mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-06 22:26:31 +02:00
Compare commits
19 Commits
v2.1.2
...
v2.1.2-str
| Author | SHA1 | Date | |
|---|---|---|---|
|
b3f0e6c86c | ||
|
|
80c60bb9b5 | ||
|
|
503e76081b | ||
|
|
678a593e62 | ||
|
|
495164e938 | ||
|
|
42858ad594 | ||
|
|
5ecb11f19a | ||
|
|
0101311193 | ||
|
|
c35eb3e95f | ||
|
|
b829e76bbf | ||
|
|
e967680250 | ||
|
|
dd2fd06591 | ||
|
|
cec7a1c087 | ||
|
|
c2d3d5b859 | ||
|
|
9a84e11f34 | ||
|
|
37ea1673dd | ||
|
|
5395d8b4bd | ||
|
|
c980e76197 | ||
|
|
2bf912d528 |
12
INSTALL
12
INSTALL
@@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
Install
|
Install
|
||||||
How to install HTML Purifier
|
How to install HTML Purifier
|
||||||
|
|
||||||
@@ -9,6 +8,8 @@ down to the bottom of this INSTALL document to see the code, but you really
|
|||||||
should make sure a few things are properly done.
|
should make sure a few things are properly done.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1. Compatibility
|
1. Compatibility
|
||||||
|
|
||||||
HTML Purifier works in both PHP 4 and PHP 5, from PHP 4.3.2 and up. It has no
|
HTML Purifier works in both PHP 4 and PHP 5, from PHP 4.3.2 and up. It has no
|
||||||
@@ -69,6 +70,10 @@ the doctype from this code in your HTML documents:
|
|||||||
For legacy codebases these declarations may be missing. If that is the case,
|
For legacy codebases these declarations may be missing. If that is the case,
|
||||||
STOP, and read docs/enduser-utf8.html
|
STOP, and read docs/enduser-utf8.html
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
You may currently be vulnerable to XSS and other security threats, and HTML
|
You may currently be vulnerable to XSS and other security threats, and HTML
|
||||||
Purifier won't be able to fix that.
|
Purifier won't be able to fix that.
|
||||||
|
|
||||||
@@ -118,6 +123,9 @@ reason, I do not include the solution in this document).
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
4.2. Setting a different doctype
|
4.2. Setting a different doctype
|
||||||
|
|
||||||
For those of you using HTML 4.01 Transitional, you can disable
|
For those of you using HTML 4.01 Transitional, you can disable
|
||||||
@@ -127,6 +135,7 @@ XHTML output like this:
|
|||||||
|
|
||||||
Other supported doctypes include:
|
Other supported doctypes include:
|
||||||
|
|
||||||
|
|
||||||
* HTML 4.01 Strict
|
* HTML 4.01 Strict
|
||||||
* HTML 4.01 Transitional
|
* HTML 4.01 Transitional
|
||||||
* XHTML 1.0 Strict
|
* XHTML 1.0 Strict
|
||||||
@@ -227,4 +236,3 @@ hit):
|
|||||||
Or move the cache directory somewhere else (no trailing slash):
|
Or move the cache directory somewhere else (no trailing slash):
|
||||||
|
|
||||||
$config->set('Cache', 'SerializerPath', '/home/user/absolute/path');
|
$config->set('Cache', 'SerializerPath', '/home/user/absolute/path');
|
||||||
|
|
||||||
|
|||||||
4
NEWS
4
NEWS
@@ -249,6 +249,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
%Attr.IDBlacklistRegexp
|
%Attr.IDBlacklistRegexp
|
||||||
- Error messages are emitted when you attempt to "allow" elements or
|
- Error messages are emitted when you attempt to "allow" elements or
|
||||||
attributes that HTML Purifier does not support
|
attributes that HTML Purifier does not support
|
||||||
|
|
||||||
|
|
||||||
- Fix segfault in unit test. The problem is not very reproduceable and
|
- Fix segfault in unit test. The problem is not very reproduceable and
|
||||||
I don't know what causes it, but a six line patch fixed it.
|
I don't know what causes it, but a six line patch fixed it.
|
||||||
|
|
||||||
@@ -447,4 +449,4 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
! First public release, most functionality implemented. Notable omissions are:
|
! First public release, most functionality implemented. Notable omissions are:
|
||||||
+ Shorthand CSS properties
|
+ Shorthand CSS properties
|
||||||
+ Table CSS properties
|
+ Table CSS properties
|
||||||
+ Deprecated attribute transformations
|
+ Deprecated attribute transformations
|
||||||
1
TODO
1
TODO
@@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
TODO List
|
TODO List
|
||||||
|
|
||||||
= KEY ====================
|
= KEY ====================
|
||||||
|
|||||||
@@ -199,10 +199,10 @@ class HTMLPurifier
|
|||||||
/**
|
/**
|
||||||
* Singleton for enforcing just one HTML Purifier in your system
|
* Singleton for enforcing just one HTML Purifier in your system
|
||||||
*/
|
*/
|
||||||
function &getInstance($prototype = null) {
|
static function &getInstance($prototype = null) {
|
||||||
static $htmlpurifier;
|
static $htmlpurifier;
|
||||||
if (!$htmlpurifier || $prototype) {
|
if (!$htmlpurifier || $prototype) {
|
||||||
if (is_a($prototype, 'HTMLPurifier')) {
|
if ($prototype instanceof HTMLPurifier) {
|
||||||
$htmlpurifier = $prototype;
|
$htmlpurifier = $prototype;
|
||||||
} elseif ($prototype) {
|
} elseif ($prototype) {
|
||||||
$htmlpurifier = new HTMLPurifier($prototype);
|
$htmlpurifier = new HTMLPurifier($prototype);
|
||||||
|
|||||||
@@ -99,11 +99,8 @@ class HTMLPurifier_Config
|
|||||||
* or a string filename of an ini file.
|
* or a string filename of an ini file.
|
||||||
* @return Configured HTMLPurifier_Config object
|
* @return Configured HTMLPurifier_Config object
|
||||||
*/
|
*/
|
||||||
function create($config) {
|
static function create($config) {
|
||||||
if (is_a($config, 'HTMLPurifier_Config')) {
|
if ($config instanceof HTMLPurifier_Config) return $config;
|
||||||
// pass-through
|
|
||||||
return $config;
|
|
||||||
}
|
|
||||||
$ret = HTMLPurifier_Config::createDefault();
|
$ret = HTMLPurifier_Config::createDefault();
|
||||||
if (is_string($config)) $ret->loadIni($config);
|
if (is_string($config)) $ret->loadIni($config);
|
||||||
elseif (is_array($config)) $ret->loadArray($config);
|
elseif (is_array($config)) $ret->loadArray($config);
|
||||||
@@ -115,7 +112,7 @@ class HTMLPurifier_Config
|
|||||||
* @static
|
* @static
|
||||||
* @return Default HTMLPurifier_Config object.
|
* @return Default HTMLPurifier_Config object.
|
||||||
*/
|
*/
|
||||||
function createDefault() {
|
static function createDefault() {
|
||||||
$definition =& HTMLPurifier_ConfigSchema::instance();
|
$definition =& HTMLPurifier_ConfigSchema::instance();
|
||||||
$config = new HTMLPurifier_Config($definition);
|
$config = new HTMLPurifier_Config($definition);
|
||||||
return $config;
|
return $config;
|
||||||
@@ -368,7 +365,7 @@ class HTMLPurifier_Config
|
|||||||
* @param $allowed List of allowed namespaces/directives
|
* @param $allowed List of allowed namespaces/directives
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function getAllowedDirectivesForForm($allowed) {
|
static function getAllowedDirectivesForForm($allowed) {
|
||||||
$schema = HTMLPurifier_ConfigSchema::instance();
|
$schema = HTMLPurifier_ConfigSchema::instance();
|
||||||
if ($allowed !== true) {
|
if ($allowed !== true) {
|
||||||
if (is_string($allowed)) $allowed = array($allowed);
|
if (is_string($allowed)) $allowed = array($allowed);
|
||||||
@@ -413,7 +410,7 @@ class HTMLPurifier_Config
|
|||||||
* @param $mq_fix Boolean whether or not to enable magic quotes fix
|
* @param $mq_fix Boolean whether or not to enable magic quotes fix
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
static function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||||
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
|
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix);
|
||||||
$config = HTMLPurifier_Config::create($ret);
|
$config = HTMLPurifier_Config::create($ret);
|
||||||
return $config;
|
return $config;
|
||||||
@@ -433,7 +430,7 @@ class HTMLPurifier_Config
|
|||||||
* strict parts of HTMLPurifier_Config
|
* strict parts of HTMLPurifier_Config
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
static function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true) {
|
||||||
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
|
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
|
||||||
$mq = get_magic_quotes_gpc() && $mq_fix;
|
$mq = get_magic_quotes_gpc() && $mq_fix;
|
||||||
|
|
||||||
|
|||||||
@@ -82,7 +82,7 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
* Retrieves an instance of the application-wide configuration definition.
|
* Retrieves an instance of the application-wide configuration definition.
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function &instance($prototype = null) {
|
static function &instance($prototype = null) {
|
||||||
static $instance;
|
static $instance;
|
||||||
if ($prototype !== null) {
|
if ($prototype !== null) {
|
||||||
$instance = $prototype;
|
$instance = $prototype;
|
||||||
@@ -104,7 +104,7 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
* HTMLPurifier_DirectiveDef::$type for allowed values
|
* HTMLPurifier_DirectiveDef::$type for allowed values
|
||||||
* @param $description Description of directive for documentation
|
* @param $description Description of directive for documentation
|
||||||
*/
|
*/
|
||||||
function define($namespace, $name, $default, $type, $description) {
|
static function define($namespace, $name, $default, $type, $description) {
|
||||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||||
|
|
||||||
// basic sanity checks
|
// basic sanity checks
|
||||||
@@ -177,7 +177,7 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
* @param $namespace Namespace's name
|
* @param $namespace Namespace's name
|
||||||
* @param $description Description of the namespace
|
* @param $description Description of the namespace
|
||||||
*/
|
*/
|
||||||
function defineNamespace($namespace, $description) {
|
static function defineNamespace($namespace, $description) {
|
||||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||||
if (HTMLPURIFIER_SCHEMA_STRICT) {
|
if (HTMLPURIFIER_SCHEMA_STRICT) {
|
||||||
if (isset($def->info[$namespace])) {
|
if (isset($def->info[$namespace])) {
|
||||||
@@ -212,7 +212,7 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
* @param $alias Name of aliased value
|
* @param $alias Name of aliased value
|
||||||
* @param $real Value aliased value will be converted into
|
* @param $real Value aliased value will be converted into
|
||||||
*/
|
*/
|
||||||
function defineValueAliases($namespace, $name, $aliases) {
|
static function defineValueAliases($namespace, $name, $aliases) {
|
||||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||||
if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
|
if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
|
||||||
trigger_error('Cannot set value alias for non-existant directive',
|
trigger_error('Cannot set value alias for non-existant directive',
|
||||||
@@ -245,7 +245,7 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
* @param $name Name of directive
|
* @param $name Name of directive
|
||||||
* @param $allowed_values Arraylist of allowed values
|
* @param $allowed_values Arraylist of allowed values
|
||||||
*/
|
*/
|
||||||
function defineAllowedValues($namespace, $name, $allowed_values) {
|
static function defineAllowedValues($namespace, $name, $allowed_values) {
|
||||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||||
if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
|
if (HTMLPURIFIER_SCHEMA_STRICT && !isset($def->info[$namespace][$name])) {
|
||||||
trigger_error('Cannot define allowed values for undefined directive',
|
trigger_error('Cannot define allowed values for undefined directive',
|
||||||
@@ -285,7 +285,7 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
* @param $new_namespace
|
* @param $new_namespace
|
||||||
* @param $new_name Directive that the alias will be to
|
* @param $new_name Directive that the alias will be to
|
||||||
*/
|
*/
|
||||||
function defineAlias($namespace, $name, $new_namespace, $new_name) {
|
static function defineAlias($namespace, $name, $new_namespace, $new_name) {
|
||||||
$def =& HTMLPurifier_ConfigSchema::instance();
|
$def =& HTMLPurifier_ConfigSchema::instance();
|
||||||
if (HTMLPURIFIER_SCHEMA_STRICT) {
|
if (HTMLPURIFIER_SCHEMA_STRICT) {
|
||||||
if (!isset($def->info[$namespace])) {
|
if (!isset($def->info[$namespace])) {
|
||||||
@@ -428,7 +428,7 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
*/
|
*/
|
||||||
function isError($var) {
|
function isError($var) {
|
||||||
if (!is_object($var)) return false;
|
if (!is_object($var)) return false;
|
||||||
if (!is_a($var, 'HTMLPurifier_Error')) return false;
|
if (!($var instanceof HTMLPurifier_Error)) return false;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ class HTMLPurifier_DefinitionCacheFactory
|
|||||||
* Retrieves an instance of global definition cache factory.
|
* Retrieves an instance of global definition cache factory.
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function &instance($prototype = null) {
|
static function &instance($prototype = null) {
|
||||||
static $instance;
|
static $instance;
|
||||||
if ($prototype !== null) {
|
if ($prototype !== null) {
|
||||||
$instance = $prototype;
|
$instance = $prototype;
|
||||||
|
|||||||
@@ -110,7 +110,7 @@ class HTMLPurifier_ElementDef
|
|||||||
* Low-level factory constructor for creating new standalone element defs
|
* Low-level factory constructor for creating new standalone element defs
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function create($safe, $content_model, $content_model_type, $attr) {
|
static function create($safe, $content_model, $content_model_type, $attr) {
|
||||||
$def = new HTMLPurifier_ElementDef();
|
$def = new HTMLPurifier_ElementDef();
|
||||||
$def->safe = (bool) $safe;
|
$def->safe = (bool) $safe;
|
||||||
$def->content_model = $content_model;
|
$def->content_model = $content_model;
|
||||||
|
|||||||
@@ -88,7 +88,7 @@ class HTMLPurifier_Encoder
|
|||||||
* would need that, and I'm probably not going to implement them.
|
* would need that, and I'm probably not going to implement them.
|
||||||
* Once again, PHP 6 should solve all our problems.
|
* Once again, PHP 6 should solve all our problems.
|
||||||
*/
|
*/
|
||||||
function cleanUTF8($str, $force_php = false) {
|
static function cleanUTF8($str, $force_php = false) {
|
||||||
|
|
||||||
static $non_sgml_chars = array();
|
static $non_sgml_chars = array();
|
||||||
if (empty($non_sgml_chars)) {
|
if (empty($non_sgml_chars)) {
|
||||||
@@ -271,7 +271,7 @@ class HTMLPurifier_Encoder
|
|||||||
// | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
|
// | 00000000 | 00010000 | 11111111 | 11111111 | Defined upper limit of legal scalar codes
|
||||||
// +----------+----------+----------+----------+
|
// +----------+----------+----------+----------+
|
||||||
|
|
||||||
function unichr($code) {
|
static function unichr($code) {
|
||||||
if($code > 1114111 or $code < 0 or
|
if($code > 1114111 or $code < 0 or
|
||||||
($code >= 55296 and $code <= 57343) ) {
|
($code >= 55296 and $code <= 57343) ) {
|
||||||
// bits are set outside the "valid" range as defined
|
// bits are set outside the "valid" range as defined
|
||||||
@@ -312,7 +312,7 @@ class HTMLPurifier_Encoder
|
|||||||
* Converts a string to UTF-8 based on configuration.
|
* Converts a string to UTF-8 based on configuration.
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function convertToUTF8($str, $config, &$context) {
|
static function convertToUTF8($str, $config, &$context) {
|
||||||
static $iconv = null;
|
static $iconv = null;
|
||||||
if ($iconv === null) $iconv = function_exists('iconv');
|
if ($iconv === null) $iconv = function_exists('iconv');
|
||||||
$encoding = $config->get('Core', 'Encoding');
|
$encoding = $config->get('Core', 'Encoding');
|
||||||
@@ -331,7 +331,7 @@ class HTMLPurifier_Encoder
|
|||||||
* @note Currently, this is a lossy conversion, with unexpressable
|
* @note Currently, this is a lossy conversion, with unexpressable
|
||||||
* characters being omitted.
|
* characters being omitted.
|
||||||
*/
|
*/
|
||||||
function convertFromUTF8($str, $config, &$context) {
|
static function convertFromUTF8($str, $config, &$context) {
|
||||||
static $iconv = null;
|
static $iconv = null;
|
||||||
if ($iconv === null) $iconv = function_exists('iconv');
|
if ($iconv === null) $iconv = function_exists('iconv');
|
||||||
$encoding = $config->get('Core', 'Encoding');
|
$encoding = $config->get('Core', 'Encoding');
|
||||||
@@ -364,7 +364,7 @@ class HTMLPurifier_Encoder
|
|||||||
* @note Sort of with cleanUTF8() but it assumes that $str is
|
* @note Sort of with cleanUTF8() but it assumes that $str is
|
||||||
* well-formed UTF-8
|
* well-formed UTF-8
|
||||||
*/
|
*/
|
||||||
function convertToASCIIDumbLossless($str) {
|
static function convertToASCIIDumbLossless($str) {
|
||||||
$bytesleft = 0;
|
$bytesleft = 0;
|
||||||
$result = '';
|
$result = '';
|
||||||
$working = 0;
|
$working = 0;
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ class HTMLPurifier_EntityLookup {
|
|||||||
* @static
|
* @static
|
||||||
* @param Optional prototype of custom lookup table to overload with.
|
* @param Optional prototype of custom lookup table to overload with.
|
||||||
*/
|
*/
|
||||||
function instance($prototype = false) {
|
static function instance($prototype = false) {
|
||||||
// no references, since PHP doesn't copy unless modified
|
// no references, since PHP doesn't copy unless modified
|
||||||
static $instance = null;
|
static $instance = null;
|
||||||
if ($prototype) {
|
if ($prototype) {
|
||||||
|
|||||||
@@ -113,7 +113,7 @@ class HTMLPurifier_Language
|
|||||||
$generator = false;
|
$generator = false;
|
||||||
foreach ($args as $i => $value) {
|
foreach ($args as $i => $value) {
|
||||||
if (is_object($value)) {
|
if (is_object($value)) {
|
||||||
if (is_a($value, 'HTMLPurifier_Token')) {
|
if ($value instanceof HTMLPurifier_Token) {
|
||||||
// factor this out some time
|
// factor this out some time
|
||||||
if (!$generator) $generator = $this->context->get('Generator');
|
if (!$generator) $generator = $this->context->get('Generator');
|
||||||
if (isset($value->name)) $subst['$'.$i.'.Name'] = $value->name;
|
if (isset($value->name)) $subst['$'.$i.'.Name'] = $value->name;
|
||||||
|
|||||||
@@ -65,7 +65,7 @@ class HTMLPurifier_LanguageFactory
|
|||||||
* @param $prototype Optional prototype to overload sole instance with,
|
* @param $prototype Optional prototype to overload sole instance with,
|
||||||
* or bool true to reset to default factory.
|
* or bool true to reset to default factory.
|
||||||
*/
|
*/
|
||||||
function &instance($prototype = null) {
|
static function &instance($prototype = null) {
|
||||||
static $instance = null;
|
static $instance = null;
|
||||||
if ($prototype !== null) {
|
if ($prototype !== null) {
|
||||||
$instance = $prototype;
|
$instance = $prototype;
|
||||||
|
|||||||
@@ -145,9 +145,9 @@ class HTMLPurifier_Lexer
|
|||||||
* @param $prototype Optional prototype lexer or configuration object
|
* @param $prototype Optional prototype lexer or configuration object
|
||||||
* @return Concrete lexer.
|
* @return Concrete lexer.
|
||||||
*/
|
*/
|
||||||
function create($config) {
|
static function create($config) {
|
||||||
|
|
||||||
if (!is_a($config, 'HTMLPurifier_Config')) {
|
if (!($config instanceof HTMLPurifier_Config)) {
|
||||||
$lexer = $config;
|
$lexer = $config;
|
||||||
trigger_error("Passing a prototype to
|
trigger_error("Passing a prototype to
|
||||||
HTMLPurifier_Lexer::create() is deprecated, please instead
|
HTMLPurifier_Lexer::create() is deprecated, please instead
|
||||||
@@ -275,7 +275,7 @@ class HTMLPurifier_Lexer
|
|||||||
* @param $string HTML string to process.
|
* @param $string HTML string to process.
|
||||||
* @returns HTML with CDATA sections escaped.
|
* @returns HTML with CDATA sections escaped.
|
||||||
*/
|
*/
|
||||||
function escapeCDATA($string) {
|
static function escapeCDATA($string) {
|
||||||
return preg_replace_callback(
|
return preg_replace_callback(
|
||||||
'/<!\[CDATA\[(.+?)\]\]>/s',
|
'/<!\[CDATA\[(.+?)\]\]>/s',
|
||||||
array('HTMLPurifier_Lexer', 'CDATACallback'),
|
array('HTMLPurifier_Lexer', 'CDATACallback'),
|
||||||
@@ -304,7 +304,7 @@ class HTMLPurifier_Lexer
|
|||||||
* and 1 the inside of the CDATA section.
|
* and 1 the inside of the CDATA section.
|
||||||
* @returns Escaped internals of the CDATA section.
|
* @returns Escaped internals of the CDATA section.
|
||||||
*/
|
*/
|
||||||
function CDATACallback($matches) {
|
static function CDATACallback($matches) {
|
||||||
// not exactly sure why the character set is needed, but whatever
|
// not exactly sure why the character set is needed, but whatever
|
||||||
return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8');
|
return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8');
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -158,7 +158,7 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
|
|||||||
* Callback function for undoing escaping of stray angled brackets
|
* Callback function for undoing escaping of stray angled brackets
|
||||||
* in comments
|
* in comments
|
||||||
*/
|
*/
|
||||||
function callbackUndoCommentSubst($matches) {
|
static public function callbackUndoCommentSubst($matches) {
|
||||||
return '<!--' . strtr($matches[1], array('&'=>'&','<'=>'<')) . $matches[2];
|
return '<!--' . strtr($matches[1], array('&'=>'&','<'=>'<')) . $matches[2];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -166,7 +166,7 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
|
|||||||
* Callback function that entity-izes ampersands in comments so that
|
* Callback function that entity-izes ampersands in comments so that
|
||||||
* callbackUndoCommentSubst doesn't clobber them
|
* callbackUndoCommentSubst doesn't clobber them
|
||||||
*/
|
*/
|
||||||
function callbackArmorCommentEntities($matches) {
|
static public function callbackArmorCommentEntities($matches) {
|
||||||
return '<!--' . str_replace('&', '&', $matches[1]) . $matches[2];
|
return '<!--' . str_replace('&', '&', $matches[1]) . $matches[2];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
|
|||||||
* @param $matches, in form of array(opening tag, contents, closing tag)
|
* @param $matches, in form of array(opening tag, contents, closing tag)
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function scriptCallback($matches) {
|
static function scriptCallback($matches) {
|
||||||
return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8') . $matches[3];
|
return $matches[1] . htmlspecialchars($matches[2], ENT_COMPAT, 'UTF-8') . $matches[3];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ class HTMLPurifier_URISchemeRegistry
|
|||||||
* @note Pass a registry object $prototype with a compatible interface and
|
* @note Pass a registry object $prototype with a compatible interface and
|
||||||
* the function will copy it and return it all further times.
|
* the function will copy it and return it all further times.
|
||||||
*/
|
*/
|
||||||
function &instance($prototype = null) {
|
static function &instance($prototype = null) {
|
||||||
static $instance = null;
|
static $instance = null;
|
||||||
if ($prototype !== null) {
|
if ($prototype !== null) {
|
||||||
$instance = $prototype;
|
$instance = $prototype;
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ if (!isset($_GET['standalone'])) {
|
|||||||
} else {
|
} else {
|
||||||
require_once '../library/HTMLPurifier.standalone.php';
|
require_once '../library/HTMLPurifier.standalone.php';
|
||||||
}
|
}
|
||||||
error_reporting(E_ALL);
|
error_reporting(E_ALL | E_STRICT);
|
||||||
|
|
||||||
function escapeHTML($string) {
|
function escapeHTML($string) {
|
||||||
$string = HTMLPurifier_Encoder::cleanUTF8($string);
|
$string = HTMLPurifier_Encoder::cleanUTF8($string);
|
||||||
|
|||||||
@@ -86,7 +86,7 @@ class Debugger
|
|||||||
/**
|
/**
|
||||||
* @static
|
* @static
|
||||||
*/
|
*/
|
||||||
function &instance() {
|
static function &instance() {
|
||||||
static $soleInstance = false;
|
static $soleInstance = false;
|
||||||
if (!$soleInstance) $soleInstance = new Debugger();
|
if (!$soleInstance) $soleInstance = new Debugger();
|
||||||
return $soleInstance;
|
return $soleInstance;
|
||||||
|
|||||||
@@ -2,11 +2,12 @@
|
|||||||
|
|
||||||
require_once 'HTMLPurifier/AttrCollections.php';
|
require_once 'HTMLPurifier/AttrCollections.php';
|
||||||
|
|
||||||
Mock::generatePartial(
|
class HTMLPurifier_AttrCollectionsTest_NoConstructor extends HTMLPurifier_AttrCollections
|
||||||
'HTMLPurifier_AttrCollections',
|
{
|
||||||
'HTMLPurifier_AttrCollections_TestForConstruct',
|
function HTMLPurifier_AttrCollectionsTest_NoConstructor() {}
|
||||||
array('performInclusions', 'expandIdentifiers')
|
function expandIdentifiers(&$a, $b) {}
|
||||||
);
|
function performInclusions(&$a) {}
|
||||||
|
}
|
||||||
|
|
||||||
class HTMLPurifier_AttrCollectionsTest extends HTMLPurifier_Harness
|
class HTMLPurifier_AttrCollectionsTest extends HTMLPurifier_Harness
|
||||||
{
|
{
|
||||||
@@ -15,7 +16,7 @@ class HTMLPurifier_AttrCollectionsTest extends HTMLPurifier_Harness
|
|||||||
|
|
||||||
generate_mock_once('HTMLPurifier_AttrTypes');
|
generate_mock_once('HTMLPurifier_AttrTypes');
|
||||||
|
|
||||||
$collections = new HTMLPurifier_AttrCollections_TestForConstruct();
|
$collections = new HTMLPurifier_AttrCollectionsTest_NoConstructor();
|
||||||
|
|
||||||
$types = new HTMLPurifier_AttrTypesMock();
|
$types = new HTMLPurifier_AttrTypesMock();
|
||||||
|
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ class HTMLPurifier_ErrorCollectorEMock extends HTMLPurifier_ErrorCollectorMock
|
|||||||
$this->_expected_context_at[$step][$key] = $value;
|
$this->_expected_context_at[$step][$key] = $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
function send() {
|
function send($severity, $msg) {
|
||||||
// test for context
|
// test for context
|
||||||
$test = &$this->_getCurrentTestCase();
|
$test = &$this->_getCurrentTestCase();
|
||||||
foreach ($this->_expected_context as $key => $value) {
|
foreach ($this->_expected_context as $key => $value) {
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
// call one file using /?f=FileTest.php , see $test_files array for
|
// call one file using /?f=FileTest.php , see $test_files array for
|
||||||
// valid values
|
// valid values
|
||||||
|
|
||||||
error_reporting(E_ALL);
|
error_reporting(E_ALL | E_STRICT);
|
||||||
define('HTMLPurifierTest', 1);
|
define('HTMLPurifierTest', 1);
|
||||||
define('HTMLPURIFIER_SCHEMA_STRICT', true); // validate schemas
|
define('HTMLPURIFIER_SCHEMA_STRICT', true); // validate schemas
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user