mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-06 06:07:26 +02:00
Code Issues Releases Wiki Activity

Compare commits

base: mirror:v3.1.0rc1
Branches Tags
mirror:master mirror:disable84 mirror:estrict mirror:php8.4 mirror:chmod-msg mirror:fix-ci mirror:revert-339-semantic-release
mirror:v4.18.0 mirror:v4.17.0 mirror:v4.16.0 mirror:v4.15.0 mirror:v4.14.0 mirror:v4.13.0 mirror:v4.12.0 mirror:v4.11.0 mirror:v4.10.0 mirror:v4.9.3 mirror:v4.9.2 mirror:v4.9.1 mirror:v4.8.0 mirror:4.8.0 mirror:v4.7.0 mirror:v4.6.0 mirror:gusev mirror:v4.5.0 mirror:v4.4.0 mirror:v4.3.0 mirror:v4.2.0 mirror:v4.1.1 mirror:v4.1.0 mirror:v4.0.0 mirror:v3.3.0 mirror:v3.2.0 mirror:v3.1.1.2 mirror:v3.1.1.1 mirror:v2.1.5 mirror:v3.1.1 mirror:v2.1.4 mirror:v3.1.0 mirror:v3.1.0rc1 mirror:v3.0.0 mirror:v2.1.3-strict mirror:v2.1.3 mirror:v2.1.2-strict mirror:v2.1.2 mirror:v2.1.1-strict mirror:v2.1.1 mirror:v2.1.0-strict mirror:v2.1.0 mirror:v2.0.1-strict mirror:v2.0.1 mirror:v2.0.0-strict mirror:v2.0.0 mirror:v1.6.1-strict mirror:v1.6.1 mirror:v1.6.0-strict mirror:v1.6.0 mirror:v1.5.0-strict mirror:v1.5.0 mirror:v1.4.1-strict mirror:v1.4.1 mirror:v1.4.0-strict mirror:v1.4.0 mirror:v1.3.2 mirror:v1.3.1 mirror:v1.3.0 mirror:v1.2.0 mirror:v1.1.2 mirror:v1.1.1 mirror:v1.1.0 mirror:v1.0.1 mirror:v1.0.0 mirror:v1.0.0beta
..
compare: mirror:v3.1.1.1
Branches Tags
mirror:master mirror:disable84 mirror:estrict mirror:php8.4 mirror:chmod-msg mirror:fix-ci mirror:revert-339-semantic-release
mirror:v4.18.0 mirror:v4.17.0 mirror:v4.16.0 mirror:v4.15.0 mirror:v4.14.0 mirror:v4.13.0 mirror:v4.12.0 mirror:v4.11.0 mirror:v4.10.0 mirror:v4.9.3 mirror:v4.9.2 mirror:v4.9.1 mirror:v4.8.0 mirror:4.8.0 mirror:v4.7.0 mirror:v4.6.0 mirror:gusev mirror:v4.5.0 mirror:v4.4.0 mirror:v4.3.0 mirror:v4.2.0 mirror:v4.1.1 mirror:v4.1.0 mirror:v4.0.0 mirror:v3.3.0 mirror:v3.2.0 mirror:v3.1.1.2 mirror:v3.1.1.1 mirror:v2.1.5 mirror:v3.1.1 mirror:v2.1.4 mirror:v3.1.0 mirror:v3.1.0rc1 mirror:v3.0.0 mirror:v2.1.3-strict mirror:v2.1.3 mirror:v2.1.2-strict mirror:v2.1.2 mirror:v2.1.1-strict mirror:v2.1.1 mirror:v2.1.0-strict mirror:v2.1.0 mirror:v2.0.1-strict mirror:v2.0.1 mirror:v2.0.0-strict mirror:v2.0.0 mirror:v1.6.1-strict mirror:v1.6.1 mirror:v1.6.0-strict mirror:v1.6.0 mirror:v1.5.0-strict mirror:v1.5.0 mirror:v1.4.1-strict mirror:v1.4.1 mirror:v1.4.0-strict mirror:v1.4.0 mirror:v1.3.2 mirror:v1.3.1 mirror:v1.3.0 mirror:v1.2.0 mirror:v1.1.2 mirror:v1.1.1 mirror:v1.1.0 mirror:v1.0.1 mirror:v1.0.0 mirror:v1.0.0beta

84 Commits
v3.1.0rc1 ... v3.1.1.1

Author SHA1 Message Date
Edward Z. Yang
7727cea112 Add Git specific files and configuration 
* Setup usage.xml to be binary, as XMLWriter does not honor operating
  system's newline format.
* Setup various files to ignore (svn:ignore was not carried over)
* Add dummy files to prevent git from ignoring empty directories

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2008-06-24 22:02:16 -04:00
Edward Z. Yang
6bb8c1fcac Handle CRLF discrepancies 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2008-06-24 21:10:51 -04:00
Edward Z. Yang
a84b6d5be0 Add new NEWS entries 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1824 48356398-32a2-884e-a903-53898d9a118a
 2008-06-21 05:00:17 +00:00
Edward Z. Yang
6e43cac9c9 Add some extra helpful data for FOCUS 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1821 48356398-32a2-884e-a903-53898d9a118a
 2008-06-20 02:59:01 +00:00
Edward Z. Yang
656a0c95bf Add update Freshmeat script. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1818 48356398-32a2-884e-a903-53898d9a118a
 2008-06-20 01:48:46 +00:00
Edward Z. Yang
7015aaff46 Release 3.1.1 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1808 48356398-32a2-884e-a903-53898d9a118a
 2008-06-19 21:43:57 +00:00
Edward Z. Yang
1009bd41a6 var -> public 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1807 48356398-32a2-884e-a903-53898d9a118a
 2008-06-19 21:24:50 +00:00
Edward Z. Yang
511dfe2d4a [3.1.1] Update Munge docs. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1804 48356398-32a2-884e-a903-53898d9a118a
 2008-06-19 19:06:55 +00:00
Edward Z. Yang
463aa3a0fa [3.1.1] General munge improvements 
- Add CurrentCSSProperty context variable
- Move Munge to its own class, derived off of SecureMunge.
- Rename %URI.SecureMunge to %URI.Munge
- Rename %URI.SecureMungeSecretKey to %URI.MungeSecretKey
- Add extra substitutions for munge

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1803 48356398-32a2-884e-a903-53898d9a118a
 2008-06-18 03:29:27 +00:00
Edward Z. Yang
7189ec2790 Update TODO 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1802 48356398-32a2-884e-a903-53898d9a118a
 2008-06-17 04:00:03 +00:00
Edward Z. Yang
e901d832ab Update Modx plugin to work with HTML Purifier 3.1.0. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1801 48356398-32a2-884e-a903-53898d9a118a
 2008-06-17 03:41:40 +00:00
Edward Z. Yang
643ed1bddc [3.1.1] Fix text-decoration: none bug 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1799 48356398-32a2-884e-a903-53898d9a118a
 2008-06-17 03:12:50 +00:00
Edward Z. Yang
41830cd902 Update TODO 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1798 48356398-32a2-884e-a903-53898d9a118a
 2008-06-17 02:40:38 +00:00
Edward Z. Yang
261aa1aeaa Update news, installer, and add an extra specimen. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1796 48356398-32a2-884e-a903-53898d9a118a
 2008-06-15 22:13:16 +00:00
Edward Z. Yang
486b401cf7 Fix broken tests. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1795 48356398-32a2-884e-a903-53898d9a118a
 2008-06-12 03:12:39 +00:00
Edward Z. Yang
f2794e59c5 [3.1.1] Mimick movie value in data if not set in safe object. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1794 48356398-32a2-884e-a903-53898d9a118a
 2008-06-11 23:12:38 +00:00
Edward Z. Yang
d702077d2e Undo redundant embedded URI check. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1782 48356398-32a2-884e-a903-53898d9a118a
 2008-06-10 01:23:11 +00:00
Edward Z. Yang
36bd06d53e [3.1.1] Implement SafeEmbed. Also, miscellaneous bugfixes. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1781 48356398-32a2-884e-a903-53898d9a118a
 2008-06-10 01:18:03 +00:00
Edward Z. Yang
13eb016e06 [3.1.1] Implement SafeObject. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a
 2008-06-10 00:13:44 +00:00
Edward Z. Yang
32025a12e1 [3.1.1] Allow injectors to be specified by modules. 
- Make method for URI implemented
- Split out checkNeeded in Injector from prepare

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1779 48356398-32a2-884e-a903-53898d9a118a
 2008-06-09 01:23:05 +00:00
Edward Z. Yang
7dae94c44b Update TODO. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1778 48356398-32a2-884e-a903-53898d9a118a
 2008-06-08 16:57:48 +00:00
Edward Z. Yang
54cc691ba7 Update TODO. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1777 48356398-32a2-884e-a903-53898d9a118a
 2008-06-04 22:52:48 +00:00
Edward Z. Yang
3af2ff8f98 Fix bug with SecureMunge regarding embedded URIs. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1775 48356398-32a2-884e-a903-53898d9a118a
 2008-06-02 17:39:29 +00:00
Edward Z. Yang
36fb284d2f Add integration test, and fix broken SecureMunge 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1774 48356398-32a2-884e-a903-53898d9a118a
 2008-05-27 17:47:25 +00:00
Edward Z. Yang
8d1f1e8e73 [3.1.1] Improved adherence to Unicode by checking for non-character codepoints. Thanks Geoffrey Sneddon for reporting. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1773 48356398-32a2-884e-a903-53898d9a118a
 2008-05-26 21:27:52 +00:00
Edward Z. Yang
322288e6c0 [3.1.1] Implement %URI.SecureMunge and %URI.SecureMungeSecretKey, thanks Chris! 
- URIFilter->prepare can return false in order to abort loading of the filter
- Implemented post URI filtering. Set member variable $post to true to set a URIFilter as such.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1772 48356398-32a2-884e-a903-53898d9a118a
 2008-05-26 16:26:47 +00:00
Edward Z. Yang
3c4346cb1e Fix back-compat regressions. Also, compactify configuration code. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1771 48356398-32a2-884e-a903-53898d9a118a
 2008-05-26 04:35:12 +00:00
Edward Z. Yang
14d934c7ca [3.1.1] Land vs's HTMLPurifier_Generator patch, and a number of other bugfixes for that change 
- Convert a number of calls to use new constructor signature for Generator
- Make generator require configuration; this exposes a number of latent bugs
- Removed generator hack
- Convert Printers to use new optimized ConfigSchema format
- Hack with Printer configuration; pass an array(generator config, render config) to distinguish between output and target.
- HTML/CSS Printers need to be primed, otherwise fatal errors
- Convert a few test-cases to use member properties

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1770 48356398-32a2-884e-a903-53898d9a118a
 2008-05-26 04:05:48 +00:00
Edward Z. Yang
bb16d8eae5 [3.1.1] Fix Shift_JIS encoding wonkiness with yen symbols and whatnot 
- Improve parseCDATA algorithm to take into account newline normalization
- Fix regression in FontFamily validator. We now have a legit parser in place, albeit somewhat limited in use. Will be superseded by parser for entire grammar
- Convert EncoderTest to new format

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1769 48356398-32a2-884e-a903-53898d9a118a
 2008-05-25 05:40:20 +00:00
Edward Z. Yang
10530d7f81 [3.1.1] Fix stray backslashes in font-family. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1768 48356398-32a2-884e-a903-53898d9a118a
 2008-05-24 18:19:36 +00:00
Edward Z. Yang
c7e172f660 Update news: not 1/2, more like 1/3 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1767 48356398-32a2-884e-a903-53898d9a118a
 2008-05-23 17:15:13 +00:00
Edward Z. Yang
917d2ea5ef [3.1.1] More ConfigSchema optimizations: degenerate form can accommodate type and allow_null 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1766 48356398-32a2-884e-a903-53898d9a118a
 2008-05-23 17:10:26 +00:00
Edward Z. Yang
895141e0b5 [3.1.1] Further optimize ConfigSchema by eliminating stdclass when only type is set. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1765 48356398-32a2-884e-a903-53898d9a118a
 2008-05-23 17:00:58 +00:00
Edward Z. Yang
8ab30e24b7 [3.1.1] Memory optimizations for ConfigSchema. Changes include: 
- Elimination of ConfigDef and subclasses in favor of stdclass. Most property names stay the same
- Added benchmark script for ConfigSchema
- Types are internally handled as magic integers. Use HTMLPurifier_VarParser->getTypeName to convert to human readable form. HTMLPurifier_VarParser still accepts strings.
- Parser in config schema only used for legacy interface


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1764 48356398-32a2-884e-a903-53898d9a118a
 2008-05-23 16:43:24 +00:00
Edward Z. Yang
9db891c3aa Add benchmark script for ConfigSchema. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1763 48356398-32a2-884e-a903-53898d9a118a
 2008-05-23 15:24:15 +00:00
Edward Z. Yang
eb9f9bc7f6 [3.1.1] Round up imagecrash support with HTML.MaxImgLength 
- Add $max to AttrDef/HTML/Pixels.php
- Add %HTML.MaxImgLength
- CSS width/height allows percents when MaxImgLength is disabled


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1762 48356398-32a2-884e-a903-53898d9a118a
 2008-05-23 02:09:43 +00:00
Edward Z. Yang
fcebb7731d [3.1.1] Migrate all HTMLModules to use setup($config) rather than __construct 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1761 48356398-32a2-884e-a903-53898d9a118a
 2008-05-22 19:36:59 +00:00
Edward Z. Yang
8d0d0d1a03 [3.1.1] construct() to setup() in HTMLModules 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1760 48356398-32a2-884e-a903-53898d9a118a
 2008-05-22 04:34:19 +00:00
Edward Z. Yang
80f59206d7 [3.1.1] Implement percent encoding for URI query and fragment 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1758 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 02:58:41 +00:00
Edward Z. Yang
af3f5190dc [3.1.1] Lazy token updating for HTMLPurifier/AttrValidator.php 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1757 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 02:30:27 +00:00
Edward Z. Yang
5620241165 [3.1.1] Disable percent height/width attributes for img 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1756 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 02:01:25 +00:00
Edward Z. Yang
c06727190e Update NEWS accordingly. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1755 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 01:58:48 +00:00
Edward Z. Yang
1a95852007 [3.1.1] Implement more robust imagecrash protection for CSS width/height. 
- Change API for HTMLPurifier_AttrDef_CSS_Length
- Implement HTMLPurifier_AttrDef_Switch class
- Implement HTMLPurifier_Length->compareTo, and make make() accept object instances

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1754 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 01:56:48 +00:00
Edward Z. Yang
c3fab7200e Add support for pixel as a pseudo-English unit. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1753 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 00:42:55 +00:00
Edward Z. Yang
6d7a17e9b6 Implement without-bcmath compatible UnitConverter. We might want to factor our floating point fudges. These calculations are only accurate for small precisions, and are architecture-dependent. (Unit tests seem to work on 32bit, though). 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1752 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 00:29:31 +00:00
Edward Z. Yang
64b5581bf2 [3.1.1] Have CSS/Length.php use the new Length class. Also, put onus of non-negative to callee, which would compare $n. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1751 48356398-32a2-884e-a903-53898d9a118a
 2008-05-20 23:15:20 +00:00
Edward Z. Yang
d8da5ff406 Finally stabilize the unit converter. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1750 48356398-32a2-884e-a903-53898d9a118a
 2008-05-20 21:23:38 +00:00
Edward Z. Yang
fda310f1e7 Update UnitConverter to deal more correctly with X.XX... decimals. Not complete. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1749 48356398-32a2-884e-a903-53898d9a118a
 2008-05-20 17:48:15 +00:00
Edward Z. Yang
fc7dbdbd33 Disable Tidy test completely. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1748 48356398-32a2-884e-a903-53898d9a118a
 2008-05-20 17:14:08 +00:00
Edward Z. Yang
02ac821503 Update TODO and run flush. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1747 48356398-32a2-884e-a903-53898d9a118a
 2008-05-20 01:31:51 +00:00
Edward Z. Yang
16fa73afa0 [3.1.1] Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient handling of CSS-style lengths. 
- Fixed another de-underscoring in the SimpleTest library

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1746 48356398-32a2-884e-a903-53898d9a118a
 2008-05-20 01:19:00 +00:00
Edward Z. Yang
32a6afa27c Update news. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1744 48356398-32a2-884e-a903-53898d9a118a
 2008-05-18 20:12:25 +00:00
Edward Z. Yang
587d642826 Release 3.1.0. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1728 48356398-32a2-884e-a903-53898d9a118a
 2008-05-18 05:46:06 +00:00
Edward Z. Yang
0bef016271 [3.1.0] Get testing working again for all versions 
- Standalone testing setup properly with autoload
- Bootstrap autoloader deals more robustly with classes that don't exist, preventing class_exists($class, true) from barfing.
- Cleanup $_reporter to $reporter

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1727 48356398-32a2-884e-a903-53898d9a118a
 2008-05-16 01:49:33 +00:00
Edward Z. Yang
ef6a1c9274 Allow for users to load Language class files themselves. Messages are still HTML Purifier dependent; we need to figure out a way around that. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1725 48356398-32a2-884e-a903-53898d9a118a
 2008-05-15 23:22:34 +00:00
Edward Z. Yang
86b1da9b6f [3.1.0] Fixed bug with fallback languages in LanguageFactory 
- Also, reverted bogus Generator changes

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1723 48356398-32a2-884e-a903-53898d9a118a
 2008-05-15 23:04:46 +00:00
Edward Z. Yang
00ea2062d4 [3.1.0] Fix buggy LanguageFactory. This revision is incomplete. 
- Some bogus commits to Generator were made, and will be reverted next revision.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1722 48356398-32a2-884e-a903-53898d9a118a
 2008-05-15 17:47:47 +00:00
Edward Z. Yang
cb5d5d0648 [3.1.0] Revamp URI handling of percent encoding and validation. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1709 48356398-32a2-884e-a903-53898d9a118a
 2008-05-14 02:19:00 +00:00
Edward Z. Yang
77ce3e8b4a [3.1.0] Extend scanner to catch $this->config; chmod new directories from Serializer. I'm not exactly sure what the implications of the bugfix are, but hopefully it won't blow up. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1708 48356398-32a2-884e-a903-53898d9a118a
 2008-05-13 03:17:38 +00:00
Edward Z. Yang
e0c0d8eab6 [3.1.0] Allow arbitrary whitespace in %HTML.Allowed 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1707 48356398-32a2-884e-a903-53898d9a118a
 2008-05-13 02:02:27 +00:00
Edward Z. Yang
ce46fb618c [3.1.0] Add missing tests and errors for forbidden attributes 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1706 48356398-32a2-884e-a903-53898d9a118a
 2008-05-13 01:41:25 +00:00
Edward Z. Yang
9f37764614 Update TODO with items from Denis. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1702 48356398-32a2-884e-a903-53898d9a118a
 2008-05-06 03:08:09 +00:00
Edward Z. Yang
aaf6ba421c Sync with SimpleTest codebase 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1701 48356398-32a2-884e-a903-53898d9a118a
 2008-04-28 19:52:13 +00:00
Edward Z. Yang
4b862f64e6 [3.1.0] Fix ScriptRequired bug with trusted installs 
- Generator now takes $config and $context during instantiation
- Double quotes outside of attributes are not escaped


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1700 48356398-32a2-884e-a903-53898d9a118a
 2008-04-28 01:35:07 +00:00
Edward Z. Yang
be2cfb7918 Fix latest batch of SimpleTest changes. Also, commit forgotten NEWS. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1699 48356398-32a2-884e-a903-53898d9a118a
 2008-04-26 19:50:27 +00:00
Edward Z. Yang
2f29c27a59 [3.1.0] Fix broken PH5P in latest versions of DOM with bandaid; punt to DirectLex. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1698 48356398-32a2-884e-a903-53898d9a118a
 2008-04-26 19:47:22 +00:00
Edward Z. Yang
144bd6f07a [3.1.0] Fix bug with 3.1.0-dev version number (the dash caused problems, so we switched to commas) 
- Refactored out null definition cache during HTMLDefinition tests


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1697 48356398-32a2-884e-a903-53898d9a118a
 2008-04-26 19:28:14 +00:00
Edward Z. Yang
a95f600e76 Fix another fatal error from SimpleTest refactoring. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1696 48356398-32a2-884e-a903-53898d9a118a
 2008-04-26 03:18:07 +00:00
Edward Z. Yang
84aa2ca390 [3.1.0] Implement tag@attr for Allowed and Forbidden 
- Fix (or null) bug in configdoc

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1695 48356398-32a2-884e-a903-53898d9a118a
 2008-04-26 03:14:01 +00:00
Edward Z. Yang
1f8619cda5 [3.1.0] Fix and revamp configForm.php smoketest 
- Fix bool/null ConfigForm field

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1694 48356398-32a2-884e-a903-53898d9a118a
 2008-04-26 01:13:58 +00:00
Edward Z. Yang
04b1ec33cb [3.1.0] version -> VERSION 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1693 48356398-32a2-884e-a903-53898d9a118a
 2008-04-25 05:47:36 +00:00
Edward Z. Yang
6d9643a92e [3.1.0] Add const version to HTMLPurifier, also bump version to 3.1.0-dev; this apparently is a good idea! 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1692 48356398-32a2-884e-a903-53898d9a118a
 2008-04-25 05:26:10 +00:00
Edward Z. Yang
438d973073 Renumber as 3.1.0, however, NOT releasing (WHATSNEW isn't updated) 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1691 48356398-32a2-884e-a903-53898d9a118a
 2008-04-25 03:54:38 +00:00
Edward Z. Yang
f295465ad4 [3.1.0] Allow index to be false for config from for creation 
- Static-ify Printer_ConfigForm's get* functions

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1690 48356398-32a2-884e-a903-53898d9a118a
 2008-04-25 02:43:31 +00:00
Edward Z. Yang
eaabccdd9b [3.1.0] More PHP4->PHP5 conversions, notably reference removal of most methods that return objects 
- Removed HTMLPurifier_Error
- Documentation updates
- Removed more copy() methods in favor of clone
- HTMLPurifier::getInstance() to HTMLPurifier::instance()
- Fix InterchangeBuilder to use HTMLPURIFIER_PREFIX

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1689 48356398-32a2-884e-a903-53898d9a118a
 2008-04-23 02:40:17 +00:00
Edward Z. Yang
893cdd0301 All 3.1.0 TODOs are done! 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1687 48356398-32a2-884e-a903-53898d9a118a
 2008-04-23 00:17:52 +00:00
Edward Z. Yang
1ba77fedd4 [3.1.0] Implement DenyElementDecorator for imagecrash-protection against CSS width/height 
- Misc doc changes
- Add missing inheritance for AttrDef_CSS decorators


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1684 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 22:28:54 +00:00
Edward Z. Yang
fae720115a Update TODO 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1683 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 20:57:11 +00:00
Edward Z. Yang
c0f2e69c9f [3.1.0] Update French documentation. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1682 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 20:43:47 +00:00
Edward Z. Yang
ca6b20ff2b [phorum-3.0.0.1] Improve installation documentation. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1681 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 18:30:01 +00:00
Edward Z. Yang
c4aa3ee40c [3.1.0] Encoder optimization, as suggested by Diego 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1680 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 18:14:40 +00:00
Edward Z. Yang
e9c7873057 [3.1.0] Fix validation error with missing li. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1679 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 17:35:39 +00:00
Edward Z. Yang
d45f42e6a8 Update docs. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1678 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 17:32:42 +00:00
Edward Z. Yang
f46aef698e Post rc skirmishes. 
- Update docs
- Update source code comments in generated files
- release1-update.php now flushes after it finishes
- Make InterchangeBuilder alphabetize

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1676 48356398-32a2-884e-a903-53898d9a118a
 2008-04-22 16:20:45 +00:00
291 changed files with 10627 additions and 7462 deletions
Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
configdoc/usage.xml -crlf

9
.gitignore vendored Normal file
View File

@@ -0,0 +1,9 @@
conf/
library/HTMLPurifier/DefinitionCache/Serializer/*/
library/standalone/
library/HTMLPurifier.standalone.php
*.phpt.diff
*.phpt.exp
*.phpt.log
*.phpt.out
*.phpt.php

2
Doxyfile
View File

@@ -31,7 +31,7 @@ PROJECT_NAME = HTMLPurifier
# This could be handy for archiving the generated documentation or # This could be handy for archiving the generated documentation or
# if some version control system is used. # if some version control system is used.
PROJECT_NUMBER = 3.1.0rc1 PROJECT_NUMBER = 3.1.1
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put. # base path where the generated documentation will be put.

13
FOCUS Normal file
View File

@@ -0,0 +1,13 @@
9 - Major security fixes
[ Appendix A: Release focus IDs ]
0 - N/A
1 - Initial freshmeat announcement
2 - Documentation
3 - Code cleanup
4 - Minor feature enhancements
5 - Major feature enhancements
6 - Minor bugfixes
7 - Major bugfixes
8 - Minor security fixes
9 - Major security fixes

5
INSTALL
View File

@@ -23,8 +23,9 @@ August 8, 2008.
These optional extensions can enhance the capabilities of HTML Purifier: These optional extensions can enhance the capabilities of HTML Purifier:
* iconv : Converts text to and from non-UTF-8 encodings * iconv : Converts text to and from non-UTF-8 encodings
* tidy : Used for pretty-printing HTML * bcmath : Used for unit conversion and imagecrash protection
* tidy : Used for pretty-printing HTML
--------------------------------------------------------------------------- ---------------------------------------------------------------------------

16
INSTALL.fr.utf8
View File

@@ -17,7 +17,7 @@ ce document pour quelques choses.
1. Compatibilité 1. Compatibilité
HTML Purifier fonctionne dans PHP 5. PHP 5.0.0 est le dernier HTML Purifier fonctionne dans PHP 5. PHP 5.0.5 est le dernier
version que je le testais. Il ne dépend de les autre librairies. version que je le testais. Il ne dépend de les autre librairies.
Les extensions optionnel est iconv (en général déjà installer) et Les extensions optionnel est iconv (en général déjà installer) et
@@ -34,19 +34,15 @@ Utilisez:
...quand vous devez utiliser HTML Purifier (ne inclure pas quand vous ...quand vous devez utiliser HTML Purifier (ne inclure pas quand vous
ne devez pas, parce que HTML Purifier est trés grand.) ne devez pas, parce que HTML Purifier est trés grand.)
Si vous n'aime pas que HTML Purifier change vos include_path, on peut HTML Purifier utilise 'autoload'. Si vous avez définu la fonction
change vos include_path, et: __autoload, vous doivez ajoute cet programme:
require_once 'HTMLPurifier.php'; spl_autoload_register('__autoload')
Seuleument les contents dans library/ est essentiel; vous peut enlever Plus d'information est dans le document 'INSTALL'.
les autre fichiers quand vous est dans une atmosphère professionnel.
[En cours de construction] 3. Installation vite
6. Installation vite
Si votre site web est en UTF-8 et XHTML Transitional, utilisez: Si votre site web est en UTF-8 et XHTML Transitional, utilisez:

132
NEWS
View File

@@ -9,6 +9,138 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. Internal change . Internal change
========================== ==========================
3.2.0, unknown release date
3.1.2, unknown release date
3.1.1, released 2008-06-19
# %URI.Munge now, by default, does not munge resources (for example, <img src="">)
In order to enable this again, please set %URI.MungeResources to true.
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength,
and height/width HTML with %HTML.MaxImgLength.
! %URI.MungeSecretKey for secure URI munging. Thanks Chris
for sponsoring this feature. Check out the corresponding documentation
for details. (Att Nightly testers: The API for this feature changed before
the general release. Namely, rename your directives %URI.SecureMungeSecretKey =>
%URI.MungeSecretKey and and %URI.SecureMunge => %URI.Munge)
! Implemented post URI filtering. Set member variable $post to true to set
a URIFilter as such.
! Allow modules to define injectors via $info_injector. Injectors are
automatically disabled if injector's needed elements are not found.
! Support for "safe" objects added, use %HTML.SafeObject and %HTML.SafeEmbed.
Thanks Chris for sponsoring. If you've been using ad hoc code from the
forums, PLEASE use this instead.
! Added substitutions for %e, %n, %a and %p in %URI.Munge (in order,
embedded, tag name, attribute name, CSS property name). See %URI.Munge
for more details. Requested by Jochem Blok.
- Disable percent height/width attributes for img.
- AttrValidator operations are now atomic; updates to attributes are not
manifest in token until end of operations. This prevents naughty internal
code from directly modifying CurrentToken when they're not supposed to.
This semantics change was requested by frank farmer.
- Percent encoding checks enabled for URI query and fragment
- Fix stray backslashes in font-family; CSS Unicode character escapes are
now properly resolved (although *only* in font-family). Thanks Takeshi Terada
for reporting.
- Improve parseCDATA algorithm to take into account newline normalization
- Account for browser confusion between Yen character and backslash in
Shift_JIS encoding. This fix generalizes to any other encoding which is not
a strict superset of printable ASCII. Thanks Takeshi Terada for reporting.
- Fix missing configuration parameter in Generator calls. Thanks vs for the
partial patch.
- Improved adherence to Unicode by checking for non-character codepoints.
Thanks Geoffrey Sneddon for reporting. This may result in degraded
performance for extremely large inputs.
- Allow CSS property-value pair ''text-decoration: none''. Thanks Jochem Blok
for reporting.
. Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
this class.
. API of HTMLPurifier_AttrDef_CSS_Length changed from __construct($disable_negative)
to __construct($min, $max). __construct(true) is equivalent to
__construct('0').
. Added HTMLPurifier_AttrDef_Switch class
. Rename HTMLPurifier_HTMLModule_Tidy->construct() to setup() and bubble method
up inheritance hierarchy to HTMLPurifier_HTMLModule. All HTMLModules
get this called with the configuration object. All modules now
use this rather than __construct(), although legacy code using constructors
will still work--the new format, however, lets modules access the
configuration object for HTML namespace dependant tweaks.
. AttrDef_HTML_Pixels now takes a single construction parameter, pixels.
. ConfigSchema data-structure heavily optimized; on average it uses a third
the memory it did previously. The interface has changed accordingly,
consult changes to HTMLPurifier_Config for details.
. Variable parsing types now are magic integers instead of strings
. Added benchmark for ConfigSchema
. HTMLPurifier_Generator requires $config and $context parameters. If you
don't know what they should be, use HTMLPurifier_Config::createDefault()
and new HTMLPurifier_Context().
. Printers now properly distinguish between output configuration, and
target configuration. This is not applicable to scripts using
the Printers for HTML Purifier related tasks.
. HTML/CSS Printers must be primed with prepareGenerator($gen_config), otherwise
fatal errors will ensue.
. URIFilter->prepare can return false in order to abort loading of the filter
. Factory for AttrDef_URI implemented, URI#embedded to indicate URI that embeds
an external resource.
. %URI.Munge functionality factored out into a post-filter class.
. Added CurrentCSSProperty context variable during CSS validation
3.1.0, released 2008-05-18
# Unnecessary references to objects (vestiges of PHP4) removed from method
signatures. The following methods do not need references when assigning from
them and will result in E_STRICT errors if you try:
+ HTMLPurifier_Config->get*Definition() [* = HTML, CSS]
+ HTMLPurifier_ConfigSchema::instance()
+ HTMLPurifier_DefinitionCacheFactory::instance()
+ HTMLPurifier_DefinitionCacheFactory->create()
+ HTMLPurifier_DoctypeRegistry->register()
+ HTMLPurifier_DoctypeRegistry->get()
+ HTMLPurifier_HTMLModule->addElement()
+ HTMLPurifier_HTMLModule->addBlankElement()
+ HTMLPurifier_LanguageFactory::instance()
# Printer_ConfigForm's get*() functions were static-ified
# %HTML.ForbiddenAttributes requires attribute declarations to be in the
form of tag@attr, NOT tag.attr (which will throw an error and won't do
anything). This is for forwards compatibility with XML; you'd do best
to migrate an %HTML.AllowedAttributes directives to this syntax too.
! Allow index to be false for config from form creation
! Added HTMLPurifier::VERSION constant
! Commas, not dashes, used for serializer IDs. This change is forwards-compatible
and allows for version numbers like "3.1.0-dev".
! %HTML.Allowed deals gracefully with whitespace anywhere, anytime!
! HTML Purifier's URI handling is a lot more robust, with much stricter
validation checks and better percent encoding handling. Thanks Gareth Heyes
for indicating security vulnerabilities from lax percent encoding.
! Bootstrap autoloader deals more robustly with classes that don't exist,
preventing class_exists($class, true) from barfing.
- InterchangeBuilder now alphabetizes its lists
- Validation error in configdoc output fixed
- Iconv and other encoding errors muted even with custom error handlers that
do not honor error_reporting
- Add protection against imagecrash attack with CSS height/width
- HTMLPurifier::instance() created for consistency, is equivalent to getInstance()
- Fixed and revamped broken ConfigForm smoketest
- Bug with bool/null fields in Printer_ConfigForm fixed
- Bug with global forbidden attributes fixed
- Improved error messages for allowed and forbidden HTML elements and attributes
- Missing (or null) in configdoc documentation restored
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
of DOM), HTML Purifier punts to DirectLex
- Fatal error with unserialization of ScriptRequired
- Created directories are now chmod'ed properly
- Fixed bug with fallback languages in LanguageFactory
- Standalone testing setup properly with autoload
. Out-of-date documentation revised
. UTF-8 encoding check optimization as suggested by Diego
. HTMLPurifier_Error removed in favor of exceptions
. More copy() function removed; should use clone instead
. More extensive unit tests for HTMLDefinition
. assertPurification moved to central harness
. HTMLPurifier_Generator accepts $config and $context parameters during
instantiation, not runtime
. Double-quotes outside of attribute values are now unescaped
3.1.0rc1, released 2008-04-22 3.1.0rc1, released 2008-04-22
# Autoload support added. Internal require_once's removed in favor of an # Autoload support added. Internal require_once's removed in favor of an
explicit require list or autoloading. To use HTML Purifier, explicit require list or autoloading. To use HTML Purifier,

123
TODO
View File

@@ -7,48 +7,36 @@ TODO List
? Maybe I'll Do It ? Maybe I'll Do It
========================== ==========================
If no interest is expressed for a feature that may required a considerable If no interest is expressed for a feature that may require a considerable
amount of effort to implement, it may get endlessly delayed. Do not be amount of effort to implement, it may get endlessly delayed. Do not be
afraid to cast your vote for the next feature to be implemented! afraid to cast your vote for the next feature to be implemented!
- Investigate how early internal structures can be accessed; this would
UPCOMING RELEASE prevent structures from being parsed and serialized multiple times.
---------------- - Built-in support for target="_blank" on all external links
- Gitify the repository
IMPORTANT
- Release candidate, because of the major changes
DOCUMENTATION
- Update French translation of README
IMPORTANT FEATURES
- Factor out command line parser into its own class, and unit test it
NICE FEATURES
- Factor demo.php into a set of Printer classes, and then create a stub
file for users here (inside the actual HTML Purifier library)
- Support exporting configuration, so users can easily tweak settings
in the demo, and then copy-paste into their own setup
BUGS
- Style attribute height/width limiting for images
- Easy way to blacklist elements and attributes
- Investigate iconv error emitting
- Investigate UTF-8 optimization <http://htmlpurifier.org/phorum/read.php?3,1496>
- Figure out what to do about target="" and name="", since they show up so often
FUTURE VERSIONS FUTURE VERSIONS
--------------- ---------------
3.2 release [Error'ed] 3.2 release [It's All About Trust] (floating)
# Error logging for filtering/cleanup procedures # Implement untrusted, dangerous elements/attributes
- XSS-attempt detection - Forms are especially wanted
# Implement IDREF support (harder than it seems, since you cannot have
IDREFs to non-existent IDs)
# Frameset XHTML 1.0 and HTML 4.01 doctypes
- Implement <area>
- Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?)
3.3 release [Do What I Mean, Not What I Say] 3.3 release [Error'ed]
# Error logging for filtering/cleanup procedures
- XSS-attempt detection--certain errors are flagged XSS-like
3.4 release [Do What I Mean, Not What I Say]
# Additional support for poorly written HTML # Additional support for poorly written HTML
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
- Friendly strict handling of <address> (block -> <br>) - Friendly strict handling of <address> (block -> <br>)
- Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes: ? Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes:
1. Analyzing which tags to remove duplicants 1. Analyzing which tags to remove duplicants
2. Ensure attributes are merged into the parent tag 2. Ensure attributes are merged into the parent tag
3. Extend the tag exclusion system to specify whether or not the 3. Extend the tag exclusion system to specify whether or not the
@@ -58,27 +46,21 @@ FUTURE VERSIONS
- Remove empty inline tags<i></i> - Remove empty inline tags<i></i>
- Append something to duplicate IDs so they're still usable (impl. note: the - Append something to duplicate IDs so they're still usable (impl. note: the
dupe detector would also need to detect the suffix as well) dupe detector would also need to detect the suffix as well)
- Externalize inline CSS to promote clean HTML - Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg
3.4 release [It's All About Trust] (floating)
# Implement untrusted, dangerous elements/attributes
- Objects and Forms are especially wanted
# Implement IDREF support (harder than it seems, since you cannot have
IDREFs to non-existent IDs)
# Frameset XHTML 1.0 and HTML 4.01 doctypes
4.0 release [Beyond HTML] 4.0 release [Beyond HTML]
# Legit token based CSS parsing (will require revamping almost every # Legit token based CSS parsing (will require revamping almost every
AttrDef class). Probably will use CSSTidy class AttrDef class). Probably will use CSSTidy class?
# More control over allowed CSS properties (maybe modularize it in the # More control over allowed CSS properties using a modularization
same fashion!)
# HTML 5 support # HTML 5 support
# IRI support
- Standardize token armor for all areas of processing - Standardize token armor for all areas of processing
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand. - Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
Also, enable disabling of directionality Also, enable disabling of directionality
- Table of Contents generation (XHTML Compiler might be reusable)
5.0 release [To XML and Beyond] 5.0 release [To XML and Beyond]
- AllowedAttributes and ForbiddenAttributes step on the toes of XML by
using periods; this needs to be changed.
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
- Hooks for adding custom processors to custom namespaced tags and - Hooks for adding custom processors to custom namespaced tags and
attributes, offer default implementation attributes, offer default implementation
@@ -86,45 +68,64 @@ FUTURE VERSIONS
Ongoing Ongoing
- More refactoring to take advantage of PHP5's facilities - More refactoring to take advantage of PHP5's facilities
- Lots of profiling, make it faster! - Refactor unit tests into lots of test methods
- Plugins for major CMSes (COMPLEX) - Plugins for major CMSes (COMPLEX)
- phpBB - phpBB
- Drupal needs loving!
- Phorum need loving!
- more! (look for ones that use WYSIWYGs) - more! (look for ones that use WYSIWYGs)
- Complete basic smoketests - Also, maybe a FAQ for extension writers with HTML Purifier
AutoFormat AutoFormat
- Smileys - Smileys
- Syntax highlighting with <pre> and possibly <?php - Syntax highlighting (with GeSHi) with <pre> and possibly <?php
- Look at http://drupal.org/project/Modules/category/63 for ideas - Look at http://drupal.org/project/Modules/category/63 for ideas
Unknown release (on a scratch-an-itch basis) Optimizations
# CHMOD install script for PEAR installs - Reduce size of internal data-structures (esp. HTMLDefinition)
? Have 'lang' attribute be checked against official lists, achieved by - Research memory usage of objects versus arrays
encoding all characters that have string entity equivalents - Combine multiple strategies into a single, single-pass strategy
- Abstract ChildDef_BlockQuote to work with all elements that only - Get PH5P working with the latest versions of DOM, which have much more
allow blocks in them, required or optional stringent error checking procedures. Maybe convert straight to tokens.
- Reorganize Unit Tests - Get rid of set_include_path(). Save this for another major release.
Neat feature related
! Factor demo.php into a set of Printer classes, and then create a stub
file for users here (inside the actual HTML Purifier library)
! Support exporting configuration, so users can easily tweak settings
in the demo, and then copy-paste into their own setup
- Advanced URI filtering schemes (see docs/proposal-new-directives.txt) - Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
- Implement lenient <ruby> child validation - Allow scoped="scoped" attribute in <style> tags; may be troublesome
because regular CSS has no way of uniquely identifying nodes, so we'd
have to generate IDs
- Explain how to use HTML Purifier in non-PHP languages / create - Explain how to use HTML Purifier in non-PHP languages / create
a simple command line stub (or complicated?) a simple command line stub (or complicated?)
- Fixes for Firefox's inability to handle COL alignment props (Bug 915) - Fixes for Firefox's inability to handle COL alignment props (Bug 915)
- Automatically add non-breaking spaces to empty table cells when - Automatically add non-breaking spaces to empty table cells when
empty-cells:show is applied to have compatibility with Internet Explorer empty-cells:show is applied to have compatibility with Internet Explorer
- Table of Contents generation (XHTML Compiler might be reusable). May also
be out-of-band information.
- Full set of color keywords. Also, a way to add onto them without
finalizing the configuration object.
- Write a var_export and memcached DefinitionCache - Denis
- Allow restriction of allowed class values
Maintenance related (slightly boring)
# CHMOD install script for PEAR installs
! Factor out command line parser into its own class, and unit test it
! Nested configuration namespaces
- Distinguish between default settings and explicitly set settings, so - Distinguish between default settings and explicitly set settings, so
configurations can be merged configurations can be merged
- Nested configuration namespaces
- Allow scoped="scoped" attribute in <style> tags; may be troublesome
because regular CSS has no way of uniquely identifying nodes, so we'd
have to generate IDs
- Time PHPT tests - Time PHPT tests
Requested ChildDef related (very boring)
- Abstract ChildDef_BlockQuote to work with all elements that only
allow blocks in them, required or optional
- Implement lenient <ruby> child validation
Wontfix Wontfix
- Non-lossy smart alternate character encoding transformations (unless - Non-lossy smart alternate character encoding transformations (unless
patch provided) patch provided)
- Pretty-printing HTML: users can use Tidy on the output on entire page - Pretty-printing HTML: users can use Tidy on the output on entire page
- Native content compression, whitespace stripping (don't rely on Tidy, make - Native content compression, whitespace stripping: use gzip if this is
sure we don't remove from <pre> or related tags): use gzip if this is
really important really important

2
VERSION
View File

@@ -1 +1 @@
3.1.0rc1 3.1.1

16
WHATSNEW
View File

@@ -1,8 +1,8 @@
Release 3.1.0rc1 is a release candidate aimed primarily at ironing out bugs HTML Purifier 3.1.1 is a security and bugfix release. This release addresses
in HTML Purifier's shiny new __autoload system. There are lots of new features, two security vulnerabilities, both related to CSS, and one of which only
however; some notable ones include support for the !important CSS modifier, applies to users using Shift_JIS as their output encoding. There is also
display and visibility CSS properties with %CSS.AllowTricky, marquee a security improvement regarding the imagecrash attack. There is a backwards
with %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper, incompatible change in which resources are no longer munged
%CSS.AllowedProperties, %HTML.ForbiddenAttributes and %HTML.ForbiddenElements by default; please enable using %URI.MungeResources. Besides this, there
and a totally revamped ConfigDoc system. And of course, the usual slew of are numerous improvements to URI munging, esp. with the addition of
bugfixes. %URI.MungeSecretKey, as well as an experimental %HTML.SafeObject and %HTML.SafeEmbed.

14
benchmarks/ConfigSchema.php Normal file
View File

@@ -0,0 +1,14 @@
<?php
chdir(dirname(__FILE__));
//require_once '../library/HTMLPurifier.path.php';
shell_exec('php ../maintenance/generate-schema-cache.php');
require_once '../library/HTMLPurifier.path.php';
require_once 'HTMLPurifier.includes.php';
$begin = xdebug_memory_usage();
$schema = HTMLPurifier_ConfigSchema::makeFromSerial();
echo xdebug_memory_usage() - $begin;

3
configdoc/generate.php
View File

@@ -15,7 +15,7 @@ TODO:
- add blurbs to ToC - add blurbs to ToC
*/ */
if (version_compare(PHP_VERSION, '5.2.0', '<')) exit('PHP 5.2.0 or greater required.'); if (version_compare(PHP_VERSION, '5.2', '<')) exit('PHP 5.2+ required.');
error_reporting(E_ALL | E_STRICT); error_reporting(E_ALL | E_STRICT);
chdir(dirname(__FILE__)); chdir(dirname(__FILE__));
@@ -38,6 +38,7 @@ $configdoc_xml = 'configdoc.xml';
$xml_builder = new HTMLPurifier_ConfigSchema_Builder_Xml(); $xml_builder = new HTMLPurifier_ConfigSchema_Builder_Xml();
$xml_builder->openURI($configdoc_xml); $xml_builder->openURI($configdoc_xml);
$xml_builder->build($interchange); $xml_builder->build($interchange);
unset($xml_builder); // free handle
$xslt = new ConfigDoc_HTMLXSLTProcessor(); $xslt = new ConfigDoc_HTMLXSLTProcessor();
$xslt->importStylesheet(dirname(__FILE__) . "/styles/$style.xsl"); $xslt->importStylesheet(dirname(__FILE__) . "/styles/$style.xsl");

4
configdoc/styles/plain.xsl
View File

@@ -19,7 +19,7 @@
<xsl:variable name="usageLookup" select="document('../usage.xml')/usage" /> <xsl:variable name="usageLookup" select="document('../usage.xml')/usage" />
<!-- Twiddle this variable to get the columns as even as possible --> <!-- Twiddle this variable to get the columns as even as possible -->
<xsl:variable name="maxNumberAdjust" select="1" /> <xsl:variable name="maxNumberAdjust" select="2" />
<xsl:template match="/"> <xsl:template match="/">
<html lang="en" xml:lang="en"> <html lang="en" xml:lang="en">
@@ -227,7 +227,7 @@
</tr> </tr>
</xsl:template> </xsl:template>
<xsl:template match="constraints/external/project"> <xsl:template match="constraints/external/project">
<xsl:value-of select="." /> <li><xsl:value-of select="." /></li>
</xsl:template> </xsl:template>
</xsl:stylesheet> </xsl:stylesheet>

98
configdoc/usage.xml
View File

@@ -5,7 +5,7 @@
<line>131</line> <line>131</line>
</file> </file>
<file name="HTMLPurifier/Lexer.php"> <file name="HTMLPurifier/Lexer.php">
<line>93</line> <line>85</line>
</file> </file>
<file name="HTMLPurifier/Lexer/DirectLex.php"> <file name="HTMLPurifier/Lexer/DirectLex.php">
<line>50</line> <line>50</line>
@@ -16,24 +16,29 @@
<line>44</line> <line>44</line>
</file> </file>
</directive> </directive>
<directive id="CSS.MaxImgLength">
<file name="HTMLPurifier/CSSDefinition.php">
<line>157</line>
</file>
</directive>
<directive id="CSS.Proprietary"> <directive id="CSS.Proprietary">
<file name="HTMLPurifier/CSSDefinition.php"> <file name="HTMLPurifier/CSSDefinition.php">
<line>201</line> <line>214</line>
</file> </file>
</directive> </directive>
<directive id="CSS.AllowTricky"> <directive id="CSS.AllowTricky">
<file name="HTMLPurifier/CSSDefinition.php"> <file name="HTMLPurifier/CSSDefinition.php">
<line>205</line> <line>218</line>
</file> </file>
</directive> </directive>
<directive id="CSS.AllowImportant"> <directive id="CSS.AllowImportant">
<file name="HTMLPurifier/CSSDefinition.php"> <file name="HTMLPurifier/CSSDefinition.php">
<line>209</line> <line>222</line>
</file> </file>
</directive> </directive>
<directive id="CSS.AllowedProperties"> <directive id="CSS.AllowedProperties">
<file name="HTMLPurifier/CSSDefinition.php"> <file name="HTMLPurifier/CSSDefinition.php">
<line>261</line> <line>274</line>
</file> </file>
</directive> </directive>
<directive id="Cache.DefinitionImpl"> <directive id="Cache.DefinitionImpl">
@@ -64,18 +69,18 @@
<directive id="Core.Encoding"> <directive id="Core.Encoding">
<file name="HTMLPurifier/Encoder.php"> <file name="HTMLPurifier/Encoder.php">
<line>267</line> <line>267</line>
<line>285</line> <line>294</line>
</file> </file>
</directive> </directive>
<directive id="Test.ForceNoIconv"> <directive id="Test.ForceNoIconv">
<file name="HTMLPurifier/Encoder.php"> <file name="HTMLPurifier/Encoder.php">
<line>269</line> <line>272</line>
<line>290</line> <line>302</line>
</file> </file>
</directive> </directive>
<directive id="Core.EscapeNonASCIICharacters"> <directive id="Core.EscapeNonASCIICharacters">
<file name="HTMLPurifier/Encoder.php"> <file name="HTMLPurifier/Encoder.php">
<line>287</line> <line>298</line>
</file> </file>
</directive> </directive>
<directive id="Core.MaintainLineNumbers"> <directive id="Core.MaintainLineNumbers">
@@ -83,7 +88,7 @@
<line>81</line> <line>81</line>
</file> </file>
<file name="HTMLPurifier/Lexer.php"> <file name="HTMLPurifier/Lexer.php">
<line>90</line> <line>82</line>
</file> </file>
<file name="HTMLPurifier/Lexer/DirectLex.php"> <file name="HTMLPurifier/Lexer/DirectLex.php">
<line>45</line> <line>45</line>
@@ -96,47 +101,47 @@
</directive> </directive>
<directive id="Output.TidyFormat"> <directive id="Output.TidyFormat">
<file name="HTMLPurifier/Generator.php"> <file name="HTMLPurifier/Generator.php">
<line>61</line> <line>69</line>
</file> </file>
</directive> </directive>
<directive id="Output.Newline"> <directive id="Output.Newline">
<file name="HTMLPurifier/Generator.php"> <file name="HTMLPurifier/Generator.php">
<line>86</line> <line>83</line>
</file> </file>
</directive> </directive>
<directive id="HTML.BlockWrapper"> <directive id="HTML.BlockWrapper">
<file name="HTMLPurifier/HTMLDefinition.php"> <file name="HTMLPurifier/HTMLDefinition.php">
<line>213</line> <line>222</line>
</file> </file>
</directive> </directive>
<directive id="HTML.Parent"> <directive id="HTML.Parent">
<file name="HTMLPurifier/HTMLDefinition.php"> <file name="HTMLPurifier/HTMLDefinition.php">
<line>221</line> <line>230</line>
</file> </file>
</directive> </directive>
<directive id="HTML.AllowedElements"> <directive id="HTML.AllowedElements">
<file name="HTMLPurifier/HTMLDefinition.php"> <file name="HTMLPurifier/HTMLDefinition.php">
<line>238</line> <line>247</line>
</file> </file>
</directive> </directive>
<directive id="HTML.AllowedAttributes"> <directive id="HTML.AllowedAttributes">
<file name="HTMLPurifier/HTMLDefinition.php"> <file name="HTMLPurifier/HTMLDefinition.php">
<line>239</line> <line>248</line>
</file> </file>
</directive> </directive>
<directive id="HTML.Allowed"> <directive id="HTML.Allowed">
<file name="HTMLPurifier/HTMLDefinition.php"> <file name="HTMLPurifier/HTMLDefinition.php">
<line>242</line> <line>251</line>
</file> </file>
</directive> </directive>
<directive id="HTML.ForbiddenElements"> <directive id="HTML.ForbiddenElements">
<file name="HTMLPurifier/HTMLDefinition.php"> <file name="HTMLPurifier/HTMLDefinition.php">
<line>303</line> <line>337</line>
</file> </file>
</directive> </directive>
<directive id="HTML.ForbiddenAttributes"> <directive id="HTML.ForbiddenAttributes">
<file name="HTMLPurifier/HTMLDefinition.php"> <file name="HTMLPurifier/HTMLDefinition.php">
<line>304</line> <line>338</line>
</file> </file>
</directive> </directive>
<directive id="HTML.Trusted"> <directive id="HTML.Trusted">
@@ -144,7 +149,10 @@
<line>198</line> <line>198</line>
</file> </file>
<file name="HTMLPurifier/Lexer.php"> <file name="HTMLPurifier/Lexer.php">
<line>245</line> <line>238</line>
</file>
<file name="HTMLPurifier/HTMLModule/Image.php">
<line>27</line>
</file> </file>
<file name="HTMLPurifier/Lexer/DirectLex.php"> <file name="HTMLPurifier/Lexer/DirectLex.php">
<line>34</line> <line>34</line>
@@ -165,6 +173,16 @@
<line>220</line> <line>220</line>
</file> </file>
</directive> </directive>
<directive id="HTML.SafeObject">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>225</line>
</file>
</directive>
<directive id="HTML.SafeEmbed">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>228</line>
</file>
</directive>
<directive id="Attr.IDBlacklist"> <directive id="Attr.IDBlacklist">
<file name="HTMLPurifier/IDAccumulator.php"> <file name="HTMLPurifier/IDAccumulator.php">
<line>26</line> <line>26</line>
@@ -172,22 +190,22 @@
</directive> </directive>
<directive id="Core.Language"> <directive id="Core.Language">
<file name="HTMLPurifier/LanguageFactory.php"> <file name="HTMLPurifier/LanguageFactory.php">
<line>85</line> <line>88</line>
</file> </file>
</directive> </directive>
<directive id="Core.LexerImpl"> <directive id="Core.LexerImpl">
<file name="HTMLPurifier/Lexer.php"> <file name="HTMLPurifier/Lexer.php">
<line>78</line> <line>70</line>
</file> </file>
</directive> </directive>
<directive id="Core.ConvertDocumentToFragment"> <directive id="Core.ConvertDocumentToFragment">
<file name="HTMLPurifier/Lexer.php"> <file name="HTMLPurifier/Lexer.php">
<line>237</line> <line>230</line>
</file> </file>
</directive> </directive>
<directive id="URI.Host"> <directive id="URI.Host">
<file name="HTMLPurifier/URIDefinition.php"> <file name="HTMLPurifier/URIDefinition.php">
<line>57</line> <line>64</line>
</file> </file>
<file name="HTMLPurifier/URIFilter/DisableExternal.php"> <file name="HTMLPurifier/URIFilter/DisableExternal.php">
<line>8</line> <line>8</line>
@@ -195,12 +213,12 @@
</directive> </directive>
<directive id="URI.Base"> <directive id="URI.Base">
<file name="HTMLPurifier/URIDefinition.php"> <file name="HTMLPurifier/URIDefinition.php">
<line>58</line> <line>65</line>
</file> </file>
</directive> </directive>
<directive id="URI.DefaultScheme"> <directive id="URI.DefaultScheme">
<file name="HTMLPurifier/URIDefinition.php"> <file name="HTMLPurifier/URIDefinition.php">
<line>65</line> <line>72</line>
</file> </file>
</directive> </directive>
<directive id="URI.AllowedSchemes"> <directive id="URI.AllowedSchemes">
@@ -215,12 +233,7 @@
</directive> </directive>
<directive id="URI.Disable"> <directive id="URI.Disable">
<file name="HTMLPurifier/AttrDef/URI.php"> <file name="HTMLPurifier/AttrDef/URI.php">
<line>24</line> <line>28</line>
</file>
</directive>
<directive id="URI.Munge">
<file name="HTMLPurifier/AttrDef/URI.php">
<line>78</line>
</file> </file>
</directive> </directive>
<directive id="Core.ColorKeywords"> <directive id="Core.ColorKeywords">
@@ -305,6 +318,17 @@
<line>123</line> <line>123</line>
</file> </file>
</directive> </directive>
<directive id="HTML.MaxImgLength">
<file name="HTMLPurifier/HTMLModule/Image.php">
<line>14</line>
</file>
<file name="HTMLPurifier/HTMLModule/SafeEmbed.php">
<line>13</line>
</file>
<file name="HTMLPurifier/HTMLModule/SafeObject.php">
<line>19</line>
</file>
</directive>
<directive id="HTML.TidyLevel"> <directive id="HTML.TidyLevel">
<file name="HTMLPurifier/HTMLModule/Tidy.php"> <file name="HTMLPurifier/HTMLModule/Tidy.php">
<line>45</line> <line>45</line>
@@ -358,4 +382,14 @@
<line>8</line> <line>8</line>
</file> </file>
</directive> </directive>
<directive id="URI.MungeResources">
<file name="HTMLPurifier/URIFilter/Munge.php">
<line>14</line>
</file>
</directive>
<directive id="URI.MungeSecretKey">
<file name="HTMLPurifier/URIFilter/Munge.php">
<line>15</line>
</file>
</directive>
</usage> </usage>

2
docs/dev-config-schema.html
View File

@@ -367,7 +367,7 @@ Test.Example</pre>
For example, <code>HTMLPurifier_ConfigSchema_Builder_ConfigSchema</code> For example, <code>HTMLPurifier_ConfigSchema_Builder_ConfigSchema</code>
generates a runtime <code>HTMLPurifier_ConfigSchema</code> object, generates a runtime <code>HTMLPurifier_ConfigSchema</code> object,
which <code>HTMLPurifier_Config</code> uses to validate its incoming which <code>HTMLPurifier_Config</code> uses to validate its incoming
data. There is also a planned documentation builder. data. There is also an XML serializer, which is used to build documentation.
</p> </p>
<div id="version">$Id$</div> <div id="version">$Id$</div>

12
docs/enduser-customize.html
View File

@@ -158,7 +158,7 @@
<pre>$config = HTMLPurifier_Config::createDefault(); <pre>$config = HTMLPurifier_Config::createDefault();
$config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial'); $config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial');
$config->set('HTML', 'DefinitionRev', 1); $config->set('HTML', 'DefinitionRev', 1);
$def =& $config->getHTMLDefinition(true);</pre> $def = $config->getHTMLDefinition(true);</pre>
<p> <p>
Assuming that HTML Purifier has already been properly loaded (hint: Assuming that HTML Purifier has already been properly loaded (hint:
@@ -214,7 +214,7 @@ $def =& $config->getHTMLDefinition(true);</pre>
$config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial'); $config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial');
$config->set('HTML', 'DefinitionRev', 1); $config->set('HTML', 'DefinitionRev', 1);
<strong>$config->set('Core', 'DefinitionCache', null); // remove this later!</strong> <strong>$config->set('Core', 'DefinitionCache', null); // remove this later!</strong>
$def =& $config->getHTMLDefinition(true);</pre> $def = $config->getHTMLDefinition(true);</pre>
<p> <p>
A few things should be mentioned about the caching mechanism before A few things should be mentioned about the caching mechanism before
@@ -270,7 +270,7 @@ $def =& $config->getHTMLDefinition(true);</pre>
$config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial'); $config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial');
$config->set('HTML', 'DefinitionRev', 1); $config->set('HTML', 'DefinitionRev', 1);
$config->set('Core', 'DefinitionCache', null); // remove this later! $config->set('Core', 'DefinitionCache', null); // remove this later!
$def =& $config->getHTMLDefinition(true); $def = $config->getHTMLDefinition(true);
<strong>$def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');</strong></pre> <strong>$def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');</strong></pre>
<p> <p>
@@ -388,7 +388,7 @@ $def =& $config->getHTMLDefinition(true);
$config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial'); $config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial');
$config->set('HTML', 'DefinitionRev', 1); $config->set('HTML', 'DefinitionRev', 1);
$config->set('Core', 'DefinitionCache', null); // remove this later! $config->set('Core', 'DefinitionCache', null); // remove this later!
$def =& $config->getHTMLDefinition(true); $def = $config->getHTMLDefinition(true);
<strong>$def->addAttribute('a', 'target', new HTMLPurifier_AttrDef_Enum( <strong>$def->addAttribute('a', 'target', new HTMLPurifier_AttrDef_Enum(
array('_blank','_self','_target','_top') array('_blank','_self','_target','_top')
));</strong></pre> ));</strong></pre>
@@ -735,11 +735,11 @@ $def =& $config->getHTMLDefinition(true);
$config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial'); $config->set('HTML', 'DefinitionID', 'enduser-customize.html tutorial');
$config->set('HTML', 'DefinitionRev', 1); $config->set('HTML', 'DefinitionRev', 1);
$config->set('Core', 'DefinitionCache', null); // remove this later! $config->set('Core', 'DefinitionCache', null); // remove this later!
$def =& $config->getHTMLDefinition(true); $def = $config->getHTMLDefinition(true);
$def->addAttribute('a', 'target', new HTMLPurifier_AttrDef_Enum( $def->addAttribute('a', 'target', new HTMLPurifier_AttrDef_Enum(
array('_blank','_self','_target','_top') array('_blank','_self','_target','_top')
)); ));
<strong>$form =& $def->addElement( <strong>$form = $def->addElement(
'form', // name 'form', // name
'Block', // content set 'Block', // content set
'Flow', // allowed children 'Flow', // allowed children

57
docs/enduser-uri-filter.html
View File

@@ -35,7 +35,7 @@
{ {
public $name = '<strong>NameOfFilter</strong>'; public $name = '<strong>NameOfFilter</strong>';
public function prepare($config) {} public function prepare($config) {}
public function filter(&$uri, $config, &$context) {} public function filter(&$uri, $config, $context) {}
}</pre> }</pre>
<p> <p>
@@ -60,8 +60,8 @@
public function HTMLPurifier_URI($scheme, $userinfo, $host, $port, $path, $query, $fragment); public function HTMLPurifier_URI($scheme, $userinfo, $host, $port, $path, $query, $fragment);
public function toString(); public function toString();
public function copy(); public function copy();
public function getSchemeObj($config, &$context); public function getSchemeObj($config, $context);
public function validate($config, &$context); public function validate($config, $context);
}</pre> }</pre>
<p> <p>
@@ -130,30 +130,26 @@
</p> </p>
<p> <p>
Let's suppose I wanted to write a filter that de-internationalized domain Let's suppose I wanted to write a filter that converted links with a
names by converting them to <a href="http://en.wikipedia.org/wiki/Punycode">Punycode</a>. custom <code>image</code> scheme to its corresponding real path on
Assuming that <code>punycode_encode($input)</code> converts <code>$input</code> to our website:
Punycode and returns <code>false</code> on failure:
</p> </p>
<pre>class HTMLPurifier_URIFilter_ConvertIDNToPunycode extends HTMLPurifier_URIFilter <pre>class HTMLPurifier_URIFilter_TransformImageScheme extends HTMLPurifier_URIFilter
{ {
public $name = 'ConvertIDNToPunycode'; public $name = 'TransformImageScheme';
public function filter(&$uri, $config, &$context) { public function filter(&$uri, $config, $context) {
if (is_null($uri->host)) return true; if ($uri->scheme !== 'image') return true;
if ($uri->host == utf8_decode($uri->host)) { $img_name = $uri->path;
// is ASCII, abort // Overwrite the previous URI object
return true; $uri = new HTMLPurifier_URI('http', null, null, null, '/img/' . $img_name . '.png', null, null);
}
$host = punycode_encode($uri->host);
if ($host === false) return false;
$uri->host = $host;
return true; return true;
} }
}</pre> }</pre>
<p> <p>
Notice I did not <code>return $uri;</code>. Notice I did not <code>return $uri;</code>. This filter would turn
<code>image:Foo</code> into <code>/img/Foo.png</code>.
</p> </p>
<h2>Activating your filter</h2> <h2>Activating your filter</h2>
@@ -163,7 +159,7 @@
to use it. Fortunately, this part's simple: to use it. Fortunately, this part's simple:
</p> </p>
<pre>$uri =& $config->getDefinition('URI'); <pre>$uri = $config->getDefinition('URI');
$uri->addFilter(new HTMLPurifier_URIFilter_<strong>NameOfFilter</strong>());</pre> $uri->addFilter(new HTMLPurifier_URIFilter_<strong>NameOfFilter</strong>());</pre>
<p> <p>
@@ -177,7 +173,7 @@ $uri->addFilter(new HTMLPurifier_URIFilter_<strong>NameOfFilter</strong>());</pr
'URI', '<strong>NameOfFilter</strong>', false, 'bool', 'URI', '<strong>NameOfFilter</strong>', false, 'bool',
'<strong>What your filter does.</strong>' '<strong>What your filter does.</strong>'
); );
$uri =& $config->getDefinition('URI', true); $uri = $config->getDefinition('URI', true);
$uri->registerFilter(new HTMLPurifier_URIFilter_<strong>NameOfFilter</strong>()); $uri->registerFilter(new HTMLPurifier_URIFilter_<strong>NameOfFilter</strong>());
</pre> </pre>
@@ -186,6 +182,25 @@ $uri->registerFilter(new HTMLPurifier_URIFilter_<strong>NameOfFilter</strong>())
is set to true. is set to true.
</p> </p>
<h2>Post-filter</h2>
<p>
Remember our TransformImageScheme filter? That filter acted before we had
performed scheme validation; otherwise, the URI would have been filtered
out when it was discovered that there was no image scheme. Well, a post-filter
is run after scheme specific validation, so it's ideal for bulk
post-processing of URIs, including munging. To specify a URI as a post-filter,
set the <code>$post</code> member variable to TRUE.
</p>
<pre>class HTMLPurifier_URIFilter_MyPostFilter extends HTMLPurifier_URIFilter
{
public $name = 'MyPostFilter';
public $post = true;
// ... extra code here
}
</pre>
<h2>Examples</h2> <h2>Examples</h2>
<p> <p>

4
docs/enduser-youtube.html
View File

@@ -75,9 +75,7 @@ passes through HTML Purifier <em>unharmed</em>.
<p>And the corresponding usage:</p> <p>And the corresponding usage:</p>
<pre>&lt;?php <pre>&lt;?php
// assuming $purifier is an instance of HTMLPurifier $config->set('Filter', 'YouTube', true);
require_once 'HTMLPurifier/Filter/YouTube.php';
$purifier-&gt;addFilter(new HTMLPurifier_Filter_YouTube());
?&gt;</pre> ?&gt;</pre>
<p>There is a bit going in the two code snippets, so let's explain.</p> <p>There is a bit going in the two code snippets, so let's explain.</p>

16
docs/specimens/LICENSE
View File

@@ -1,8 +1,8 @@
Licensing of Specimens Licensing of Specimens
Some files in this directory have different licenses: Some files in this directory have different licenses:
windows-live-mail-desktop-beta.html - donated by laacz, public domain windows-live-mail-desktop-beta.html - donated by laacz, public domain
img.png - LGPL, from <http://commons.wikimedia.org/wiki/Image:Pastille_chrome.png> img.png - LGPL, from <http://commons.wikimedia.org/wiki/Image:Pastille_chrome.png>
All other files are by me, and are licensed under LGPL. All other files are by me, and are licensed under LGPL.

129
docs/specimens/jochem-blok-word.html Normal file
View File

@@ -0,0 +1,129 @@
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
..shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Verdana","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Verdana","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
..MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=NL link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><img width=1277 height=994 id="Picture_x0020_1"
src="cid:image001.png@01C8CBDF.5D1BAEE0"><o:p></o:p></p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><b>Name<o:p></o:p></b></p>
<p class=MsoNormal>E-mail : <a href="mailto:mail@example.com"><span
style='color:windowtext'>mail@example.com</span></a><o:p></o:p></p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><b>Company<o:p></o:p></b></p>
<p class=MsoNormal>Address 1<o:p></o:p></p>
<p class=MsoNormal>Address 2<o:p></o:p></p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal>Telefoon&nbsp; : +xx xx xxx xxx xx <span style='color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'>Fax&nbsp; : +xx xx xxx xx xx<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'>Internet : </span><span
style='color:black'><a href="http://www.example.com/"><span lang=EN-US
style='color:black'>http://www.example.com</span></a></span><span
lang=EN-US style='color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'>Kamer van koophandel
xxxxxxxxx<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:7.5pt;color:black'>Op deze
e-mail is een disclaimer van toepassing, ga naar </span><span lang=EN-US
style='font-size:7.5pt'><a
href="http://www.example.com/disclaimer"><span
style='color:black'>www.example.com/disclaimer</span></a><br>
<span style='color:black'>A disclaimer is applicable to this email, please
refer to </span><a href="http://www.example.com/disclaimer"><span
style='color:black'>www.example.com/disclaimer</span></a><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p>
</div>
</body>
</html>

19
library/HTMLPurifier.includes.php
View File

@@ -7,7 +7,7 @@
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run. * FILE, changes will be overwritten the next time the script is run.
* *
* @version 3.0.0 * @version 3.1.1
* *
* @warning * @warning
* You must *not* include any other HTML Purifier files before this file, * You must *not* include any other HTML Purifier files before this file,
@@ -29,7 +29,6 @@ require 'HTMLPurifier/Definition.php';
require 'HTMLPurifier/CSSDefinition.php'; require 'HTMLPurifier/CSSDefinition.php';
require 'HTMLPurifier/ChildDef.php'; require 'HTMLPurifier/ChildDef.php';
require 'HTMLPurifier/Config.php'; require 'HTMLPurifier/Config.php';
require 'HTMLPurifier/ConfigDef.php';
require 'HTMLPurifier/ConfigSchema.php'; require 'HTMLPurifier/ConfigSchema.php';
require 'HTMLPurifier/ContentSets.php'; require 'HTMLPurifier/ContentSets.php';
require 'HTMLPurifier/Context.php'; require 'HTMLPurifier/Context.php';
@@ -41,7 +40,6 @@ require 'HTMLPurifier/ElementDef.php';
require 'HTMLPurifier/Encoder.php'; require 'HTMLPurifier/Encoder.php';
require 'HTMLPurifier/EntityLookup.php'; require 'HTMLPurifier/EntityLookup.php';
require 'HTMLPurifier/EntityParser.php'; require 'HTMLPurifier/EntityParser.php';
require 'HTMLPurifier/Error.php';
require 'HTMLPurifier/ErrorCollector.php'; require 'HTMLPurifier/ErrorCollector.php';
require 'HTMLPurifier/Exception.php'; require 'HTMLPurifier/Exception.php';
require 'HTMLPurifier/Filter.php'; require 'HTMLPurifier/Filter.php';
@@ -53,6 +51,7 @@ require 'HTMLPurifier/IDAccumulator.php';
require 'HTMLPurifier/Injector.php'; require 'HTMLPurifier/Injector.php';
require 'HTMLPurifier/Language.php'; require 'HTMLPurifier/Language.php';
require 'HTMLPurifier/LanguageFactory.php'; require 'HTMLPurifier/LanguageFactory.php';
require 'HTMLPurifier/Length.php';
require 'HTMLPurifier/Lexer.php'; require 'HTMLPurifier/Lexer.php';
require 'HTMLPurifier/PercentEncoder.php'; require 'HTMLPurifier/PercentEncoder.php';
require 'HTMLPurifier/Strategy.php'; require 'HTMLPurifier/Strategy.php';
@@ -67,12 +66,14 @@ require 'HTMLPurifier/URIFilter.php';
require 'HTMLPurifier/URIParser.php'; require 'HTMLPurifier/URIParser.php';
require 'HTMLPurifier/URIScheme.php'; require 'HTMLPurifier/URIScheme.php';
require 'HTMLPurifier/URISchemeRegistry.php'; require 'HTMLPurifier/URISchemeRegistry.php';
require 'HTMLPurifier/UnitConverter.php';
require 'HTMLPurifier/VarParser.php'; require 'HTMLPurifier/VarParser.php';
require 'HTMLPurifier/VarParserException.php'; require 'HTMLPurifier/VarParserException.php';
require 'HTMLPurifier/AttrDef/CSS.php'; require 'HTMLPurifier/AttrDef/CSS.php';
require 'HTMLPurifier/AttrDef/Enum.php'; require 'HTMLPurifier/AttrDef/Enum.php';
require 'HTMLPurifier/AttrDef/Integer.php'; require 'HTMLPurifier/AttrDef/Integer.php';
require 'HTMLPurifier/AttrDef/Lang.php'; require 'HTMLPurifier/AttrDef/Lang.php';
require 'HTMLPurifier/AttrDef/Switch.php';
require 'HTMLPurifier/AttrDef/Text.php'; require 'HTMLPurifier/AttrDef/Text.php';
require 'HTMLPurifier/AttrDef/URI.php'; require 'HTMLPurifier/AttrDef/URI.php';
require 'HTMLPurifier/AttrDef/CSS/Number.php'; require 'HTMLPurifier/AttrDef/CSS/Number.php';
@@ -82,6 +83,7 @@ require 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
require 'HTMLPurifier/AttrDef/CSS/Border.php'; require 'HTMLPurifier/AttrDef/CSS/Border.php';
require 'HTMLPurifier/AttrDef/CSS/Color.php'; require 'HTMLPurifier/AttrDef/CSS/Color.php';
require 'HTMLPurifier/AttrDef/CSS/Composite.php'; require 'HTMLPurifier/AttrDef/CSS/Composite.php';
require 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
require 'HTMLPurifier/AttrDef/CSS/Filter.php'; require 'HTMLPurifier/AttrDef/CSS/Filter.php';
require 'HTMLPurifier/AttrDef/CSS/Font.php'; require 'HTMLPurifier/AttrDef/CSS/Font.php';
require 'HTMLPurifier/AttrDef/CSS/FontFamily.php'; require 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
@@ -116,6 +118,10 @@ require 'HTMLPurifier/AttrTransform/ImgSpace.php';
require 'HTMLPurifier/AttrTransform/Lang.php'; require 'HTMLPurifier/AttrTransform/Lang.php';
require 'HTMLPurifier/AttrTransform/Length.php'; require 'HTMLPurifier/AttrTransform/Length.php';
require 'HTMLPurifier/AttrTransform/Name.php'; require 'HTMLPurifier/AttrTransform/Name.php';
require 'HTMLPurifier/AttrTransform/SafeEmbed.php';
require 'HTMLPurifier/AttrTransform/SafeObject.php';
require 'HTMLPurifier/AttrTransform/SafeParam.php';
require 'HTMLPurifier/AttrTransform/ScriptRequired.php';
require 'HTMLPurifier/ChildDef/Chameleon.php'; require 'HTMLPurifier/ChildDef/Chameleon.php';
require 'HTMLPurifier/ChildDef/Custom.php'; require 'HTMLPurifier/ChildDef/Custom.php';
require 'HTMLPurifier/ChildDef/Empty.php'; require 'HTMLPurifier/ChildDef/Empty.php';
@@ -123,9 +129,6 @@ require 'HTMLPurifier/ChildDef/Required.php';
require 'HTMLPurifier/ChildDef/Optional.php'; require 'HTMLPurifier/ChildDef/Optional.php';
require 'HTMLPurifier/ChildDef/StrictBlockquote.php'; require 'HTMLPurifier/ChildDef/StrictBlockquote.php';
require 'HTMLPurifier/ChildDef/Table.php'; require 'HTMLPurifier/ChildDef/Table.php';
require 'HTMLPurifier/ConfigDef/Directive.php';
require 'HTMLPurifier/ConfigDef/DirectiveAlias.php';
require 'HTMLPurifier/ConfigDef/Namespace.php';
require 'HTMLPurifier/DefinitionCache/Decorator.php'; require 'HTMLPurifier/DefinitionCache/Decorator.php';
require 'HTMLPurifier/DefinitionCache/Null.php'; require 'HTMLPurifier/DefinitionCache/Null.php';
require 'HTMLPurifier/DefinitionCache/Serializer.php'; require 'HTMLPurifier/DefinitionCache/Serializer.php';
@@ -143,6 +146,8 @@ require 'HTMLPurifier/HTMLModule/Object.php';
require 'HTMLPurifier/HTMLModule/Presentation.php'; require 'HTMLPurifier/HTMLModule/Presentation.php';
require 'HTMLPurifier/HTMLModule/Proprietary.php'; require 'HTMLPurifier/HTMLModule/Proprietary.php';
require 'HTMLPurifier/HTMLModule/Ruby.php'; require 'HTMLPurifier/HTMLModule/Ruby.php';
require 'HTMLPurifier/HTMLModule/SafeEmbed.php';
require 'HTMLPurifier/HTMLModule/SafeObject.php';
require 'HTMLPurifier/HTMLModule/Scripting.php'; require 'HTMLPurifier/HTMLModule/Scripting.php';
require 'HTMLPurifier/HTMLModule/StyleAttribute.php'; require 'HTMLPurifier/HTMLModule/StyleAttribute.php';
require 'HTMLPurifier/HTMLModule/Tables.php'; require 'HTMLPurifier/HTMLModule/Tables.php';
@@ -158,6 +163,7 @@ require 'HTMLPurifier/HTMLModule/Tidy/XHTML.php';
require 'HTMLPurifier/Injector/AutoParagraph.php'; require 'HTMLPurifier/Injector/AutoParagraph.php';
require 'HTMLPurifier/Injector/Linkify.php'; require 'HTMLPurifier/Injector/Linkify.php';
require 'HTMLPurifier/Injector/PurifierLinkify.php'; require 'HTMLPurifier/Injector/PurifierLinkify.php';
require 'HTMLPurifier/Injector/SafeObject.php';
require 'HTMLPurifier/Lexer/DOMLex.php'; require 'HTMLPurifier/Lexer/DOMLex.php';
require 'HTMLPurifier/Lexer/DirectLex.php'; require 'HTMLPurifier/Lexer/DirectLex.php';
require 'HTMLPurifier/Strategy/Composite.php'; require 'HTMLPurifier/Strategy/Composite.php';
@@ -178,6 +184,7 @@ require 'HTMLPurifier/URIFilter/DisableExternal.php';
require 'HTMLPurifier/URIFilter/DisableExternalResources.php'; require 'HTMLPurifier/URIFilter/DisableExternalResources.php';
require 'HTMLPurifier/URIFilter/HostBlacklist.php'; require 'HTMLPurifier/URIFilter/HostBlacklist.php';
require 'HTMLPurifier/URIFilter/MakeAbsolute.php'; require 'HTMLPurifier/URIFilter/MakeAbsolute.php';
require 'HTMLPurifier/URIFilter/Munge.php';
require 'HTMLPurifier/URIScheme/ftp.php'; require 'HTMLPurifier/URIScheme/ftp.php';
require 'HTMLPurifier/URIScheme/http.php'; require 'HTMLPurifier/URIScheme/http.php';
require 'HTMLPurifier/URIScheme/https.php'; require 'HTMLPurifier/URIScheme/https.php';

31
library/HTMLPurifier.php
View File

@@ -15,13 +15,11 @@
* -# Generating HTML from the purified tokens. * -# Generating HTML from the purified tokens.
* *
* However, most users will only need to interface with the HTMLPurifier * However, most users will only need to interface with the HTMLPurifier
* class, so this massive amount of infrastructure is usually concealed. * and HTMLPurifier_Config.
* If you plan on working with the internals, be sure to include
* HTMLPurifier_ConfigSchema and HTMLPurifier_Config.
*/ */
/* /*
HTML Purifier 3.1.0rc1 - Standards Compliant HTML Filtering HTML Purifier 3.1.1 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or This library is free software; you can redistribute it and/or
@@ -57,7 +55,10 @@ class HTMLPurifier
{ {
/** Version of HTML Purifier */ /** Version of HTML Purifier */
public $version = '3.1.0rc1'; public $version = '3.1.1';
/** Constant with version of HTML Purifier */
const VERSION = '3.1.1';
/** Global configuration object */ /** Global configuration object */
public $config; public $config;
@@ -89,7 +90,6 @@ class HTMLPurifier
$this->config = HTMLPurifier_Config::create($config); $this->config = HTMLPurifier_Config::create($config);
$this->strategy = new HTMLPurifier_Strategy_Core(); $this->strategy = new HTMLPurifier_Strategy_Core();
$this->generator = new HTMLPurifier_Generator();
} }
@@ -123,8 +123,8 @@ class HTMLPurifier
$context = new HTMLPurifier_Context(); $context = new HTMLPurifier_Context();
// our friendly neighborhood generator, all primed with configuration too! // setup HTML generator
$this->generator->generateFromTokens(array(), $config, $context); $this->generator = new HTMLPurifier_Generator($config, $context);
$context->register('Generator', $this->generator); $context->register('Generator', $this->generator);
// set up global context variables // set up global context variables
@@ -177,8 +177,7 @@ class HTMLPurifier
$html, $config, $context $html, $config, $context
), ),
$config, $context $config, $context
), )
$config, $context
); );
for ($i = $filter_size - 1; $i >= 0; $i--) { for ($i = $filter_size - 1; $i >= 0; $i--) {
@@ -209,9 +208,10 @@ class HTMLPurifier
/** /**
* Singleton for enforcing just one HTML Purifier in your system * Singleton for enforcing just one HTML Purifier in your system
* @param $prototype Optional prototype HTMLPurifier instance to * @param $prototype Optional prototype HTMLPurifier instance to
* overload singleton with. * overload singleton with, or HTMLPurifier_Config
* instance to configure the generated version with.
*/ */
public static function getInstance($prototype = null) { public static function instance($prototype = null) {
if (!self::$instance || $prototype) { if (!self::$instance || $prototype) {
if ($prototype instanceof HTMLPurifier) { if ($prototype instanceof HTMLPurifier) {
self::$instance = $prototype; self::$instance = $prototype;
@@ -224,4 +224,11 @@ class HTMLPurifier
return self::$instance; return self::$instance;
} }
/**
* @note Backwards compatibility, see instance()
*/
public static function getInstance($prototype = null) {
return HTMLPurifier::instance($prototype);
}
} }

