ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f87
HTMLPurifier_Injector_SafeObject Class Reference

Adds important param elements to inside of object in order to make things safe. More...

+ Inheritance diagram for HTMLPurifier_Injector_SafeObject:
+ Collaboration diagram for HTMLPurifier_Injector_SafeObject:

Public Member Functions

 prepare ($config, $context)
 
 handleElement (&$token)
 
 handleEnd (&$token)
 
- Public Member Functions inherited from HTMLPurifier_Injector
 rewindOffset ($offset)
 Rewind to a spot to re-perform processing. More...
 
 getRewindOffset ()
 Retrieves rewind offset, and then unsets it. More...
 
 prepare ($config, $context)
 Prepares the injector by giving it the config and context objects: this allows references to important variables to be made within the injector. More...
 
 checkNeeded ($config)
 This function checks if the HTML environment will work with the Injector: if p tags are not allowed, the Auto-Paragraphing injector should not be enabled. More...
 
 allowsElement ($name)
 Tests if the context node allows a certain element. More...
 
 handleText (&$token)
 Handler that is called when a text token is processed. More...
 
 handleElement (&$token)
 Handler that is called when a start or empty token is processed. More...
 
 handleEnd (&$token)
 Handler that is called when an end token is processed. More...
 
 notifyEnd ($token)
 Notifier that is called when an end token is processed. More...
 

Data Fields

 $name = 'SafeObject'
 string More...
 
 $needed = array('object', 'param')
 array More...
 
- Data Fields inherited from HTMLPurifier_Injector
 $name
 Advisory name of injector, this is for friendly error messages. More...
 
 $needed = array()
 Array of elements and attributes this injector creates and therefore need to be allowed by the definition. More...
 

Protected Attributes

 $objectStack = array()
 array More...
 
 $paramStack = array()
 array More...
 
 $addParam
 Keep this synchronized with AttrTransform/SafeParam.php. More...
 
 $allowedParam
 array More...
 
- Protected Attributes inherited from HTMLPurifier_Injector
 $htmlDefinition
 HTMLPurifier_HTMLDefinition More...
 
 $currentNesting
 Reference to CurrentNesting variable in Context. More...
 
 $currentToken
 Reference to current token. More...
 
 $inputZipper
 Reference to InputZipper variable in Context. More...
 
 $rewindOffset = false
 Number of elements to rewind backwards (relative). More...
 

Additional Inherited Members

- Protected Member Functions inherited from HTMLPurifier_Injector
 forward (&$i, &$current)
 Iterator function, which starts with the next token and continues until you reach the end of the input tokens. More...
 
 forwardUntilEndToken (&$i, &$current, &$nesting)
 Similar to _forward, but accepts a third parameter $nesting (which should be initialized at 0) and stops when we hit the end tag for the node $this->inputIndex starts in. More...
 
 backward (&$i, &$current)
 Iterator function, starts with the previous token and continues until you reach the beginning of input tokens. More...
 

Detailed Description

Adds important param elements to inside of object in order to make things safe.

Definition at line 7 of file SafeObject.php.

Member Function Documentation

◆ handleElement()

HTMLPurifier_Injector_SafeObject::handleElement ( $token)
Parameters
HTMLPurifier_Token$token

Definition at line 62 of file SafeObject.php.

References $n, and $name.

63  {
64  if ($token->name == 'object') {
65  $this->objectStack[] = $token;
66  $this->paramStack[] = array();
67  $new = array($token);
68  foreach ($this->addParam as $name => $value) {
69  $new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
70  }
71  $token = $new;
72  } elseif ($token->name == 'param') {
73  $nest = count($this->currentNesting) - 1;
74  if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
75  $i = count($this->objectStack) - 1;
76  if (!isset($token->attr['name'])) {
77  $token = false;
78  return;
79  }
80  $n = $token->attr['name'];
81  // We need this fix because YouTube doesn't supply a data
82  // attribute, which we need if a type is specified. This is
83  // *very* Flash specific.
84  if (!isset($this->objectStack[$i]->attr['data']) &&
85  ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')
86  ) {
87  $this->objectStack[$i]->attr['data'] = $token->attr['value'];
88  }
89  // Check if the parameter is the correct value but has not
90  // already been added
91  if (!isset($this->paramStack[$i][$n]) &&
92  isset($this->addParam[$n]) &&
93  $token->attr['name'] === $this->addParam[$n]) {
94  // keep token, and add to param stack
95  $this->paramStack[$i][$n] = true;
96  } elseif (isset($this->allowedParam[$n])) {
97  // keep token, don't do anything to it
98  // (could possibly check for duplicates here)
99  } else {
100  $token = false;
101  }
102  } else {
103  // not directly inside an object, DENY!
104  $token = false;
105  }
106  }
107  }
$n
Definition: RandomTest.php:80
Concrete empty token class.
Definition: Empty.php:6

◆ handleEnd()

HTMLPurifier_Injector_SafeObject::handleEnd ( $token)

Definition at line 109 of file SafeObject.php.

110  {
111  // This is the WRONG way of handling the object and param stacks;
112  // we should be inserting them directly on the relevant object tokens
113  // so that the global stack handling handles it.
114  if ($token->name == 'object') {
115  array_pop($this->objectStack);
116  array_pop($this->paramStack);
117  }
118  }

◆ prepare()

HTMLPurifier_Injector_SafeObject::prepare (   $config,
  $context 
)
Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
void

Definition at line 54 of file SafeObject.php.

55  {
56  parent::prepare($config, $context);
57  }

Field Documentation

◆ $addParam

HTMLPurifier_Injector_SafeObject::$addParam
protected
Initial value:
= array(
'allowScriptAccess' => 'never',
'allowNetworking' => 'internal',
)

Keep this synchronized with AttrTransform/SafeParam.php.

array

Definition at line 33 of file SafeObject.php.

◆ $allowedParam

HTMLPurifier_Injector_SafeObject::$allowedParam
protected
Initial value:
= array(
'wmode' => true,
'movie' => true,
'flashvars' => true,
'src' => true,
'allowFullScreen' => true,
)

array

Definition at line 41 of file SafeObject.php.

◆ $name

HTMLPurifier_Injector_SafeObject::$name = 'SafeObject'

string

Definition at line 12 of file SafeObject.php.

Referenced by handleElement().

◆ $needed

HTMLPurifier_Injector_SafeObject::$needed = array('object', 'param')

array

Definition at line 17 of file SafeObject.php.

◆ $objectStack

HTMLPurifier_Injector_SafeObject::$objectStack = array()
protected

array

Definition at line 22 of file SafeObject.php.

◆ $paramStack

HTMLPurifier_Injector_SafeObject::$paramStack = array()
protected

array

Definition at line 27 of file SafeObject.php.


The documentation for this class was generated from the following file: