier.
-     * 
-     * The constructor instantiates all necessary sub-objects to do the job,
-     * because creating some of them (esp. HTMLPurifier_Definition) can be
-     * expensive.
+     * @param $config Configuration for all instances of the purifier
     */
-    function HTMLPurifier() {
+    function HTMLPurifier($config = null) {
        // unimplemented
    }
    
@@ -47,9 +44,10 @@ class HTMLPurifier
     * Purifies HTML.
     * 
     * @param $html String of HTML to purify
+     * @param $config HTMLPurifier_Config object for this specific round
     * @return Purified HTML
     */
-    function purify($html) {
+    function purify($html, $config = null) {
        // unimplemented
    }
    
--- a/library/HTMLPurifier/Config.php
+++ b/library/HTMLPurifier/Config.php
@@ -0,0 +1,36 @@
+<?php
+
+// subclass this to add custom settings
+class HTMLPurifier_Config
+{
+    
+    // which ids do we not allow?
+    var $attr_id_blacklist = array();
+    
+    //////////////////////////////////////////////////////////////////////////
+    // all below properties have not been implemented yet
+    
+    // prefix all ids with this
+    var $attr_id_prefix = '';
+    
+    // if there's a prefix, we may want to transparently rewrite the
+    // URLs we parse too.  However, we can only do it when it's a pure
+    // anchor link, so it's not foolproof
+    var $attr_id_rewrite_urls = false;
+    
+    // determines how the classes array should be construed:
+    // blacklist - allow allow except those in $classes_blacklist
+    // whitelist - only allow those in $classes_whitelist
+    // when one is chosen, the other has no effect
+    var $attr_class_mode = 'blacklist';
+    var $attr_class_blacklist = array();
+    var $attr_class_whitelist = array();
+    
+    function createDefault() {
+        $config = new HTMLPurifier_Config();
+        return $config;
+    }
+    
+}
+
+?>
--- a/library/HTMLPurifier/Definition.php
+++ b/library/HTMLPurifier/Definition.php
@@ -43,9 +43,16 @@ class HTMLPurifier_Definition
    // used solely by HTMLPurifier_Strategy_RemoveForeignElements
    var $info_tag_transform = array();
    
-    function instance() {
+    // WARNING! Prototype is not passed by reference, so in order to get
+    // a copy of the real one, you'll have to destroy your copy and
+    // use instance() to get it.
+    // Usually, however, modifying the returned definition (reference) should be
+    // sufficient
+    function &instance($prototype = null) {
        static $instance = null;
-        if (!$instance) {
+        if ($prototype) {
+            $instance = $prototype;
+        } elseif (!$instance) {
            $instance = new HTMLPurifier_Definition();
            $instance->setup();
        }
--- a/library/HTMLPurifier/Strategy.php
+++ b/library/HTMLPurifier/Strategy.php
@@ -15,9 +15,10 @@ class HTMLPurifier_Strategy
     * Executes the strategy on the tokens.
     * 
     * @param $tokens Array of HTMLPurifier_Token objects to be operated on.
+     * @param $config Configuration options
     * @returns Processed array of token objects.
     */
-    function execute($tokens) {
+    function execute($tokens, $config = null) {
        trigger_error('Cannot call abstract function', E_USER_ERROR);
    }
    
--- a/library/HTMLPurifier/Strategy/Composite.php
+++ b/library/HTMLPurifier/Strategy/Composite.php
@@ -1,6 +1,7 @@
 <?php

 require_once 'HTMLPurifier/Strategy.php';
+require_once 'HTMLPurifier/Config.php';

 class HTMLPurifier_Strategy_Composite
 {
@@ -11,9 +12,10 @@ class HTMLPurifier_Strategy_Composite
        trigger_error('Attempt to instantiate abstract object', E_USER_ERROR);
    }
    
-    function execute($tokens) {
+    function execute($tokens, $config = null) {
+        if (!$config) $config = HTMLPurifier_Config::createDefault();
        foreach ($this->strategies as $strategy) {
-            $tokens = $strategy->execute($tokens);
+            $tokens = $strategy->execute($tokens, $config);
        }
        return $tokens;
    }
--- a/library/HTMLPurifier/Strategy/ValidateAttributes.php
+++ b/library/HTMLPurifier/Strategy/ValidateAttributes.php
@@ -13,9 +13,18 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
        $this->definition = HTMLPurifier_Definition::instance();
    }
    
-    function execute($tokens) {
+    function execute($tokens, $config = null) {
+        
+        // load default configuration object if none passed
+        if (!$config) $config = HTMLPurifier_Config::createDefault();
+        
+        // setup ID accumulator and load it with blacklisted IDs
        $accumulator = new HTMLPurifier_IDAccumulator();
+        $accumulator->load($config->attr_id_blacklist);
+        
+        // DEFINITION CALL
        $d_defs = $this->definition->info_global_attr;
+        
        foreach ($tokens as $key => $token) {
            if ($token->type !== 'start' && $token->type !== 'end') continue;