371
library/HTMLPurifier.safe-includes.php
View File

@@ -1,182 +1,189 @@
<?php <?php
/** /**
* @file * @file
* This file was auto-generated by generate-includes.php and includes all of * This file was auto-generated by generate-includes.php and includes all of
* the core files required by HTML Purifier. This is a convenience stub that * the core files required by HTML Purifier. This is a convenience stub that
* includes all files using dirname(__FILE__) and require_once. PLEASE DO NOT * includes all files using dirname(__FILE__) and require_once. PLEASE DO NOT
* EDIT THIS FILE, changes will be overwritten the next time the script is run. * EDIT THIS FILE, changes will be overwritten the next time the script is run.
* *
* Changes to include_path are not necessary. * Changes to include_path are not necessary.
*/ */
$__dir = dirname(__FILE__); $__dir = dirname(__FILE__);
require_once $__dir . '/HTMLPurifier.php'; require_once $__dir . '/HTMLPurifier.php';
require_once $__dir . '/HTMLPurifier/AttrCollections.php'; require_once $__dir . '/HTMLPurifier/AttrCollections.php';
require_once $__dir . '/HTMLPurifier/AttrDef.php'; require_once $__dir . '/HTMLPurifier/AttrDef.php';
require_once $__dir . '/HTMLPurifier/AttrTransform.php'; require_once $__dir . '/HTMLPurifier/AttrTransform.php';
require_once $__dir . '/HTMLPurifier/AttrTypes.php'; require_once $__dir . '/HTMLPurifier/AttrTypes.php';
require_once $__dir . '/HTMLPurifier/AttrValidator.php'; require_once $__dir . '/HTMLPurifier/AttrValidator.php';
require_once $__dir . '/HTMLPurifier/Bootstrap.php'; require_once $__dir . '/HTMLPurifier/Bootstrap.php';
require_once $__dir . '/HTMLPurifier/Definition.php'; require_once $__dir . '/HTMLPurifier/Definition.php';
require_once $__dir . '/HTMLPurifier/CSSDefinition.php'; require_once $__dir . '/HTMLPurifier/CSSDefinition.php';
require_once $__dir . '/HTMLPurifier/ChildDef.php'; require_once $__dir . '/HTMLPurifier/ChildDef.php';
require_once $__dir . '/HTMLPurifier/Config.php'; require_once $__dir . '/HTMLPurifier/Config.php';
require_once $__dir . '/HTMLPurifier/ConfigDef.php'; require_once $__dir . '/HTMLPurifier/ConfigSchema.php';
require_once $__dir . '/HTMLPurifier/ConfigSchema.php'; require_once $__dir . '/HTMLPurifier/ContentSets.php';
require_once $__dir . '/HTMLPurifier/ContentSets.php'; require_once $__dir . '/HTMLPurifier/Context.php';
require_once $__dir . '/HTMLPurifier/Context.php'; require_once $__dir . '/HTMLPurifier/DefinitionCache.php';
require_once $__dir . '/HTMLPurifier/DefinitionCache.php'; require_once $__dir . '/HTMLPurifier/DefinitionCacheFactory.php';
require_once $__dir . '/HTMLPurifier/DefinitionCacheFactory.php'; require_once $__dir . '/HTMLPurifier/Doctype.php';
require_once $__dir . '/HTMLPurifier/Doctype.php'; require_once $__dir . '/HTMLPurifier/DoctypeRegistry.php';
require_once $__dir . '/HTMLPurifier/DoctypeRegistry.php'; require_once $__dir . '/HTMLPurifier/ElementDef.php';
require_once $__dir . '/HTMLPurifier/ElementDef.php'; require_once $__dir . '/HTMLPurifier/Encoder.php';
require_once $__dir . '/HTMLPurifier/Encoder.php'; require_once $__dir . '/HTMLPurifier/EntityLookup.php';
require_once $__dir . '/HTMLPurifier/EntityLookup.php'; require_once $__dir . '/HTMLPurifier/EntityParser.php';
require_once $__dir . '/HTMLPurifier/EntityParser.php'; require_once $__dir . '/HTMLPurifier/ErrorCollector.php';
require_once $__dir . '/HTMLPurifier/Error.php'; require_once $__dir . '/HTMLPurifier/Exception.php';
require_once $__dir . '/HTMLPurifier/ErrorCollector.php'; require_once $__dir . '/HTMLPurifier/Filter.php';
require_once $__dir . '/HTMLPurifier/Exception.php'; require_once $__dir . '/HTMLPurifier/Generator.php';
require_once $__dir . '/HTMLPurifier/Filter.php'; require_once $__dir . '/HTMLPurifier/HTMLDefinition.php';
require_once $__dir . '/HTMLPurifier/Generator.php'; require_once $__dir . '/HTMLPurifier/HTMLModule.php';
require_once $__dir . '/HTMLPurifier/HTMLDefinition.php'; require_once $__dir . '/HTMLPurifier/HTMLModuleManager.php';
require_once $__dir . '/HTMLPurifier/HTMLModule.php'; require_once $__dir . '/HTMLPurifier/IDAccumulator.php';
require_once $__dir . '/HTMLPurifier/HTMLModuleManager.php'; require_once $__dir . '/HTMLPurifier/Injector.php';
require_once $__dir . '/HTMLPurifier/IDAccumulator.php'; require_once $__dir . '/HTMLPurifier/Language.php';
require_once $__dir . '/HTMLPurifier/Injector.php'; require_once $__dir . '/HTMLPurifier/LanguageFactory.php';
require_once $__dir . '/HTMLPurifier/Language.php'; require_once $__dir . '/HTMLPurifier/Length.php';
require_once $__dir . '/HTMLPurifier/LanguageFactory.php'; require_once $__dir . '/HTMLPurifier/Lexer.php';
require_once $__dir . '/HTMLPurifier/Lexer.php'; require_once $__dir . '/HTMLPurifier/PercentEncoder.php';
require_once $__dir . '/HTMLPurifier/PercentEncoder.php'; require_once $__dir . '/HTMLPurifier/Strategy.php';
require_once $__dir . '/HTMLPurifier/Strategy.php'; require_once $__dir . '/HTMLPurifier/StringHash.php';
require_once $__dir . '/HTMLPurifier/StringHash.php'; require_once $__dir . '/HTMLPurifier/StringHashParser.php';
require_once $__dir . '/HTMLPurifier/StringHashParser.php'; require_once $__dir . '/HTMLPurifier/TagTransform.php';
require_once $__dir . '/HTMLPurifier/TagTransform.php'; require_once $__dir . '/HTMLPurifier/Token.php';
require_once $__dir . '/HTMLPurifier/Token.php'; require_once $__dir . '/HTMLPurifier/TokenFactory.php';
require_once $__dir . '/HTMLPurifier/TokenFactory.php'; require_once $__dir . '/HTMLPurifier/URI.php';
require_once $__dir . '/HTMLPurifier/URI.php'; require_once $__dir . '/HTMLPurifier/URIDefinition.php';
require_once $__dir . '/HTMLPurifier/URIDefinition.php'; require_once $__dir . '/HTMLPurifier/URIFilter.php';
require_once $__dir . '/HTMLPurifier/URIFilter.php'; require_once $__dir . '/HTMLPurifier/URIParser.php';
require_once $__dir . '/HTMLPurifier/URIParser.php'; require_once $__dir . '/HTMLPurifier/URIScheme.php';
require_once $__dir . '/HTMLPurifier/URIScheme.php'; require_once $__dir . '/HTMLPurifier/URISchemeRegistry.php';
require_once $__dir . '/HTMLPurifier/URISchemeRegistry.php'; require_once $__dir . '/HTMLPurifier/UnitConverter.php';
require_once $__dir . '/HTMLPurifier/VarParser.php'; require_once $__dir . '/HTMLPurifier/VarParser.php';
require_once $__dir . '/HTMLPurifier/VarParserException.php'; require_once $__dir . '/HTMLPurifier/VarParserException.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Enum.php'; require_once $__dir . '/HTMLPurifier/AttrDef/Enum.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Integer.php'; require_once $__dir . '/HTMLPurifier/AttrDef/Integer.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Lang.php'; require_once $__dir . '/HTMLPurifier/AttrDef/Lang.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Text.php'; require_once $__dir . '/HTMLPurifier/AttrDef/Switch.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI.php'; require_once $__dir . '/HTMLPurifier/AttrDef/Text.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Number.php'; require_once $__dir . '/HTMLPurifier/AttrDef/URI.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/AlphaValue.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Number.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Background.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/AlphaValue.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Background.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Border.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Color.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Border.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Composite.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Color.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Filter.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Composite.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Font.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/FontFamily.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Filter.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Font.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/FontFamily.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Multiple.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Multiple.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php'; require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Length.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/LinkTypes.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/MultiLength.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Length.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/LinkTypes.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/MultiLength.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Host.php'; require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv4.php'; require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv6.php'; require_once $__dir . '/HTMLPurifier/AttrDef/URI/Host.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php'; require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv4.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/BdoDir.php'; require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv6.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/BgColor.php'; require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/BoolToCSS.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/BdoDir.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Border.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/BgColor.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/EnumToCSS.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/BoolToCSS.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/ImgRequired.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Border.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/ImgSpace.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/EnumToCSS.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/ImgRequired.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/ImgSpace.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Empty.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Required.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Optional.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php';
require_once $__dir . '/HTMLPurifier/ChildDef/StrictBlockquote.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/ScriptRequired.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Table.php'; require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php';
require_once $__dir . '/HTMLPurifier/ConfigDef/Directive.php'; require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php';
require_once $__dir . '/HTMLPurifier/ConfigDef/DirectiveAlias.php'; require_once $__dir . '/HTMLPurifier/ChildDef/Empty.php';
require_once $__dir . '/HTMLPurifier/ConfigDef/Namespace.php'; require_once $__dir . '/HTMLPurifier/ChildDef/Required.php';
require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator.php'; require_once $__dir . '/HTMLPurifier/ChildDef/Optional.php';
require_once $__dir . '/HTMLPurifier/DefinitionCache/Null.php'; require_once $__dir . '/HTMLPurifier/ChildDef/StrictBlockquote.php';
require_once $__dir . '/HTMLPurifier/DefinitionCache/Serializer.php'; require_once $__dir . '/HTMLPurifier/ChildDef/Table.php';
require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php'; require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator.php';
require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Memory.php'; require_once $__dir . '/HTMLPurifier/DefinitionCache/Null.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Bdo.php'; require_once $__dir . '/HTMLPurifier/DefinitionCache/Serializer.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/CommonAttributes.php'; require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Edit.php'; require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Memory.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Hypertext.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Bdo.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/CommonAttributes.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Edit.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/List.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Hypertext.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/List.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Ruby.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Scripting.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/StyleAttribute.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tables.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Ruby.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Target.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/SafeEmbed.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Text.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/SafeObject.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Scripting.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/XMLCommonAttributes.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/StyleAttribute.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Proprietary.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Tables.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Target.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Strict.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Text.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Transitional.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTML.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
require_once $__dir . '/HTMLPurifier/Injector/AutoParagraph.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
require_once $__dir . '/HTMLPurifier/Injector/Linkify.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Strict.php';
require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Transitional.php';
require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTML.php';
require_once $__dir . '/HTMLPurifier/Strategy/Composite.php'; require_once $__dir . '/HTMLPurifier/Injector/AutoParagraph.php';
require_once $__dir . '/HTMLPurifier/Strategy/Core.php'; require_once $__dir . '/HTMLPurifier/Injector/Linkify.php';
require_once $__dir . '/HTMLPurifier/Strategy/FixNesting.php'; require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php';
require_once $__dir . '/HTMLPurifier/Strategy/MakeWellFormed.php'; require_once $__dir . '/HTMLPurifier/Injector/SafeObject.php';
require_once $__dir . '/HTMLPurifier/Strategy/RemoveForeignElements.php'; require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php';
require_once $__dir . '/HTMLPurifier/Strategy/ValidateAttributes.php'; require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php';
require_once $__dir . '/HTMLPurifier/TagTransform/Font.php'; require_once $__dir . '/HTMLPurifier/Strategy/Composite.php';
require_once $__dir . '/HTMLPurifier/TagTransform/Simple.php'; require_once $__dir . '/HTMLPurifier/Strategy/Core.php';
require_once $__dir . '/HTMLPurifier/Token/Comment.php'; require_once $__dir . '/HTMLPurifier/Strategy/FixNesting.php';
require_once $__dir . '/HTMLPurifier/Token/Tag.php'; require_once $__dir . '/HTMLPurifier/Strategy/MakeWellFormed.php';
require_once $__dir . '/HTMLPurifier/Token/Empty.php'; require_once $__dir . '/HTMLPurifier/Strategy/RemoveForeignElements.php';
require_once $__dir . '/HTMLPurifier/Token/End.php'; require_once $__dir . '/HTMLPurifier/Strategy/ValidateAttributes.php';
require_once $__dir . '/HTMLPurifier/Token/Start.php'; require_once $__dir . '/HTMLPurifier/TagTransform/Font.php';
require_once $__dir . '/HTMLPurifier/Token/Text.php'; require_once $__dir . '/HTMLPurifier/TagTransform/Simple.php';
require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternal.php'; require_once $__dir . '/HTMLPurifier/Token/Comment.php';
require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternalResources.php'; require_once $__dir . '/HTMLPurifier/Token/Tag.php';
require_once $__dir . '/HTMLPurifier/URIFilter/HostBlacklist.php'; require_once $__dir . '/HTMLPurifier/Token/Empty.php';
require_once $__dir . '/HTMLPurifier/URIFilter/MakeAbsolute.php'; require_once $__dir . '/HTMLPurifier/Token/End.php';
require_once $__dir . '/HTMLPurifier/URIScheme/ftp.php'; require_once $__dir . '/HTMLPurifier/Token/Start.php';
require_once $__dir . '/HTMLPurifier/URIScheme/http.php'; require_once $__dir . '/HTMLPurifier/Token/Text.php';
require_once $__dir . '/HTMLPurifier/URIScheme/https.php'; require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternal.php';
require_once $__dir . '/HTMLPurifier/URIScheme/mailto.php'; require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternalResources.php';
require_once $__dir . '/HTMLPurifier/URIScheme/news.php'; require_once $__dir . '/HTMLPurifier/URIFilter/HostBlacklist.php';
require_once $__dir . '/HTMLPurifier/URIScheme/nntp.php'; require_once $__dir . '/HTMLPurifier/URIFilter/MakeAbsolute.php';
require_once $__dir . '/HTMLPurifier/VarParser/Flexible.php'; require_once $__dir . '/HTMLPurifier/URIFilter/Munge.php';
require_once $__dir . '/HTMLPurifier/VarParser/Native.php'; require_once $__dir . '/HTMLPurifier/URIScheme/ftp.php';
require_once $__dir . '/HTMLPurifier/URIScheme/http.php';
require_once $__dir . '/HTMLPurifier/URIScheme/https.php';
require_once $__dir . '/HTMLPurifier/URIScheme/mailto.php';
require_once $__dir . '/HTMLPurifier/URIScheme/news.php';
require_once $__dir . '/HTMLPurifier/URIScheme/nntp.php';
require_once $__dir . '/HTMLPurifier/VarParser/Flexible.php';
require_once $__dir . '/HTMLPurifier/VarParser/Native.php';

18
library/HTMLPurifier/AttrDef.php
View File

@@ -51,16 +51,13 @@ abstract class HTMLPurifier_AttrDef
* *
* @warning This processing is inconsistent with XML's whitespace handling * @warning This processing is inconsistent with XML's whitespace handling
* as specified by section 3.3.3 and referenced XHTML 1.0 section * as specified by section 3.3.3 and referenced XHTML 1.0 section
* 4.7. Compliant processing requires all line breaks normalized * 4.7. However, note that we are NOT necessarily
* to "\n", so the fix is not as simple as fixing it in this * parsing XML, thus, this behavior may still be correct. We
* function. Trim and whitespace collapsing are supposed to only * assume that newlines have been normalized.
* occur in NMTOKENs. However, note that we are NOT necessarily
* parsing XML, thus, this behavior may still be correct.
*/ */
public function parseCDATA($string) { public function parseCDATA($string) {
$string = trim($string); $string = trim($string);
$string = str_replace("\n", '', $string); $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
$string = str_replace(array("\r", "\t"), ' ', $string);
return $string; return $string;
} }
@@ -70,9 +67,10 @@ abstract class HTMLPurifier_AttrDef
* @return Created AttrDef object corresponding to $string * @return Created AttrDef object corresponding to $string
*/ */
public function make($string) { public function make($string) {
// default implementation, return flyweight of this object // default implementation, return a flyweight of this object.
// if overloaded, it is *necessary* for you to clone the // If $string has an effect on the returned object (i.e. you
// object (usually by instantiating a new copy) and return that // need to overload this method), it is best
// to clone or instantiate new copies. (Instantiation is safer.)
return $this; return $this;
} }

8
library/HTMLPurifier/AttrDef/CSS.php
View File

@@ -29,6 +29,12 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
$declarations = explode(';', $css); $declarations = explode(';', $css);
$propvalues = array(); $propvalues = array();
/**
* Name of the current CSS property being validated.
*/
$property = false;
$context->register('CurrentCSSProperty', $property);
foreach ($declarations as $declaration) { foreach ($declarations as $declaration) {
if (!$declaration) continue; if (!$declaration) continue;
if (!strpos($declaration, ':')) continue; if (!strpos($declaration, ':')) continue;
@@ -61,6 +67,8 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
$propvalues[$property] = $result; $propvalues[$property] = $result;
} }
$context->destroy('CurrentCSSProperty');
// procedure does not write the new CSS simultaneously, so it's // procedure does not write the new CSS simultaneously, so it's
// slightly inefficient, but it's the only way of getting rid of // slightly inefficient, but it's the only way of getting rid of
// duplicates. Perhaps config to optimize it, but not now. // duplicates. Perhaps config to optimize it, but not now.

26
library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
/**
* Decorator which enables CSS properties to be disabled for specific elements.
*/
class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
{
protected $def, $element;
/**
* @param $def Definition to wrap
* @param $element Element to deny
*/
public function __construct($def, $element) {
$this->def = $def;
$this->element = $element;
}
/**
* Checks if CurrentToken is set and equal to $this->element
*/
public function validate($string, $config, $context) {
$token = $context->get('CurrentToken', true);
if ($token && $token->name == $this->element) return false;
return $this->def->validate($string, $config, $context);
}
}

38
library/HTMLPurifier/AttrDef/CSS/FontFamily.php
View File

@@ -16,7 +16,6 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
'cursive' => true 'cursive' => true
); );
$string = $this->parseCDATA($string);
// assume that no font names contain commas in them // assume that no font names contain commas in them
$fonts = explode(',', $string); $fonts = explode(',', $string);
$final = ''; $final = '';
@@ -35,13 +34,40 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
$quote = $font[0]; $quote = $font[0];
if ($font[$length - 1] !== $quote) continue; if ($font[$length - 1] !== $quote) continue;
$font = substr($font, 1, $length - 2); $font = substr($font, 1, $length - 2);
// double-backslash processing is buggy
$font = str_replace("\\$quote", $quote, $font); // de-escape quote $new_font = '';
$font = str_replace("\\\n", "\n", $font); // de-escape newlines for ($i = 0, $c = strlen($font); $i < $c; $i++) {
if ($font[$i] === '\\') {
$i++;
if ($i >= $c) {
$new_font .= '\\';
break;
}
if (ctype_xdigit($font[$i])) {
$code = $font[$i];
for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
if (!ctype_xdigit($font[$i])) break;
$code .= $font[$i];
}
// We have to be extremely careful when adding
// new characters, to make sure we're not breaking
// the encoding.
$char = HTMLPurifier_Encoder::unichr(hexdec($code));
if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
$new_font .= $char;
if ($i < $c && trim($font[$i]) !== '') $i--;
continue;
}
if ($font[$i] === "\n") continue;
}
$new_font .= $font[$i];
}
$font = $new_font;
} }
// $font is a pure representation of the font name // $font is a pure representation of the font name
if (ctype_alnum($font)) { if (ctype_alnum($font) && $font !== '') {
// very simple font, allow it in unharmed // very simple font, allow it in unharmed
$final .= $font . ', '; $final .= $font . ', ';
continue; continue;
@@ -50,8 +76,8 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
// complicated font, requires quoting // complicated font, requires quoting
// armor single quotes and new lines // armor single quotes and new lines
$font = str_replace("\\", "\\\\", $font);
$font = str_replace("'", "\\'", $font); $font = str_replace("'", "\\'", $font);
$font = str_replace("\n", "\\\n", $font);
$final .= "'$font', "; $final .= "'$font', ";
} }
$final = rtrim($final, ', '); $final = rtrim($final, ', ');

2
library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
View File

@@ -3,7 +3,7 @@
/** /**
* Decorator which enables !important to be used in CSS values. * Decorator which enables !important to be used in CSS values.
*/ */
class HTMLPurifier_AttrDef_CSS_ImportantDecorator class HTMLPurifier_AttrDef_CSS_ImportantDecorator extends HTMLPurifier_AttrDef
{ {
protected $def, $allow; protected $def, $allow;

56
library/HTMLPurifier/AttrDef/CSS/Length.php
View File

@@ -6,46 +6,40 @@
class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_CSS_Length extends HTMLPurifier_AttrDef
{ {
/** protected $min, $max;
* Valid unit lookup table.
* @warning The code assumes all units are two characters long. Be careful
* if we have to change this behavior!
*/
protected $units = array('em' => true, 'ex' => true, 'px' => true, 'in' => true,
'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true);
/**
* Instance of HTMLPurifier_AttrDef_Number to defer number validation to
*/
protected $number_def;
/** /**
* @param $non_negative Bool indication whether or not negative values are * @param HTMLPurifier_Length $max Minimum length, or null for no bound. String is also acceptable.
* allowed. * @param HTMLPurifier_Length $max Maximum length, or null for no bound. String is also acceptable.
*/ */
public function __construct($non_negative = false) { public function __construct($min = null, $max = null) {
$this->number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); $this->min = $min !== null ? HTMLPurifier_Length::make($min) : null;
$this->max = $max !== null ? HTMLPurifier_Length::make($max) : null;
} }
public function validate($length, $config, $context) { public function validate($string, $config, $context) {
$string = $this->parseCDATA($string);
$length = $this->parseCDATA($length); // Optimizations
if ($length === '') return false; if ($string === '') return false;
if ($length === '0') return '0'; if ($string === '0') return '0';
$strlen = strlen($length); if (strlen($string) === 1) return false;
if ($strlen === 1) return false; // impossible!
// we assume all units are two characters $length = HTMLPurifier_Length::make($string);
$unit = substr($length, $strlen - 2); if (!$length->isValid()) return false;
if (!ctype_lower($unit)) $unit = strtolower($unit);
$number = substr($length, 0, $strlen - 2);
if (!isset($this->units[$unit])) return false; if ($this->min) {
$c = $length->compareTo($this->min);
$number = $this->number_def->validate($number, $config, $context); if ($c === false) return false;
if ($number === false) return false; if ($c < 0) return false;
}
return $number . $unit; if ($this->max) {
$c = $length->compareTo($this->max);
if ($c === false) return false;
if ($c > 0) return false;
}
return $length->toString();
} }
} }

4
library/HTMLPurifier/AttrDef/CSS/Number.php
View File

@@ -18,6 +18,10 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
$this->non_negative = $non_negative; $this->non_negative = $non_negative;
} }
/**
* @warning Some contexts do not pass $config, $context. These
* variables should not be used without checking HTMLPurifier_Length
*/
public function validate($number, $config, $context) { public function validate($number, $config, $context) {
$number = $this->parseCDATA($number); $number = $this->parseCDATA($number);

5
library/HTMLPurifier/AttrDef/CSS/TextDecoration.php
View File

@@ -13,10 +13,13 @@ class HTMLPurifier_AttrDef_CSS_TextDecoration extends HTMLPurifier_AttrDef
static $allowed_values = array( static $allowed_values = array(
'line-through' => true, 'line-through' => true,
'overline' => true, 'overline' => true,
'underline' => true 'underline' => true,
); );
$string = strtolower($this->parseCDATA($string)); $string = strtolower($this->parseCDATA($string));
if ($string === 'none') return $string;
$parts = explode(' ', $string); $parts = explode(' ', $string);
$final = ''; $final = '';
foreach ($parts as $part) { foreach ($parts as $part) {

15
library/HTMLPurifier/AttrDef/HTML/Pixels.php
View File

@@ -6,6 +6,12 @@
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
{ {
protected $max;
public function __construct($max = null) {
$this->max = $max;
}
public function validate($string, $config, $context) { public function validate($string, $config, $context) {
$string = trim($string); $string = trim($string);
@@ -24,11 +30,18 @@ class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
// crash operating systems, see <http://ha.ckers.org/imagecrash.html> // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
// WARNING, above link WILL crash you if you're using Windows // WARNING, above link WILL crash you if you're using Windows
if ($int > 1200) return '1200'; if ($this->max !== null && $int > $this->max) return (string) $this->max;
return (string) $int; return (string) $int;
} }
public function make($string) {
if ($string === '') $max = null;
else $max = (int) $string;
$class = get_class($this);
return new $class($max);
}
} }

32
library/HTMLPurifier/AttrDef/Switch.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
/**
* Decorator that, depending on a token, switches between two definitions.
*/
class HTMLPurifier_AttrDef_Switch
{
protected $tag;
protected $withTag, $withoutTag;
/**
* @param string $tag Tag name to switch upon
* @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
* @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token
*/
public function __construct($tag, $with_tag, $without_tag) {
$this->tag = $tag;
$this->withTag = $with_tag;
$this->withoutTag = $without_tag;
}
public function validate($string, $config, $context) {
$token = $context->get('CurrentToken', true);
if (!$token || $token->name !== $this->tag) {
return $this->withoutTag->validate($string, $config, $context);
} else {
return $this->withTag->validate($string, $config, $context);
}
}
}

36
library/HTMLPurifier/AttrDef/URI.php
View File

@@ -7,7 +7,7 @@
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
{ {
protected $parser, $percentEncoder; protected $parser;
protected $embedsResource; protected $embedsResource;
/** /**
@@ -15,17 +15,19 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
*/ */
public function __construct($embeds_resource = false) { public function __construct($embeds_resource = false) {
$this->parser = new HTMLPurifier_URIParser(); $this->parser = new HTMLPurifier_URIParser();
$this->percentEncoder = new HTMLPurifier_PercentEncoder();
$this->embedsResource = (bool) $embeds_resource; $this->embedsResource = (bool) $embeds_resource;
} }
public function make($string) {
$embeds = (bool) $string;
return new HTMLPurifier_AttrDef_URI($embeds);
}
public function validate($uri, $config, $context) { public function validate($uri, $config, $context) {
if ($config->get('URI', 'Disable')) return false; if ($config->get('URI', 'Disable')) return false;
// initial operations
$uri = $this->parseCDATA($uri); $uri = $this->parseCDATA($uri);
$uri = $this->percentEncoder->normalize($uri);
// parse the URI // parse the URI
$uri = $this->parser->parse($uri); $uri = $this->parser->parse($uri);
@@ -42,7 +44,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
if (!$result) break; if (!$result) break;
// chained filtering // chained filtering
$uri_def =& $config->getDefinition('URI'); $uri_def = $config->getDefinition('URI');
$result = $uri_def->filter($uri, $config, $context); $result = $uri_def->filter($uri, $config, $context);
if (!$result) break; if (!$result) break;
@@ -53,6 +55,10 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
$result = $scheme_obj->validate($uri, $config, $context); $result = $scheme_obj->validate($uri, $config, $context);
if (!$result) break; if (!$result) break;
// Post chained filtering
$result = $uri_def->postFilter($uri, $config, $context);
if (!$result) break;
// survived gauntlet // survived gauntlet
$ok = true; $ok = true;
@@ -61,26 +67,8 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
$context->destroy('EmbeddedURI'); $context->destroy('EmbeddedURI');
if (!$ok) return false; if (!$ok) return false;
// munge scheme off if necessary (this must be last)
if (!is_null($uri->scheme) && is_null($uri->host)) {
if ($uri_def->defaultScheme == $uri->scheme) {
$uri->scheme = null;
}
}
// back to string // back to string
$result = $uri->toString(); return $uri->toString();
// munge entire URI if necessary
if (
!is_null($uri->host) && // indicator for authority
!empty($scheme_obj->browsable) &&
!is_null($munge = $config->get('URI', 'Munge'))
) {
$result = str_replace('%s', rawurlencode($result), $munge);
}
return $result;
} }

20
library/HTMLPurifier/AttrDef/URI/Host.php
View File

@@ -36,11 +36,23 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
$ipv4 = $this->ipv4->validate($string, $config, $context); $ipv4 = $this->ipv4->validate($string, $config, $context);
if ($ipv4 !== false) return $ipv4; if ($ipv4 !== false) return $ipv4;
// validate a domain name here, do filtering, etc etc etc // A regular domain name.
// We could use this, but it would break I18N domain names // This breaks I18N domain names, but we don't have proper IRI support,
//$match = preg_match('/^[a-z0-9][\w\-\.]*[a-z0-9]$/i', $string); // so force users to insert Punycode. If there's complaining we'll
//if (!$match) return false; // try to fix things into an international friendly form.
// The productions describing this are:
$a = '[a-z]'; // alpha
$an = '[a-z0-9]'; // alphanum
$and = '[a-z0-9-]'; // alphanum | "-"
// domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
$domainlabel = "$an($and*$an)?";
// toplabel = alpha | alpha *( alphanum | "-" ) alphanum
$toplabel = "$a($and*$an)?";
// hostname = *( domainlabel "." ) toplabel [ "." ]
$match = preg_match("/^($domainlabel\.)*$toplabel\.?$/i", $string);
if (!$match) return false;
return $string; return $string;
} }

13
library/HTMLPurifier/AttrTransform/SafeEmbed.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
{
public $name = "SafeEmbed";
public function transform($attr, $config, $context) {
$attr['allowscriptaccess'] = 'never';
$attr['allownetworking'] = 'internal';
$attr['type'] = 'application/x-shockwave-flash';
return $attr;
}
}

14
library/HTMLPurifier/AttrTransform/SafeObject.php Normal file
View File

@@ -0,0 +1,14 @@
<?php
/**
* Writes default type for all objects. Currently only supports flash.
*/
class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
{
public $name = "SafeObject";
function transform($attr, $config, $context) {
if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash';
return $attr;
}
}

48
library/HTMLPurifier/AttrTransform/SafeParam.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
/**
* Validates name/value pairs in param tags to be used in safe objects. This
* will only allow name values it recognizes, and pre-fill certain attributes
* with required values.
*
* @note
* This class only supports Flash. In the future, Quicktime support
* may be added.
*
* @warning
* This class expects an injector to add the necessary parameters tags.
*/
class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
{
public $name = "SafeParam";
private $uri;
public function __construct() {
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
}
public function transform($attr, $config, $context) {
// If we add support for other objects, we'll need to alter the
// transforms.
switch ($attr['name']) {
// application/x-shockwave-flash
// Keep this synchronized with Injector/SafeObject.php
case 'allowScriptAccess':
$attr['value'] = 'never';
break;
case 'allowNetworking':
$attr['value'] = 'internal';
break;
case 'wmode':
$attr['value'] = 'window';
break;
case 'movie':
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
break;
// add other cases to support other param name/value pairs
default:
$attr['name'] = $attr['value'] = null;
}
return $attr;
}
}

14
library/HTMLPurifier/AttrTransform/ScriptRequired.php Normal file
View File

@@ -0,0 +1,14 @@
<?php
/**
* Implements required attribute stipulation for <script>
*/
class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
{
public function transform($attr, $config, $context) {
if (!isset($attr['type'])) {
$attr['type'] = 'text/javascript';
}
return $attr;
}
}

6
library/HTMLPurifier/AttrValidator.php
View File

@@ -43,8 +43,8 @@ class HTMLPurifier_AttrValidator
// DEFINITION CALL // DEFINITION CALL
$d_defs = $definition->info_global_attr; $d_defs = $definition->info_global_attr;
// reference attributes for easy manipulation // don't update token until the very end, to ensure an atomic update
$attr =& $token->attr; $attr = $token->attr;
// do global transformations (pre) // do global transformations (pre)
// nothing currently utilizes this // nothing currently utilizes this
@@ -139,6 +139,8 @@ class HTMLPurifier_AttrValidator
if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
} }
$token->attr = $attr;
// destroy CurrentToken if we made it ourselves // destroy CurrentToken if we made it ourselves
if (!$current_token) $context->destroy('CurrentToken'); if (!$current_token) $context->destroy('CurrentToken');

12
library/HTMLPurifier/Bootstrap.php
View File

@@ -37,7 +37,7 @@ class HTMLPurifier_Bootstrap
public static function autoload($class) { public static function autoload($class) {
$file = HTMLPurifier_Bootstrap::getPath($class); $file = HTMLPurifier_Bootstrap::getPath($class);
if (!$file) return false; if (!$file) return false;
require $file; require HTMLPURIFIER_PREFIX . '/' . $file;
return true; return true;
} }
@@ -48,11 +48,13 @@ class HTMLPurifier_Bootstrap
if (strncmp('HTMLPurifier', $class, 12) !== 0) return false; if (strncmp('HTMLPurifier', $class, 12) !== 0) return false;
// Custom implementations // Custom implementations
if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) { if (strncmp('HTMLPurifier_Language_', $class, 22) === 0) {
$code = str_replace('_', '-', substr($class, 22)); $code = str_replace('_', '-', substr($class, 22));
return 'HTMLPurifier/Language/classes/' . $code . '.php'; $file = 'HTMLPurifier/Language/classes/' . $code . '.php';
} else {
$file = str_replace('_', '/', $class) . '.php';
} }
// Standard implementation if (!file_exists(HTMLPURIFIER_PREFIX . '/' . $file)) return false;
return str_replace('_', '/', $class) . '.php'; return $file;
} }
/** /**

27
library/HTMLPurifier/CSSDefinition.php
View File

@@ -90,7 +90,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['border-left-width'] = $this->info['border-left-width'] =
$this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')), new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
new HTMLPurifier_AttrDef_CSS_Length(true) //disallow negative new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
)); ));
$this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width); $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
@@ -116,7 +116,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_Enum(array('normal')), new HTMLPurifier_AttrDef_Enum(array('normal')),
new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
new HTMLPurifier_AttrDef_CSS_Length(true), new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true) new HTMLPurifier_AttrDef_CSS_Percentage(true)
)); ));
@@ -138,7 +138,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['padding-bottom'] = $this->info['padding-bottom'] =
$this->info['padding-left'] = $this->info['padding-left'] =
$this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array( $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(true), new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Percentage(true) new HTMLPurifier_AttrDef_CSS_Percentage(true)
)); ));
@@ -149,13 +149,26 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
new HTMLPurifier_AttrDef_CSS_Percentage() new HTMLPurifier_AttrDef_CSS_Percentage()
)); ));
$this->info['width'] = $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(array(
$this->info['height'] = new HTMLPurifier_AttrDef_CSS_Length('0'),
new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length(true),
new HTMLPurifier_AttrDef_CSS_Percentage(true), new HTMLPurifier_AttrDef_CSS_Percentage(true),
new HTMLPurifier_AttrDef_Enum(array('auto')) new HTMLPurifier_AttrDef_Enum(array('auto'))
)); ));
$max = $config->get('CSS', 'MaxImgLength');
$this->info['width'] =
$this->info['height'] =
$max === null ?
$trusted_wh :
new HTMLPurifier_AttrDef_Switch('img',
// For img tags:
new HTMLPurifier_AttrDef_CSS_Composite(array(
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
new HTMLPurifier_AttrDef_Enum(array('auto'))
)),
// For everyone else:
$trusted_wh
);
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration(); $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();

6
library/HTMLPurifier/ChildDef.php
View File

@@ -3,7 +3,7 @@
/** /**
* Defines allowed child nodes and validates tokens against it. * Defines allowed child nodes and validates tokens against it.
*/ */
class HTMLPurifier_ChildDef abstract class HTMLPurifier_ChildDef
{ {
/** /**
* Type of child definition, usually right-most part of class name lowercase. * Type of child definition, usually right-most part of class name lowercase.
@@ -34,9 +34,7 @@ class HTMLPurifier_ChildDef
* @return bool false to remove parent node * @return bool false to remove parent node
* @return array of replacement child tokens * @return array of replacement child tokens
*/ */
public function validateChildren($tokens_of_children, $config, $context) { abstract public function validateChildren($tokens_of_children, $config, $context);
trigger_error('Call to abstract function', E_USER_ERROR);
}
} }

9
library/HTMLPurifier/ChildDef/Required.php
View File

@@ -55,10 +55,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
$escape_invalid_children = $config->get('Core', 'EscapeInvalidChildren'); $escape_invalid_children = $config->get('Core', 'EscapeInvalidChildren');
// generator // generator
static $gen = null; $gen = new HTMLPurifier_Generator($config, $context);
if ($gen === null) {
$gen = new HTMLPurifier_Generator();
}
foreach ($tokens_of_children as $token) { foreach ($tokens_of_children as $token) {
if (!empty($token->is_whitespace)) { if (!empty($token->is_whitespace)) {
@@ -83,7 +80,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
$result[] = $token; $result[] = $token;
} elseif ($pcdata_allowed && $escape_invalid_children) { } elseif ($pcdata_allowed && $escape_invalid_children) {
$result[] = new HTMLPurifier_Token_Text( $result[] = new HTMLPurifier_Token_Text(
$gen->generateFromToken($token, $config) $gen->generateFromToken($token)
); );
} }
continue; continue;
@@ -94,7 +91,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
} elseif ($pcdata_allowed && $escape_invalid_children) { } elseif ($pcdata_allowed && $escape_invalid_children) {
$result[] = $result[] =
new HTMLPurifier_Token_Text( new HTMLPurifier_Token_Text(
$gen->generateFromToken( $token, $config ) $gen->generateFromToken($token)
); );
} else { } else {
// drop silently // drop silently

90
library/HTMLPurifier/Config.php
View File

@@ -20,7 +20,7 @@ class HTMLPurifier_Config
/** /**
* HTML Purifier's version * HTML Purifier's version
*/ */
public $version = '3.1.0rc1'; public $version = '3.1.1';
/** /**
* Bool indicator whether or not to automatically finalize * Bool indicator whether or not to automatically finalize
@@ -72,7 +72,7 @@ class HTMLPurifier_Config
* @param $definition HTMLPurifier_ConfigSchema that defines what directives * @param $definition HTMLPurifier_ConfigSchema that defines what directives
* are allowed. * are allowed.
*/ */
public function __construct(&$definition) { public function __construct($definition) {
$this->conf = $definition->defaults; // set up, copy in defaults $this->conf = $definition->defaults; // set up, copy in defaults
$this->def = $definition; // keep a copy around for checking $this->def = $definition; // keep a copy around for checking
$this->parser = new HTMLPurifier_VarParser_Flexible(); $this->parser = new HTMLPurifier_VarParser_Flexible();
@@ -107,7 +107,7 @@ class HTMLPurifier_Config
* @return Default HTMLPurifier_Config object. * @return Default HTMLPurifier_Config object.
*/ */
public static function createDefault() { public static function createDefault() {
$definition =& HTMLPurifier_ConfigSchema::instance(); $definition = HTMLPurifier_ConfigSchema::instance();
$config = new HTMLPurifier_Config($definition); $config = new HTMLPurifier_Config($definition);
return $config; return $config;
} }
@@ -125,7 +125,7 @@ class HTMLPurifier_Config
E_USER_WARNING); E_USER_WARNING);
return; return;
} }
if ($this->def->info[$namespace][$key]->class == 'alias') { if (isset($this->def->info[$namespace][$key]->isAlias)) {
$d = $this->def->info[$namespace][$key]; $d = $this->def->info[$namespace][$key];
trigger_error('Cannot get value from aliased directive, use real name ' . $d->namespace . '.' . $d->name, trigger_error('Cannot get value from aliased directive, use real name ' . $d->namespace . '.' . $d->name,
E_USER_ERROR); E_USER_ERROR);
@@ -196,40 +196,48 @@ class HTMLPurifier_Config
E_USER_WARNING); E_USER_WARNING);
return; return;
} }
if ($this->def->info[$namespace][$key]->class == 'alias') { $def = $this->def->info[$namespace][$key];
if (isset($def->isAlias)) {
if ($from_alias) { if ($from_alias) {
trigger_error('Double-aliases not allowed, please fix '. trigger_error('Double-aliases not allowed, please fix '.
'ConfigSchema bug with' . "$namespace.$key", E_USER_ERROR); 'ConfigSchema bug with' . "$namespace.$key", E_USER_ERROR);
return; return;
} }
$this->set($new_ns = $this->def->info[$namespace][$key]->namespace, $this->set($new_ns = $def->namespace,
$new_dir = $this->def->info[$namespace][$key]->name, $new_dir = $def->name,
$value, true); $value, true);
trigger_error("$namespace.$key is an alias, preferred directive name is $new_ns.$new_dir", E_USER_NOTICE); trigger_error("$namespace.$key is an alias, preferred directive name is $new_ns.$new_dir", E_USER_NOTICE);
return; return;
} }
// Raw type might be negative when using the fully optimized form
// of stdclass, which indicates allow_null == true
$rtype = is_int($def) ? $def : $def->type;
if ($rtype < 0) {
$type = -$rtype;
$allow_null = true;
} else {
$type = $rtype;
$allow_null = isset($def->allow_null);
}
try { try {
$value = $this->parser->parse( $value = $this->parser->parse($value, $type, $allow_null);
$value,
$type = $this->def->info[$namespace][$key]->type,
$this->def->info[$namespace][$key]->allow_null
);
} catch (HTMLPurifier_VarParserException $e) { } catch (HTMLPurifier_VarParserException $e) {
trigger_error('Value for ' . "$namespace.$key" . ' is of invalid type, should be ' . $type, E_USER_WARNING); trigger_error('Value for ' . "$namespace.$key" . ' is of invalid type, should be ' . HTMLPurifier_VarParser::getTypeName($type), E_USER_WARNING);
return; return;
} }
if (is_string($value)) { if (is_string($value) && is_object($def)) {
// resolve value alias if defined // resolve value alias if defined
if (isset($this->def->info[$namespace][$key]->aliases[$value])) { if (isset($def->aliases[$value])) {
$value = $this->def->info[$namespace][$key]->aliases[$value]; $value = $def->aliases[$value];
} }
if ($this->def->info[$namespace][$key]->allowed !== true) { // check to see if the value is allowed
// check to see if the value is allowed if (isset($def->allowed) && !isset($def->allowed[$value])) {
if (!isset($this->def->info[$namespace][$key]->allowed[$value])) { trigger_error('Value not supported, valid values are: ' .
trigger_error('Value not supported, valid values are: ' . $this->_listify($def->allowed), E_USER_WARNING);
$this->_listify($this->def->info[$namespace][$key]->allowed), E_USER_WARNING); return;
return;
}
} }
} }
$this->conf[$namespace][$key] = $value; $this->conf[$namespace][$key] = $value;
@@ -254,21 +262,21 @@ class HTMLPurifier_Config
} }
/** /**
* Retrieves reference to the HTML definition. * Retrieves object reference to the HTML definition.
* @param $raw Return a copy that has not been setup yet. Must be * @param $raw Return a copy that has not been setup yet. Must be
* called before it's been setup, otherwise won't work. * called before it's been setup, otherwise won't work.
*/ */
public function &getHTMLDefinition($raw = false) { public function getHTMLDefinition($raw = false) {
$def =& $this->getDefinition('HTML', $raw); return $this->getDefinition('HTML', $raw);
return $def; // prevent PHP 4.4.0 from complaining
} }
/** /**
* Retrieves reference to the CSS definition * Retrieves object reference to the CSS definition
* @param $raw Return a copy that has not been setup yet. Must be
* called before it's been setup, otherwise won't work.
*/ */
public function &getCSSDefinition($raw = false) { public function getCSSDefinition($raw = false) {
$def =& $this->getDefinition('CSS', $raw); return $this->getDefinition('CSS', $raw);
return $def;
} }
/** /**
@@ -276,7 +284,7 @@ class HTMLPurifier_Config
* @param $type Type of definition: HTML, CSS, etc * @param $type Type of definition: HTML, CSS, etc
* @param $raw Whether or not definition should be returned raw * @param $raw Whether or not definition should be returned raw
*/ */
public function &getDefinition($type, $raw = false) { public function getDefinition($type, $raw = false) {
if (!$this->finalized && $this->autoFinalize) $this->finalize(); if (!$this->finalized && $this->autoFinalize) $this->finalize();
$factory = HTMLPurifier_DefinitionCacheFactory::instance(); $factory = HTMLPurifier_DefinitionCacheFactory::instance();
$cache = $factory->create($type, $this); $cache = $factory->create($type, $this);
@@ -310,17 +318,13 @@ class HTMLPurifier_Config
} elseif ($type == 'URI') { } elseif ($type == 'URI') {
$this->definitions[$type] = new HTMLPurifier_URIDefinition(); $this->definitions[$type] = new HTMLPurifier_URIDefinition();
} else { } else {
trigger_error("Definition of $type type not supported"); throw new HTMLPurifier_Exception("Definition of $type type not supported");
$false = false;
return $false;
} }
// quick abort if raw // quick abort if raw
if ($raw) { if ($raw) {
if (is_null($this->get($type, 'DefinitionID'))) { if (is_null($this->get($type, 'DefinitionID'))) {
// fatally error out if definition ID not set // fatally error out if definition ID not set
trigger_error("Cannot retrieve raw version without specifying %$type.DefinitionID", E_USER_ERROR); throw new HTMLPurifier_Exception("Cannot retrieve raw version without specifying %$type.DefinitionID");
$false = new HTMLPurifier_Error();
return $false;
} }
return $this->definitions[$type]; return $this->definitions[$type];
} }
@@ -390,7 +394,7 @@ class HTMLPurifier_Config
if (isset($blacklisted_directives["$ns.$directive"])) continue; if (isset($blacklisted_directives["$ns.$directive"])) continue;
if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue; if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
} }
if ($def->class == 'alias') continue; if (isset($def->isAlias)) continue;
if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue; if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
$ret[] = array($ns, $directive); $ret[] = array($ns, $directive);
} }
@@ -407,7 +411,7 @@ class HTMLPurifier_Config
* @param $mq_fix Boolean whether or not to enable magic quotes fix * @param $mq_fix Boolean whether or not to enable magic quotes fix
* @param $schema Instance of HTMLPurifier_ConfigSchema to use, if not global copy * @param $schema Instance of HTMLPurifier_ConfigSchema to use, if not global copy
*/ */
public static function loadArrayFromForm($array, $index, $allowed = true, $mq_fix = true, $schema = null) { public static function loadArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) {
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema); $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $schema);
$config = HTMLPurifier_Config::create($ret, $schema); $config = HTMLPurifier_Config::create($ret, $schema);
return $config; return $config;
@@ -417,7 +421,7 @@ class HTMLPurifier_Config
* Merges in configuration values from $_GET/$_POST to object. NOT STATIC. * Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
* @note Same parameters as loadArrayFromForm * @note Same parameters as loadArrayFromForm
*/ */
public function mergeArrayFromForm($array, $index, $allowed = true, $mq_fix = true) { public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true) {
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def); $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def);
$this->loadArray($ret); $this->loadArray($ret);
} }
@@ -426,8 +430,8 @@ class HTMLPurifier_Config
* Prepares an array from a form into something usable for the more * Prepares an array from a form into something usable for the more
* strict parts of HTMLPurifier_Config * strict parts of HTMLPurifier_Config
*/ */
public static function prepareArrayFromForm($array, $index, $allowed = true, $mq_fix = true, $schema = null) { public static function prepareArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true, $schema = null) {
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); if ($index !== false) $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
$mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);

9
library/HTMLPurifier/ConfigDef.php
View File

@@ -1,9 +0,0 @@
<?php
/**
* Base class for configuration entity
*/
class HTMLPurifier_ConfigDef {
public $class = false;
}

55
library/HTMLPurifier/ConfigDef/Directive.php
View File

@@ -1,55 +0,0 @@
<?php
/**
* Structure object containing definition of a directive.
* @note This structure does not contain default values
*/
class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
{
public $class = 'directive';
public function __construct(
$type = null,
$allow_null = null,
$allowed = null,
$aliases = null
) {
if ( $type !== null) $this->type = $type;
if ( $allow_null !== null) $this->allow_null = $allow_null;
if ( $allowed !== null) $this->allowed = $allowed;
if ( $aliases !== null) $this->aliases = $aliases;
}
/**
* Allowed type of the directive. Values are:
* - string
* - istring (case insensitive string)
* - int
* - float
* - bool
* - lookup (array of value => true)
* - list (regular numbered index array)
* - hash (array of key => value)
* - mixed (anything goes)
*/
public $type = 'mixed';
/**
* Is null allowed? Has no effect for mixed type.
* @bool
*/
public $allow_null = false;
/**
* Lookup table of allowed values of the element, bool true if all allowed.
*/
public $allowed = true;
/**
* Hash of value aliases, i.e. values that are equivalent.
*/
public $aliases = array();
}

24
library/HTMLPurifier/ConfigDef/DirectiveAlias.php
View File

@@ -1,24 +0,0 @@
<?php
/**
* Structure object describing a directive alias
*/
class HTMLPurifier_ConfigDef_DirectiveAlias extends HTMLPurifier_ConfigDef
{
public $class = 'alias';
/**
* Namespace being aliased to
*/
public $namespace;
/**
* Directive being aliased to
*/
public $name;
public function __construct($namespace, $name) {
$this->namespace = $namespace;
$this->name = $name;
}
}

