mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-06 06:07:26 +02:00
[3.1.0] Deprecate addFilter; set up Filter namespace
- Added EXTERNAL dependency config-schema value - Fix safe bug in Printer_HTMLDefinition - Fixed broken smoketests git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1669 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
@@ -62,8 +62,8 @@ class HTMLPurifier
|
||||
/** Global configuration object */
|
||||
public $config;
|
||||
|
||||
/** Array of HTMLPurifier_Filter objects to run on HTML */
|
||||
public $filters = array();
|
||||
/** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
|
||||
private $filters = array();
|
||||
|
||||
/** Single instance of HTML Purifier */
|
||||
private static $instance;
|
||||
@@ -98,6 +98,7 @@ class HTMLPurifier
|
||||
* @param $filter HTMLPurifier_Filter object
|
||||
*/
|
||||
public function addFilter($filter) {
|
||||
trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
|
||||
$this->filters[] = $filter;
|
||||
}
|
||||
|
||||
@@ -144,8 +145,25 @@ class HTMLPurifier
|
||||
|
||||
$html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
|
||||
|
||||
for ($i = 0, $size = count($this->filters); $i < $size; $i++) {
|
||||
$html = $this->filters[$i]->preFilter($html, $config, $context);
|
||||
// setup filters
|
||||
$filter_flags = $config->getBatch('Filter');
|
||||
$custom_filters = $filter_flags['Custom'];
|
||||
unset($filter_flags['Custom']);
|
||||
$filters = array();
|
||||
foreach ($filter_flags as $filter => $flag) {
|
||||
if (!$flag) continue;
|
||||
$class = "HTMLPurifier_Filter_$filter";
|
||||
$filters[] = new $class;
|
||||
}
|
||||
foreach ($custom_filters as $filter) {
|
||||
// maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
|
||||
$filters[] = $filter;
|
||||
}
|
||||
$filters = array_merge($filters, $this->filters);
|
||||
// maybe prepare(), but later
|
||||
|
||||
for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
|
||||
$html = $filters[$i]->preFilter($html, $config, $context);
|
||||
}
|
||||
|
||||
// purified HTML
|
||||
@@ -163,8 +181,8 @@ class HTMLPurifier
|
||||
$config, $context
|
||||
);
|
||||
|
||||
for ($i = $size - 1; $i >= 0; $i--) {
|
||||
$html = $this->filters[$i]->postFilter($html, $config, $context);
|
||||
for ($i = $filter_size - 1; $i >= 0; $i--) {
|
||||
$html = $filters[$i]->postFilter($html, $config, $context);
|
||||
}
|
||||
|
||||
$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
|
||||
|
||||
@@ -80,6 +80,11 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
|
||||
}
|
||||
$this->writeElement('default', $this->export($directive->default));
|
||||
$this->writeAttribute('xml:space', 'preserve');
|
||||
if ($directive->external) {
|
||||
$this->startElement('external');
|
||||
foreach ($directive->external as $project) $this->writeElement('project', $project);
|
||||
$this->endElement();
|
||||
}
|
||||
$this->endElement(); // constraints
|
||||
|
||||
if ($directive->deprecatedVersion) {
|
||||
|
||||
@@ -67,5 +67,9 @@ class HTMLPurifier_ConfigSchema_Interchange_Directive
|
||||
*/
|
||||
public $deprecatedVersion;
|
||||
|
||||
/**
|
||||
* List of external projects this directive depends on, e.g. array('CSSTidy').
|
||||
*/
|
||||
public $external = array();
|
||||
|
||||
}
|
||||
|
||||
@@ -120,6 +120,10 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
|
||||
$directive->deprecatedVersion = $hash->offsetGet('DEPRECATED-VERSION');
|
||||
}
|
||||
|
||||
if (isset($hash['EXTERNAL'])) {
|
||||
$directive->external = preg_split('/\s*,\s*/', trim($hash->offsetGet('EXTERNAL')));
|
||||
}
|
||||
|
||||
$interchange->addDirective($directive);
|
||||
}
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
10
library/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
Normal file
10
library/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
Normal file
@@ -0,0 +1,10 @@
|
||||
Filter.Custom
|
||||
TYPE: list
|
||||
VERSION: 3.1.0
|
||||
DEFAULT: array()
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
This directive can be used to add custom filters; it is nearly the
|
||||
equivalent of the now deprecated <code>HTMLPurifier->addFilter()</code>
|
||||
method. Specify an array of concrete implementations.
|
||||
</p>
|
||||
@@ -0,0 +1,23 @@
|
||||
Filter.ExtractStyleBlocks
|
||||
TYPE: bool
|
||||
VERSION: 3.1.0
|
||||
DEFAULT: false
|
||||
EXTERNAL: CSSTidy
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
This directive turns on the style block extraction filter, which removes
|
||||
<code>style</code> blocks from input HTML, cleans them up with CSSTidy,
|
||||
and places them in the <code>StyleBlocks</code> context variable, for further
|
||||
use by you, usually to be placed in an external stylesheet, or a
|
||||
<code>style</code> block in the <code>head</code> of your document.
|
||||
</p>
|
||||
<p>
|
||||
Sample usage:
|
||||
</p>
|
||||
<pre><![CDATA[$config = HTMLPurifier_Config::createDefault();
|
||||
$config->set('Filter', 'ExtractStyleBlocks', true);
|
||||
$purifier = new HTMLPurifier($config);
|
||||
$styles = $purifier->context->get('StyleBlocks');
|
||||
foreach ($styles as $style) {
|
||||
echo '<style type="text/css">' . $style . "</style>\n";
|
||||
}]]></pre>
|
||||
10
library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
Normal file
10
library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
Normal file
@@ -0,0 +1,10 @@
|
||||
Filter.YouTube
|
||||
TYPE: bool
|
||||
VERSION: 3.1.0
|
||||
DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
This directive enables YouTube video embedding in HTML Purifier. Check
|
||||
<a href="http://htmlpurifier.org/docs/enduser-youtube.html">this document
|
||||
on embedding videos</a> for more information on what this filter does.
|
||||
</p>
|
||||
@@ -1,2 +1,2 @@
|
||||
Filter
|
||||
DESCRIPTION: Configuration for filters
|
||||
DESCRIPTION: Directives for turning filters on and off, or specifying custom filters.
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
Filter.ExtractStyleBlocksEscaping
|
||||
FilterParam.ExtractStyleBlocksEscaping
|
||||
TYPE: bool
|
||||
VERSION: 3.0.0
|
||||
DEFAULT: true
|
||||
ALIASES: Filter.ExtractStyleBlocksEscaping
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
@@ -1,7 +1,8 @@
|
||||
Filter.ExtractStyleBlocksScope
|
||||
FilterParam.ExtractStyleBlocksScope
|
||||
TYPE: string/null
|
||||
VERSION: 3.0.0
|
||||
DEFAULT: NULL
|
||||
ALIASES: Filter.ExtractStyleBlocksScope
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
@@ -0,0 +1,14 @@
|
||||
FilterParam.ExtractStyleBlocksTidyImpl
|
||||
TYPE: mixed/null
|
||||
VERSION: 3.1.0
|
||||
DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
If left NULL, HTML Purifier will attempt to instantiate a <code>csstidy</code>
|
||||
class to use for internal cleaning. This will usually be good enough.
|
||||
</p>
|
||||
<p>
|
||||
However, for trusted user input, you can set this to <code>false</code> to
|
||||
disable cleaning. In addition, you can supply your own concrete implementation
|
||||
of Tidy's interface to use, although I don't know why you'd want to do that.
|
||||
</p>
|
||||
2
library/HTMLPurifier/ConfigSchema/schema/FilterParam.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/schema/FilterParam.txt
Normal file
@@ -0,0 +1,2 @@
|
||||
FilterParam
|
||||
DESCRIPTION: Configuration for filters.
|
||||
@@ -21,14 +21,8 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
|
||||
private $_styleMatches = array();
|
||||
private $_tidy;
|
||||
|
||||
/**
|
||||
* @param $tidy
|
||||
* Instance of csstidy to use, false to turn off cleaning,
|
||||
* and null to automatically instantiate
|
||||
*/
|
||||
public function __construct($tidy = null) {
|
||||
if ($tidy === null) $tidy = new csstidy();
|
||||
$this->_tidy = $tidy;
|
||||
public function __construct() {
|
||||
$this->_tidy = new csstidy();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -44,6 +38,8 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
|
||||
* @todo Extend to indicate non-text/css style blocks
|
||||
*/
|
||||
public function preFilter($html, $config, $context) {
|
||||
$tidy = $config->get('FilterParam', 'ExtractStyleBlocksTidyImpl');
|
||||
if ($tidy !== null) $this->_tidy = $tidy;
|
||||
$html = preg_replace_callback('#<style(?:\s.*)?>(.+)</style>#isU', array($this, 'styleCallback'), $html);
|
||||
$style_blocks = $this->_styleMatches;
|
||||
$this->_styleMatches = array(); // reset
|
||||
@@ -66,7 +62,7 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
|
||||
*/
|
||||
public function cleanCSS($css, $config, $context) {
|
||||
// prepare scope
|
||||
$scope = $config->get('Filter', 'ExtractStyleBlocksScope');
|
||||
$scope = $config->get('FilterParam', 'ExtractStyleBlocksScope');
|
||||
if ($scope !== null) {
|
||||
$scopes = array_map('trim', explode(',', $scope));
|
||||
} else {
|
||||
@@ -124,7 +120,7 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
|
||||
$css = $this->_tidy->print->plain();
|
||||
// we are going to escape any special characters <>& to ensure
|
||||
// that no funny business occurs (i.e. </style> in a font-family prop).
|
||||
if ($config->get('Filter', 'ExtractStyleBlocksEscaping')) {
|
||||
if ($config->get('FilterParam', 'ExtractStyleBlocksEscaping')) {
|
||||
$css = str_replace(
|
||||
array('<', '>', '&'),
|
||||
array('\3C ', '\3E ', '\26 '),
|
||||
|
||||
@@ -118,7 +118,7 @@ class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
|
||||
$ret .= $this->end('tr');
|
||||
foreach ($this->def->info as $name => $def) {
|
||||
$ret .= $this->start('tr');
|
||||
$ret .= $this->element('th', "<$name>" . ($def->safe ? '' : ' (unsafe)'), array('class'=>'heavy' . ($def->safe ? '' : ' unsafe'), 'colspan' => 2));
|
||||
$ret .= $this->element('th', "<$name>", array('class'=>'heavy', 'colspan' => 2));
|
||||
$ret .= $this->end('tr');
|
||||
$ret .= $this->start('tr');
|
||||
$ret .= $this->element('th', 'Inline content');
|
||||
|
||||
Reference in New Issue
Block a user