10
library/HTMLPurifier/ConfigDef/Namespace.php
View File

@@ -1,10 +0,0 @@
<?php
/**
* Structure object describing of a namespace
*/
class HTMLPurifier_ConfigDef_Namespace extends HTMLPurifier_ConfigDef
{
public $class = 'namespace';
}

91
library/HTMLPurifier/ConfigSchema.php
View File

@@ -12,7 +12,33 @@ class HTMLPurifier_ConfigSchema {
public $defaults = array(); public $defaults = array();
/** /**
* Definition of the directives. * Definition of the directives. The structure of this is:
*
* array(
* 'Namespace' => array(
* 'Directive' => new stdclass(),
* )
* )
*
* The stdclass may have the following properties:
*
* - If isAlias isn't set:
* - type: Integer type of directive, see HTMLPurifier_VarParser for definitions
* - allow_null: If set, this directive allows null values
* - aliases: If set, an associative array of value aliases to real values
* - allowed: If set, a lookup array of allowed (string) values
* - If isAlias is set:
* - namespace: Namespace this directive aliases to
* - name: Directive name this directive aliases to
*
* In certain degenerate cases, stdclass will actually be an integer. In
* that case, the value is equivalent to an stdclass with the type
* property set to the integer. If the integer is negative, type is
* equal to the absolute value of integer, and allow_null is true.
*
* This class is friendly with HTMLPurifier_Config. If you need introspection
* about the schema, you're better of using the ConfigSchema_Interchange,
* which uses more memory but has much richer information.
*/ */
public $info = array(); public $info = array();
@@ -21,15 +47,6 @@ class HTMLPurifier_ConfigSchema {
*/ */
static protected $singleton; static protected $singleton;
/**
* Variable parser.
*/
protected $parser;
public function __construct() {
$this->parser = new HTMLPurifier_VarParser_Flexible();
}
/** /**
* Unserializes the default ConfigSchema. * Unserializes the default ConfigSchema.
*/ */
@@ -40,7 +57,7 @@ class HTMLPurifier_ConfigSchema {
/** /**
* Retrieves an instance of the application-wide configuration definition. * Retrieves an instance of the application-wide configuration definition.
*/ */
public static function &instance($prototype = null) { public static function instance($prototype = null) {
if ($prototype !== null) { if ($prototype !== null) {
HTMLPurifier_ConfigSchema::$singleton = $prototype; HTMLPurifier_ConfigSchema::$singleton = $prototype;
} elseif (HTMLPurifier_ConfigSchema::$singleton === null || $prototype === true) { } elseif (HTMLPurifier_ConfigSchema::$singleton === null || $prototype === true) {
@@ -62,11 +79,11 @@ class HTMLPurifier_ConfigSchema {
* @param $allow_null Whether or not to allow null values * @param $allow_null Whether or not to allow null values
*/ */
public function add($namespace, $name, $default, $type, $allow_null) { public function add($namespace, $name, $default, $type, $allow_null) {
$default = $this->parser->parse($default, $type, $allow_null); $obj = new stdclass();
$this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_Directive(); $obj->type = is_int($type) ? $type : HTMLPurifier_VarParser::$types[$type];
$this->info[$namespace][$name]->type = $type; if ($allow_null) $obj->allow_null = true;
$this->info[$namespace][$name]->allow_null = $allow_null; $this->info[$namespace][$name] = $obj;
$this->defaults[$namespace][$name] = $default; $this->defaults[$namespace][$name] = $default;
} }
/** /**
@@ -90,6 +107,9 @@ class HTMLPurifier_ConfigSchema {
* @param $aliases Hash of aliased values to the real alias * @param $aliases Hash of aliased values to the real alias
*/ */
public function addValueAliases($namespace, $name, $aliases) { public function addValueAliases($namespace, $name, $aliases) {
if (!isset($this->info[$namespace][$name]->aliases)) {
$this->info[$namespace][$name]->aliases = array();
}
foreach ($aliases as $alias => $real) { foreach ($aliases as $alias => $real) {
$this->info[$namespace][$name]->aliases[$alias] = $real; $this->info[$namespace][$name]->aliases[$alias] = $real;
} }
@@ -104,9 +124,7 @@ class HTMLPurifier_ConfigSchema {
* @param $allowed Lookup array of allowed values * @param $allowed Lookup array of allowed values
*/ */
public function addAllowedValues($namespace, $name, $allowed) { public function addAllowedValues($namespace, $name, $allowed) {
$directive =& $this->info[$namespace][$name]; $this->info[$namespace][$name]->allowed = $allowed;
$type = $directive->type;
$directive->allowed = $allowed;
} }
/** /**
@@ -117,7 +135,26 @@ class HTMLPurifier_ConfigSchema {
* @param $new_name Directive that the alias will be to * @param $new_name Directive that the alias will be to
*/ */
public function addAlias($namespace, $name, $new_namespace, $new_name) { public function addAlias($namespace, $name, $new_namespace, $new_name) {
$this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_DirectiveAlias($new_namespace, $new_name); $obj = new stdclass;
$obj->namespace = $new_namespace;
$obj->name = $new_name;
$obj->isAlias = true;
$this->info[$namespace][$name] = $obj;
}
/**
* Replaces any stdclass that only has the type property with type integer.
*/
public function postProcess() {
foreach ($this->info as $namespace => $info) {
foreach ($info as $directive => $v) {
if (count((array) $v) == 1) {
$this->info[$namespace][$directive] = $v->type;
} elseif (count((array) $v) == 2 && isset($v->allow_null)) {
$this->info[$namespace][$directive] = -$v->type;
}
}
}
} }
// DEPRECATED METHODS // DEPRECATED METHODS
@@ -125,26 +162,25 @@ class HTMLPurifier_ConfigSchema {
/** @see HTMLPurifier_ConfigSchema->set() */ /** @see HTMLPurifier_ConfigSchema->set() */
public static function define($namespace, $name, $default, $type, $description) { public static function define($namespace, $name, $default, $type, $description) {
HTMLPurifier_ConfigSchema::deprecated(__METHOD__); HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
// process modifiers (OPTIMIZE!)
$type_values = explode('/', $type, 2); $type_values = explode('/', $type, 2);
$type = $type_values[0]; $type = $type_values[0];
$modifier = isset($type_values[1]) ? $type_values[1] : false; $modifier = isset($type_values[1]) ? $type_values[1] : false;
$allow_null = ($modifier === 'null'); $allow_null = ($modifier === 'null');
$def =& HTMLPurifier_ConfigSchema::instance(); $def = HTMLPurifier_ConfigSchema::instance();
$def->add($namespace, $name, $default, $type, $allow_null); $def->add($namespace, $name, $default, $type, $allow_null);
} }
/** @see HTMLPurifier_ConfigSchema->addNamespace() */ /** @see HTMLPurifier_ConfigSchema->addNamespace() */
public static function defineNamespace($namespace, $description) { public static function defineNamespace($namespace, $description) {
HTMLPurifier_ConfigSchema::deprecated(__METHOD__); HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
$def =& HTMLPurifier_ConfigSchema::instance(); $def = HTMLPurifier_ConfigSchema::instance();
$def->addNamespace($namespace); $def->addNamespace($namespace);
} }
/** @see HTMLPurifier_ConfigSchema->addValueAliases() */ /** @see HTMLPurifier_ConfigSchema->addValueAliases() */
public static function defineValueAliases($namespace, $name, $aliases) { public static function defineValueAliases($namespace, $name, $aliases) {
HTMLPurifier_ConfigSchema::deprecated(__METHOD__); HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
$def =& HTMLPurifier_ConfigSchema::instance(); $def = HTMLPurifier_ConfigSchema::instance();
$def->addValueAliases($namespace, $name, $aliases); $def->addValueAliases($namespace, $name, $aliases);
} }
@@ -155,21 +191,22 @@ class HTMLPurifier_ConfigSchema {
foreach ($allowed_values as $value) { foreach ($allowed_values as $value) {
$allowed[$value] = true; $allowed[$value] = true;
} }
$def =& HTMLPurifier_ConfigSchema::instance(); $def = HTMLPurifier_ConfigSchema::instance();
$def->addAllowedValues($namespace, $name, $allowed); $def->addAllowedValues($namespace, $name, $allowed);
} }
/** @see HTMLPurifier_ConfigSchema->addAlias() */ /** @see HTMLPurifier_ConfigSchema->addAlias() */
public static function defineAlias($namespace, $name, $new_namespace, $new_name) { public static function defineAlias($namespace, $name, $new_namespace, $new_name) {
HTMLPurifier_ConfigSchema::deprecated(__METHOD__); HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
$def =& HTMLPurifier_ConfigSchema::instance(); $def = HTMLPurifier_ConfigSchema::instance();
$def->addAlias($namespace, $name, $new_namespace, $new_name); $def->addAlias($namespace, $name, $new_namespace, $new_name);
} }
/** @deprecated, use HTMLPurifier_VarParser->parse() */ /** @deprecated, use HTMLPurifier_VarParser->parse() */
public function validate($a, $b, $c = false) { public function validate($a, $b, $c = false) {
trigger_error("HTMLPurifier_ConfigSchema->validate deprecated, use HTMLPurifier_VarParser->parse instead", E_USER_NOTICE); trigger_error("HTMLPurifier_ConfigSchema->validate deprecated, use HTMLPurifier_VarParser->parse instead", E_USER_NOTICE);
return $this->parser->parse($a, $b, $c); $parser = new HTMLPurifier_VarParser();
return $parser->parse($a, $b, $c);
} }
/** /**

1
library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
View File

@@ -43,6 +43,7 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
); );
} }
} }
$schema->postProcess();
return $schema; return $schema;
} }

6
library/HTMLPurifier/ConfigSchema/Builder/Xml.php
View File

@@ -71,8 +71,10 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->startElement('constraints'); $this->startElement('constraints');
if ($directive->version) $this->writeElement('version', $directive->version); if ($directive->version) $this->writeElement('version', $directive->version);
$this->writeElement('type', $directive->type); $this->startElement('type');
if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes'); if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes');
$this->text($directive->type);
$this->endElement(); // type
if ($directive->allowed) { if ($directive->allowed) {
$this->startElement('allowed'); $this->startElement('allowed');
foreach ($directive->allowed as $value => $x) $this->writeElement('value', $value); foreach ($directive->allowed as $value => $x) $this->writeElement('value', $value);

10
library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
View File

@@ -17,21 +17,27 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
$builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder(); $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
$interchange = new HTMLPurifier_ConfigSchema_Interchange(); $interchange = new HTMLPurifier_ConfigSchema_Interchange();
if (!$dir) $dir = realpath(dirname(__FILE__) . '/schema/'); if (!$dir) $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema/';
$info = parse_ini_file($dir . 'info.ini'); $info = parse_ini_file($dir . 'info.ini');
$interchange->name = $info['name']; $interchange->name = $info['name'];
$files = array();
$dh = opendir($dir); $dh = opendir($dir);
while (false !== ($file = readdir($dh))) { while (false !== ($file = readdir($dh))) {
if (!$file || $file[0] == '.' || strrchr($file, '.') !== '.txt') { if (!$file || $file[0] == '.' || strrchr($file, '.') !== '.txt') {
continue; continue;
} }
$files[] = $file;
}
closedir($dh);
sort($files);
foreach ($files as $file) {
$builder->build( $builder->build(
$interchange, $interchange,
new HTMLPurifier_StringHash( $parser->parseFile($dir . $file) ) new HTMLPurifier_StringHash( $parser->parseFile($dir . $file) )
); );
} }
closedir($dh);
return $interchange; return $interchange;
} }

3
library/HTMLPurifier/ConfigSchema/Validator.php
View File

@@ -111,7 +111,8 @@ class HTMLPurifier_ConfigSchema_Validator
if (!is_null($d->allowed) || !empty($d->valueAliases)) { if (!is_null($d->allowed) || !empty($d->valueAliases)) {
// allowed and valueAliases require that we be dealing with // allowed and valueAliases require that we be dealing with
// strings, so check for that early. // strings, so check for that early.
if (!isset(HTMLPurifier_VarParser::$stringTypes[$d->type])) { $d_int = HTMLPurifier_VarParser::$types[$d->type];
if (!isset(HTMLPurifier_VarParser::$stringTypes[$d_int])) {
$this->error('type', 'must be a string type when used with allowed or value aliases'); $this->error('type', 'must be a string type when used with allowed or value aliases');
} }
} }

2
library/HTMLPurifier/ConfigSchema/schema.ser
View File

File diff suppressed because one or more lines are too long

22
library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
View File

@@ -1,11 +1,11 @@
Attr.AllowedFrameTargets Attr.AllowedFrameTargets
TYPE: lookup TYPE: lookup
DEFAULT: array() DEFAULT: array()
--DESCRIPTION-- --DESCRIPTION--
Lookup table of all allowed link frame targets. Some commonly used link Lookup table of all allowed link frame targets. Some commonly used link
targets include _blank, _self, _parent and _top. Values should be targets include _blank, _self, _parent and _top. Values should be
lowercase, as validation will be done in a case-sensitive manner despite lowercase, as validation will be done in a case-sensitive manner despite
W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute
so this directive will have no effect in that doctype. XHTML 1.1 does not so this directive will have no effect in that doctype. XHTML 1.1 does not
enable the Target module by default, you will have to manually enable it enable the Target module by default, you will have to manually enable it
(see the module documentation for more details.) (see the module documentation for more details.)

16
library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
View File

@@ -1,8 +1,8 @@
Attr.AllowedRel Attr.AllowedRel
TYPE: lookup TYPE: lookup
VERSION: 1.6.0 VERSION: 1.6.0
DEFAULT: array() DEFAULT: array()
--DESCRIPTION-- --DESCRIPTION--
List of allowed forward document relationships in the rel attribute. Common List of allowed forward document relationships in the rel attribute. Common
values may be nofollow or print. By default, this is empty, meaning that no values may be nofollow or print. By default, this is empty, meaning that no
document relationships are allowed. document relationships are allowed.

16
library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
View File

@@ -1,8 +1,8 @@
Attr.AllowedRev Attr.AllowedRev
TYPE: lookup TYPE: lookup
VERSION: 1.6.0 VERSION: 1.6.0
DEFAULT: array() DEFAULT: array()
--DESCRIPTION-- --DESCRIPTION--
List of allowed reverse document relationships in the rev attribute. This List of allowed reverse document relationships in the rev attribute. This
attribute is a bit of an edge-case; if you don't know what it is for, stay attribute is a bit of an edge-case; if you don't know what it is for, stay
away. away.

16
library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
View File

@@ -1,8 +1,8 @@
Attr.DefaultInvalidImage Attr.DefaultInvalidImage
TYPE: string TYPE: string
DEFAULT: '' DEFAULT: ''
--DESCRIPTION-- --DESCRIPTION--
This is the default image an img tag will be pointed to if it does not have This is the default image an img tag will be pointed to if it does not have
a valid src attribute. In future versions, we may allow the image tag to a valid src attribute. In future versions, we may allow the image tag to
be removed completely, but due to design issues, this is not possible right be removed completely, but due to design issues, this is not possible right
now. now.

14
library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
View File

@@ -1,7 +1,7 @@
Attr.DefaultInvalidImageAlt Attr.DefaultInvalidImageAlt
TYPE: string TYPE: string
DEFAULT: 'Invalid image' DEFAULT: 'Invalid image'
--DESCRIPTION-- --DESCRIPTION--
This is the content of the alt tag of an invalid image if the user had not This is the content of the alt tag of an invalid image if the user had not
previously specified an alt attribute. It has no effect when the image is previously specified an alt attribute. It has no effect when the image is
valid but there was no alt attribute present. valid but there was no alt attribute present.

18
library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
View File

@@ -1,9 +1,9 @@
Attr.DefaultTextDir Attr.DefaultTextDir
TYPE: string TYPE: string
DEFAULT: 'ltr' DEFAULT: 'ltr'
--DESCRIPTION-- --DESCRIPTION--
Defines the default text direction (ltr or rtl) of the document being Defines the default text direction (ltr or rtl) of the document being
parsed. This generally is the same as the value of the dir attribute in parsed. This generally is the same as the value of the dir attribute in
HTML, or ltr if that is not specified. HTML, or ltr if that is not specified.
--ALLOWED-- --ALLOWED--
'ltr', 'rtl' 'ltr', 'rtl'

30
library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
View File

@@ -1,15 +1,15 @@
Attr.EnableID Attr.EnableID
TYPE: bool TYPE: bool
DEFAULT: false DEFAULT: false
VERSION: 1.2.0 VERSION: 1.2.0
--DESCRIPTION-- --DESCRIPTION--
Allows the ID attribute in HTML. This is disabled by default due to the Allows the ID attribute in HTML. This is disabled by default due to the
fact that without proper configuration user input can easily break the fact that without proper configuration user input can easily break the
validation of a webpage by specifying an ID that is already on the validation of a webpage by specifying an ID that is already on the
surrounding HTML. If you don't mind throwing caution to the wind, enable surrounding HTML. If you don't mind throwing caution to the wind, enable
this directive, but I strongly recommend you also consider blacklisting IDs this directive, but I strongly recommend you also consider blacklisting IDs
you use (%Attr.IDBlacklist) or prefixing all user supplied IDs you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of (%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of
pre-1.2.0 versions. pre-1.2.0 versions.
--ALIASES-- --ALIASES--
HTML.EnableAttrID HTML.EnableAttrID

8
library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
View File

@@ -1,4 +1,4 @@
Attr.IDBlacklist Attr.IDBlacklist
TYPE: list TYPE: list
DEFAULT: array() DEFAULT: array()
DESCRIPTION: Array of IDs not allowed in the document. DESCRIPTION: Array of IDs not allowed in the document.

16
library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
View File

@@ -1,8 +1,8 @@
Attr.IDBlacklistRegexp Attr.IDBlacklistRegexp
TYPE: string/null TYPE: string/null
VERSION: 1.6.0 VERSION: 1.6.0
DEFAULT: NULL DEFAULT: NULL
--DESCRIPTION-- --DESCRIPTION--
PCRE regular expression to be matched against all IDs. If the expression is PCRE regular expression to be matched against all IDs. If the expression is
matches, the ID is rejected. Use this with care: may cause significant matches, the ID is rejected. Use this with care: may cause significant
degradation. ID matching is done after all other validation. degradation. ID matching is done after all other validation.

22
library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
View File

@@ -1,11 +1,11 @@
Attr.IDPrefix Attr.IDPrefix
TYPE: string TYPE: string
VERSION: 1.2.0 VERSION: 1.2.0
DEFAULT: '' DEFAULT: ''
--DESCRIPTION-- --DESCRIPTION--
String to prefix to IDs. If you have no idea what IDs your pages may use, String to prefix to IDs. If you have no idea what IDs your pages may use,
you may opt to simply add a prefix to all user-submitted ID attributes so you may opt to simply add a prefix to all user-submitted ID attributes so
that they are still usable, but will not conflict with core page IDs. that they are still usable, but will not conflict with core page IDs.
Example: setting the directive to 'user_' will result in a user submitted Example: setting the directive to 'user_' will result in a user submitted
'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true 'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
before using this. before using this.

26
library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
View File

@@ -1,13 +1,13 @@
Attr.IDPrefixLocal Attr.IDPrefixLocal
TYPE: string TYPE: string
VERSION: 1.2.0 VERSION: 1.2.0
DEFAULT: '' DEFAULT: ''
--DESCRIPTION-- --DESCRIPTION--
Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you
need to allow multiple sets of user content on web page, you may need to need to allow multiple sets of user content on web page, you may need to
have a seperate prefix that changes with each iteration. This way, have a seperate prefix that changes with each iteration. This way,
seperately submitted user content displayed on the same page doesn't seperately submitted user content displayed on the same page doesn't
clobber each other. Ideal values are unique identifiers for the content it clobber each other. Ideal values are unique identifiers for the content it
represents (i.e. the id of the row in the database). Be sure to add a represents (i.e. the id of the row in the database). Be sure to add a
seperator (like an underscore) at the end. Warning: this directive will seperator (like an underscore) at the end. Warning: this directive will
not work unless %Attr.IDPrefix is set to a non-empty value! not work unless %Attr.IDPrefix is set to a non-empty value!

4
library/HTMLPurifier/ConfigSchema/schema/Attr.txt
View File

@@ -1,2 +1,2 @@
Attr Attr
DESCRIPTION: Features regarding attribute validation. DESCRIPTION: Features regarding attribute validation.

60
library/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
View File

@@ -1,30 +1,30 @@
AutoFormat.AutoParagraph AutoFormat.AutoParagraph
TYPE: bool TYPE: bool
VERSION: 2.0.1 VERSION: 2.0.1
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
This directive turns on auto-paragraphing, where double newlines are This directive turns on auto-paragraphing, where double newlines are
converted in to paragraphs whenever possible. Auto-paragraphing: converted in to paragraphs whenever possible. Auto-paragraphing:
</p> </p>
<ul> <ul>
<li>Always applies to inline elements or text in the root node,</li> <li>Always applies to inline elements or text in the root node,</li>
<li>Applies to inline elements or text with double newlines in nodes <li>Applies to inline elements or text with double newlines in nodes
that allow paragraph tags,</li> that allow paragraph tags,</li>
<li>Applies to double newlines in paragraph tags</li> <li>Applies to double newlines in paragraph tags</li>
</ul> </ul>
<p> <p>
<code>p</code> tags must be allowed for this directive to take effect. <code>p</code> tags must be allowed for this directive to take effect.
We do not use <code>br</code> tags for paragraphing, as that is We do not use <code>br</code> tags for paragraphing, as that is
semantically incorrect. semantically incorrect.
</p> </p>
<p> <p>
To prevent auto-paragraphing as a content-producer, refrain from using To prevent auto-paragraphing as a content-producer, refrain from using
double-newlines except to specify a new paragraph or in contexts where double-newlines except to specify a new paragraph or in contexts where
it has special meaning (whitespace usually has no meaning except in it has special meaning (whitespace usually has no meaning except in
tags like <code>pre</code>, so this should not be difficult.) To prevent tags like <code>pre</code>, so this should not be difficult.) To prevent
the paragraphing of inline text adjacent to block elements, wrap them the paragraphing of inline text adjacent to block elements, wrap them
in <code>div</code> tags (the behavior is slightly different outside of in <code>div</code> tags (the behavior is slightly different outside of
the root node.) the root node.)
</p> </p>

24
library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
View File

@@ -1,12 +1,12 @@
AutoFormat.Custom AutoFormat.Custom
TYPE: list TYPE: list
VERSION: 2.0.1 VERSION: 2.0.1
DEFAULT: array() DEFAULT: array()
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
This directive can be used to add custom auto-format injectors. This directive can be used to add custom auto-format injectors.
Specify an array of injector names (class name minus the prefix) Specify an array of injector names (class name minus the prefix)
or concrete implementations. Injector class must exist. or concrete implementations. Injector class must exist.
</p> </p>

24
library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
View File

@@ -1,12 +1,12 @@
AutoFormat.Linkify AutoFormat.Linkify
TYPE: bool TYPE: bool
VERSION: 2.0.1 VERSION: 2.0.1
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
This directive turns on linkification, auto-linking http, ftp and This directive turns on linkification, auto-linking http, ftp and
https URLs. <code>a</code> tags with the <code>href</code> attribute https URLs. <code>a</code> tags with the <code>href</code> attribute
must be allowed. must be allowed.
</p> </p>

24
library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
View File

@@ -1,12 +1,12 @@
AutoFormat.PurifierLinkify AutoFormat.PurifierLinkify
TYPE: bool TYPE: bool
VERSION: 2.0.1 VERSION: 2.0.1
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
Internal auto-formatter that converts configuration directives in Internal auto-formatter that converts configuration directives in
syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
with the <code>href</code> attribute must be allowed. with the <code>href</code> attribute must be allowed.
</p> </p>

4
library/HTMLPurifier/ConfigSchema/schema/AutoFormat.txt
View File

@@ -1,2 +1,2 @@
AutoFormat AutoFormat
DESCRIPTION: Configuration for activating auto-formatting functionality (also known as <code>Injector</code>s) DESCRIPTION: Configuration for activating auto-formatting functionality (also known as <code>Injector</code>s)

24
library/HTMLPurifier/ConfigSchema/schema/AutoFormatParam.PurifierLinkifyDocURL.txt
View File

@@ -1,12 +1,12 @@
AutoFormatParam.PurifierLinkifyDocURL AutoFormatParam.PurifierLinkifyDocURL
TYPE: string TYPE: string
VERSION: 2.0.1 VERSION: 2.0.1
DEFAULT: '#%s' DEFAULT: '#%s'
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
Location of configuration documentation to link to, let %s substitute Location of configuration documentation to link to, let %s substitute
into the configuration's namespace and directive names sans the percent into the configuration's namespace and directive names sans the percent
sign. sign.
</p> </p>

4
library/HTMLPurifier/ConfigSchema/schema/AutoFormatParam.txt
View File

@@ -1,2 +1,2 @@
AutoFormatParam AutoFormatParam
DESCRIPTION: Configuration for customizing auto-formatting functionality DESCRIPTION: Configuration for customizing auto-formatting functionality

22
library/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
View File

@@ -1,11 +1,11 @@
CSS.DefinitionRev CSS.DefinitionRev
TYPE: int TYPE: int
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: 1 DEFAULT: 1
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
Revision identifier for your custom definition. See Revision identifier for your custom definition. See
%HTML.DefinitionRev for details. %HTML.DefinitionRev for details.
</p> </p>

15
library/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt Normal file
View File

@@ -0,0 +1,15 @@
CSS.MaxImgLength
TYPE: string/null
DEFAULT: '1200px'
VERSION: 3.1.1
--DESCRIPTION--
<p>
This parameter sets the maximum allowed length on <code>img</code> tags,
effectively the <code>width</code> and <code>height</code> properties.
Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
in place to prevent imagecrash attacks, disable with null at your own risk.
This directive is similar to %HTML.MaxImgLength, and both should be
concurrently edited, although there are
subtle differences in the input format (the CSS max is a number with
a unit).
</p>

20
library/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
View File

@@ -1,10 +1,10 @@
CSS.Proprietary CSS.Proprietary
TYPE: bool TYPE: bool
VERSION: 3.0.0 VERSION: 3.0.0
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
Whether or not to allow safe, proprietary CSS values. Whether or not to allow safe, proprietary CSS values.
</p> </p>

4
library/HTMLPurifier/ConfigSchema/schema/CSS.txt
View File

@@ -1,2 +1,2 @@
CSS CSS
DESCRIPTION: Configuration regarding allowed CSS. DESCRIPTION: Configuration regarding allowed CSS.

26
library/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
View File

@@ -1,13 +1,13 @@
Cache.DefinitionImpl Cache.DefinitionImpl
TYPE: string/null TYPE: string/null
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: 'Serializer' DEFAULT: 'Serializer'
--DESCRIPTION-- --DESCRIPTION--
This directive defines which method to use when caching definitions, This directive defines which method to use when caching definitions,
the complex data-type that makes HTML Purifier tick. Set to null the complex data-type that makes HTML Purifier tick. Set to null
to disable caching (not recommended, as you will see a definite to disable caching (not recommended, as you will see a definite
performance degradation). performance degradation).
--ALIASES-- --ALIASES--
Core.DefinitionCache Core.DefinitionCache

26
library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
View File

@@ -1,13 +1,13 @@
Cache.SerializerPath Cache.SerializerPath
TYPE: string/null TYPE: string/null
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: NULL DEFAULT: NULL
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
Absolute path with no trailing slash to store serialized definitions in. Absolute path with no trailing slash to store serialized definitions in.
Default is within the Default is within the
HTML Purifier library inside DefinitionCache/Serializer. This HTML Purifier library inside DefinitionCache/Serializer. This
path must be writable by the webserver. path must be writable by the webserver.
</p> </p>

4
library/HTMLPurifier/ConfigSchema/schema/Cache.txt
View File

@@ -1,2 +1,2 @@
Cache Cache
DESCRIPTION: Configuration for DefinitionCache and related subclasses. DESCRIPTION: Configuration for DefinitionCache and related subclasses.

26
library/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
View File

@@ -1,13 +1,13 @@
Core.AggressivelyFixLt Core.AggressivelyFixLt
TYPE: bool TYPE: bool
VERSION: 2.1.0 VERSION: 2.1.0
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
This directive enables aggressive pre-filter fixes HTML Purifier can This directive enables aggressive pre-filter fixes HTML Purifier can
perform in order to ensure that open angled-brackets do not get killed perform in order to ensure that open angled-brackets do not get killed
during parsing stage. Enabling this will result in two preg_replace_callback during parsing stage. Enabling this will result in two preg_replace_callback
calls and one preg_replace call for every bit of HTML passed through here. calls and one preg_replace call for every bit of HTML passed through here.
It is not necessary and will have no effect for PHP 4. It is not necessary and will have no effect for PHP 4.

22
library/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
View File

@@ -1,11 +1,11 @@
Core.CollectErrors Core.CollectErrors
TYPE: bool TYPE: bool
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
Whether or not to collect errors found while filtering the document. This Whether or not to collect errors found while filtering the document. This
is a useful way to give feedback to your users. <strong>Warning:</strong> is a useful way to give feedback to your users. <strong>Warning:</strong>
Currently this feature is very patchy and experimental, with lots of Currently this feature is very patchy and experimental, with lots of
possible error messages not yet implemented. It will not cause any possible error messages not yet implemented. It will not cause any
problems, but it may not help your users either. problems, but it may not help your users either.

58
library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
View File

@@ -1,29 +1,29 @@
Core.ColorKeywords Core.ColorKeywords
TYPE: hash TYPE: hash
VERSION: 2.0.0 VERSION: 2.0.0
--DEFAULT-- --DEFAULT--
array ( array (
'maroon' => '#800000', 'maroon' => '#800000',
'red' => '#FF0000', 'red' => '#FF0000',
'orange' => '#FFA500', 'orange' => '#FFA500',
'yellow' => '#FFFF00', 'yellow' => '#FFFF00',
'olive' => '#808000', 'olive' => '#808000',
'purple' => '#800080', 'purple' => '#800080',
'fuchsia' => '#FF00FF', 'fuchsia' => '#FF00FF',
'white' => '#FFFFFF', 'white' => '#FFFFFF',
'lime' => '#00FF00', 'lime' => '#00FF00',
'green' => '#008000', 'green' => '#008000',
'navy' => '#000080', 'navy' => '#000080',
'blue' => '#0000FF', 'blue' => '#0000FF',
'aqua' => '#00FFFF', 'aqua' => '#00FFFF',
'teal' => '#008080', 'teal' => '#008080',
'black' => '#000000', 'black' => '#000000',
'silver' => '#C0C0C0', 'silver' => '#C0C0C0',
'gray' => '#808080', 'gray' => '#808080',
) )
--DESCRIPTION-- --DESCRIPTION--
Lookup array of color names to six digit hexadecimal number corresponding Lookup array of color names to six digit hexadecimal number corresponding
to color, with preceding hash mark. Used when parsing colors. to color, with preceding hash mark. Used when parsing colors.

26
library/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
View File

@@ -1,13 +1,13 @@
Core.ConvertDocumentToFragment Core.ConvertDocumentToFragment
TYPE: bool TYPE: bool
DEFAULT: true DEFAULT: true
--DESCRIPTION-- --DESCRIPTION--
This parameter determines whether or not the filter should convert This parameter determines whether or not the filter should convert
input that is a full document with html and body tags to a fragment input that is a full document with html and body tags to a fragment
of just the contents of a body tag. This parameter is simply something of just the contents of a body tag. This parameter is simply something
HTML Purifier can do during an edge-case: for most inputs, this HTML Purifier can do during an edge-case: for most inputs, this
processing is not necessary. processing is not necessary.
--ALIASES-- --ALIASES--
Core.AcceptFullDocuments Core.AcceptFullDocuments

34
library/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
View File

@@ -1,17 +1,17 @@
Core.DirectLexLineNumberSyncInterval Core.DirectLexLineNumberSyncInterval
TYPE: int TYPE: int
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: 0 DEFAULT: 0
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
Specifies the number of tokens the DirectLex line number tracking Specifies the number of tokens the DirectLex line number tracking
implementations should process before attempting to resyncronize the implementations should process before attempting to resyncronize the
current line count by manually counting all previous new-lines. When current line count by manually counting all previous new-lines. When
at 0, this functionality is disabled. Lower values will decrease at 0, this functionality is disabled. Lower values will decrease
performance, and this is only strictly necessary if the counting performance, and this is only strictly necessary if the counting
algorithm is buggy (in which case you should report it as a bug). algorithm is buggy (in which case you should report it as a bug).
This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
not being used. not being used.
</p> </p>

28
library/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
View File

@@ -1,14 +1,14 @@
Core.Encoding Core.Encoding
TYPE: istring TYPE: istring
DEFAULT: 'utf-8' DEFAULT: 'utf-8'
--DESCRIPTION-- --DESCRIPTION--
If for some reason you are unable to convert all webpages to UTF-8, you can If for some reason you are unable to convert all webpages to UTF-8, you can
use this directive as a stop-gap compatibility change to let HTML Purifier use this directive as a stop-gap compatibility change to let HTML Purifier
deal with non UTF-8 input. This technique has notable deficiencies: deal with non UTF-8 input. This technique has notable deficiencies:
absolutely no characters outside of the selected character encoding will be absolutely no characters outside of the selected character encoding will be
preserved, not even the ones that have been ampersand escaped (this is due preserved, not even the ones that have been ampersand escaped (this is due
to a UTF-8 specific <em>feature</em> that automatically resolves all to a UTF-8 specific <em>feature</em> that automatically resolves all
entities), making it pretty useless for anything except the most I18N-blind entities), making it pretty useless for anything except the most I18N-blind
applications, although %Core.EscapeNonASCIICharacters offers fixes this applications, although %Core.EscapeNonASCIICharacters offers fixes this
trouble with another tradeoff. This directive only accepts ISO-8859-1 if trouble with another tradeoff. This directive only accepts ISO-8859-1 if
iconv is not enabled. iconv is not enabled.

18
library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
View File

@@ -1,9 +1,9 @@
Core.EscapeInvalidChildren Core.EscapeInvalidChildren
TYPE: bool TYPE: bool
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
When true, a child is found that is not allowed in the context of the When true, a child is found that is not allowed in the context of the
parent element will be transformed into text as if it were ASCII. When parent element will be transformed into text as if it were ASCII. When
false, that element and all internal tags will be dropped, though text will false, that element and all internal tags will be dropped, though text will
be preserved. There is no option for dropping the element but preserving be preserved. There is no option for dropping the element but preserving
child nodes. child nodes.

12
library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
View File

@@ -1,6 +1,6 @@
Core.EscapeInvalidTags Core.EscapeInvalidTags
TYPE: bool TYPE: bool
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
When true, invalid tags will be written back to the document as plain text. When true, invalid tags will be written back to the document as plain text.
Otherwise, they are silently dropped. Otherwise, they are silently dropped.

24
library/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
View File

@@ -1,12 +1,12 @@
Core.EscapeNonASCIICharacters Core.EscapeNonASCIICharacters
TYPE: bool TYPE: bool
VERSION: 1.4.0 VERSION: 1.4.0
DEFAULT: false DEFAULT: false
--DESCRIPTION-- --DESCRIPTION--
This directive overcomes a deficiency in %Core.Encoding by blindly This directive overcomes a deficiency in %Core.Encoding by blindly
converting all non-ASCII characters into decimal numeric entities before converting all non-ASCII characters into decimal numeric entities before
converting it to its native encoding. This means that even characters that converting it to its native encoding. This means that even characters that
can be expressed in the non-UTF-8 encoding will be entity-ized, which can can be expressed in the non-UTF-8 encoding will be entity-ized, which can
be a real downer for encodings like Big5. It also assumes that the ASCII be a real downer for encodings like Big5. It also assumes that the ASCII
repetoire is available, although this is the case for almost all encodings. repetoire is available, although this is the case for almost all encodings.
Anyway, use UTF-8! Anyway, use UTF-8!

38
library/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
View File

@@ -1,19 +1,19 @@
Core.HiddenElements Core.HiddenElements
TYPE: lookup TYPE: lookup
--DEFAULT-- --DEFAULT--
array ( array (
'script' => true, 'script' => true,
'style' => true, 'style' => true,
) )
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
This directive is a lookup array of elements which should have their This directive is a lookup array of elements which should have their
contents removed when they are not allowed by the HTML definition. contents removed when they are not allowed by the HTML definition.
For example, the contents of a <code>script</code> tag are not For example, the contents of a <code>script</code> tag are not
normally shown in a document, so if script tags are to be removed, normally shown in a document, so if script tags are to be removed,
their contents should be removed to. This is opposed to a <code>b</code> their contents should be removed to. This is opposed to a <code>b</code>
tag, which defines some presentational changes but does not hide its tag, which defines some presentational changes but does not hide its
contents. contents.
</p> </p>

22
library/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
View File

@@ -1,11 +1,11 @@
Core.Language Core.Language
TYPE: string TYPE: string
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: 'en' DEFAULT: 'en'
--DESCRIPTION-- --DESCRIPTION--
ISO 639 language code for localizable things in HTML Purifier to use, ISO 639 language code for localizable things in HTML Purifier to use,
which is mainly error reporting. There is currently only an English (en) which is mainly error reporting. There is currently only an English (en)
translation, so this directive is currently useless. translation, so this directive is currently useless.

66
library/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
View File

@@ -1,33 +1,33 @@
Core.LexerImpl Core.LexerImpl
TYPE: mixed/null TYPE: mixed/null
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: NULL DEFAULT: NULL
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
This parameter determines what lexer implementation can be used. The This parameter determines what lexer implementation can be used. The
valid values are: valid values are:
</p> </p>
<dl> <dl>
<dt><em>null</em></dt> <dt><em>null</em></dt>
<dd> <dd>
Recommended, the lexer implementation will be auto-detected based on Recommended, the lexer implementation will be auto-detected based on
your PHP-version and configuration. your PHP-version and configuration.
</dd> </dd>
<dt><em>string</em> lexer identifier</dt> <dt><em>string</em> lexer identifier</dt>
<dd> <dd>
This is a slim way of manually overridding the implementation. This is a slim way of manually overridding the implementation.
Currently recognized values are: DOMLex (the default PHP5 Currently recognized values are: DOMLex (the default PHP5
implementation) implementation)
and DirectLex (the default PHP4 implementation). Only use this if and DirectLex (the default PHP4 implementation). Only use this if
you know what you are doing: usually, the auto-detection will you know what you are doing: usually, the auto-detection will
manage things for cases you aren't even aware of. manage things for cases you aren't even aware of.
</dd> </dd>
<dt><em>object</em> lexer instance</dt> <dt><em>object</em> lexer instance</dt>
<dd> <dd>
Super-advanced: you can specify your own, custom, implementation that Super-advanced: you can specify your own, custom, implementation that
implements the interface defined by <code>HTMLPurifier_Lexer</code>. implements the interface defined by <code>HTMLPurifier_Lexer</code>.
I may remove this option simply because I don't expect anyone I may remove this option simply because I don't expect anyone
to use it. to use it.
</dd> </dd>
</dl> </dl>

32
library/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
View File

@@ -1,16 +1,16 @@
Core.MaintainLineNumbers Core.MaintainLineNumbers
TYPE: bool/null TYPE: bool/null
VERSION: 2.0.0 VERSION: 2.0.0
DEFAULT: NULL DEFAULT: NULL
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
If true, HTML Purifier will add line number information to all tokens. If true, HTML Purifier will add line number information to all tokens.
This is useful when error reporting is turned on, but can result in This is useful when error reporting is turned on, but can result in
significant performance degradation and should not be used when significant performance degradation and should not be used when
unnecessary. This directive must be used with the DirectLex lexer, unnecessary. This directive must be used with the DirectLex lexer,
as the DOMLex lexer does not (yet) support this functionality. as the DOMLex lexer does not (yet) support this functionality.
If the value is null, an appropriate value will be selected based If the value is null, an appropriate value will be selected based
on other configuration. on other configuration.
</p> </p>

24
library/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
View File

@@ -1,12 +1,12 @@
Core.RemoveInvalidImg Core.RemoveInvalidImg
TYPE: bool TYPE: bool
DEFAULT: true DEFAULT: true
VERSION: 1.3.0 VERSION: 1.3.0
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
This directive enables pre-emptive URI checking in <code>img</code> This directive enables pre-emptive URI checking in <code>img</code>
tags, as the attribute validation strategy is not authorized to tags, as the attribute validation strategy is not authorized to
remove elements from the document. Revert to pre-1.3.0 behavior by setting to false. remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
</p> </p>

22
library/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
View File

@@ -1,11 +1,11 @@
Core.RemoveScriptContents Core.RemoveScriptContents
TYPE: bool/null TYPE: bool/null
DEFAULT: NULL DEFAULT: NULL
VERSION: 2.0.0 VERSION: 2.0.0
DEPRECATED-VERSION: 2.1.0 DEPRECATED-VERSION: 2.1.0
DEPRECATED-USE: Core.HiddenElements DEPRECATED-USE: Core.HiddenElements
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
This directive enables HTML Purifier to remove not only script tags This directive enables HTML Purifier to remove not only script tags
but all of their contents. but all of their contents.
</p> </p>

4
library/HTMLPurifier/ConfigSchema/schema/Core.txt
View File

@@ -1,2 +1,2 @@
Core Core
DESCRIPTION: Core features that are always available. DESCRIPTION: Core features that are always available.

14
library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
View File

@@ -21,3 +21,17 @@ $styles = $purifier->context->get('StyleBlocks');
foreach ($styles as $style) { foreach ($styles as $style) {
echo '<style type="text/css">' . $style . "</style>\n"; echo '<style type="text/css">' . $style . "</style>\n";
}]]></pre> }]]></pre>
<p>
<strong>Warning:</strong> It is possible for a user to mount an
imagecrash attack using this CSS. Counter-measures are difficult;
it is not simply enough to limit the range of CSS lengths (using
relative lengths with many nesting levels allows for large values
to be attained without actually specifying them in the stylesheet),
and the flexible nature of selectors makes it difficult to selectively
disable lengths on image tags (HTML Purifier, however, does disable
CSS width and height in inline styling). There are probably two effective
counter measures: an explicit width and height set to auto in all
images in your document (unlikely) or the disabling of width and
height (somewhat reasonable). Whether or not these measures should be
used is left to the reader.
</p>

4
library/HTMLPurifier/ConfigSchema/schema/Filter.txt
View File

@@ -1,2 +1,2 @@
Filter Filter
DESCRIPTION: Directives for turning filters on and off, or specifying custom filters. DESCRIPTION: Directives for turning filters on and off, or specifying custom filters.

28
library/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksEscaping.txt
View File

@@ -1,14 +1,14 @@
FilterParam.ExtractStyleBlocksEscaping FilterParam.ExtractStyleBlocksEscaping
TYPE: bool TYPE: bool
VERSION: 3.0.0 VERSION: 3.0.0
DEFAULT: true DEFAULT: true
ALIASES: Filter.ExtractStyleBlocksEscaping ALIASES: Filter.ExtractStyleBlocksEscaping
--DESCRIPTION-- --DESCRIPTION--
<p> <p>
Whether or not to escape the dangerous characters &lt;, &gt; and &amp; Whether or not to escape the dangerous characters &lt;, &gt; and &amp;
as \3C, \3E and \26, respectively. This is can be safely set to false as \3C, \3E and \26, respectively. This is can be safely set to false
if the contents of StyleBlocks will be placed in an external stylesheet, if the contents of StyleBlocks will be placed in an external stylesheet,
where there is no risk of it being interpreted as HTML. where there is no risk of it being interpreted as HTML.
</p> </p>

Some files were not shown because too many files have changed in this diff Show More