Adds important param elements to inside of object in order to make things safe. More...

Inheritance diagram for HTMLPurifier_Injector_SafeObject:

Collaboration diagram for HTMLPurifier_Injector_SafeObject:

Public Member Functions
	prepare ($config, $context)
	Prepares the injector by giving it the config and context objects: this allows references to important variables to be made within the injector.
	handleElement (&$token)
	Handler that is called when a start or empty token is processed.
	handleEnd (&$token)
	Handler that is called when an end token is processed.
Public Member Functions inherited from HTMLPurifier_Injector
	rewind ($index)
	Rewind to a spot to re-perform processing.
	getRewind ()
	Retrieves rewind, and then unsets it.
	checkNeeded ($config)
	This function checks if the HTML environment will work with the Injector: if p tags are not allowed, the Auto-Paragraphing injector should not be enabled.
	allowsElement ($name)
	Tests if the context node allows a certain element.
	handleText (&$token)
	Handler that is called when a text token is processed.
	notifyEnd ($token)
	Notifier that is called when an end token is processed.

Data Fields
	$name = 'SafeObject'
	$needed = array('object', 'param')
Data Fields inherited from HTMLPurifier_Injector
	$name
	Advisory name of injector, this is for friendly error messages.
	$needed = array()
	Array of elements and attributes this injector creates and therefore need to be allowed by the definition.

Protected Attributes
	$objectStack = array()
	$paramStack = array()
	$addParam
	$allowedParam
Protected Attributes inherited from HTMLPurifier_Injector
	$htmlDefinition
	Instance of HTMLPurifier_HTMLDefinition.
	$currentNesting
	Reference to CurrentNesting variable in Context.
	$inputTokens
	Reference to InputTokens variable in Context.
	$inputIndex
	Reference to InputIndex variable in Context.
	$rewind = false
	Index of inputTokens to rewind to.

Additional Inherited Members
Protected Member Functions inherited from HTMLPurifier_Injector
	forward (&$i, &$current)
	Iterator function, which starts with the next token and continues until you reach the end of the input tokens.
	forwardUntilEndToken (&$i, &$current, &$nesting)
	Similar to _forward, but accepts a third parameter $nesting (which should be initialized at 0) and stops when we hit the end tag for the node $this->inputIndex starts in.
	backward (&$i, &$current)
	Iterator function, starts with the previous token and continues until you reach the beginning of input tokens.
	current (&$i, &$current)
	Initializes the iterator at the current position.

Detailed Description

Adds important param elements to inside of object in order to make things safe.

Definition at line 7 of file SafeObject.php.

Member Function Documentation

HTMLPurifier_Injector_SafeObject::handleElement ( & $token )

Handler that is called when a start or empty token is processed.

Reimplemented from HTMLPurifier_Injector.

Definition at line 29 of file SafeObject.php.

References $n, $name, and elseif().

                                           {
        if ($token->name == 'object') {
            $this->objectStack[] = $token;
            $this->paramStack[] = array();
            $new = array($token);
            foreach ($this->addParam as $name => $value) {
                $new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
            }
            $token = $new;
        } elseif ($token->name == 'param') {
            $nest = count($this->currentNesting) - 1;
            if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
                $i = count($this->objectStack) - 1;
                if (!isset($token->attr['name'])) {
                    $token = false;
                    return;
                }
                $n = $token->attr['name'];
                // We need this fix because YouTube doesn't supply a data
                // attribute, which we need if a type is specified. This is
                // *very* Flash specific.
                if (!isset($this->objectStack[$i]->attr['data']) && $token->attr['name'] == 'movie') {
                    $this->objectStack[$i]->attr['data'] = $token->attr['value'];
                }
                // Check if the parameter is the correct value but has not
                // already been added
                if (
                    !isset($this->paramStack[$i][$n]) &&
                    isset($this->addParam[$n]) &&
                    $token->attr['name'] === $this->addParam[$n]
                ) {
                    // keep token, and add to param stack
                    $this->paramStack[$i][$n] = true;
                } elseif (isset($this->allowedParam[$n])) {
                    // keep token, don't do anything to it
                    // (could possibly check for duplicates here)
                } else {
                    $token = false;
                }
            } else {
                // not directly inside an object, DENY!
                $token = false;
            }
        }
    }

Here is the call graph for this function:

HTMLPurifier_Injector_SafeObject::handleEnd ( & $token )

Handler that is called when an end token is processed.

Reimplemented from HTMLPurifier_Injector.

Definition at line 75 of file SafeObject.php.

                                       {
        // This is the WRONG way of handling the object and param stacks;
        // we should be inserting them directly on the relevant object tokens
        // so that the global stack handling handles it.
        if ($token->name == 'object') {
            array_pop($this->objectStack);
            array_pop($this->paramStack);
        }
    }

HTMLPurifier_Injector_SafeObject::prepare	(	$config,
		$context
	)

Prepares the injector by giving it the config and context objects: this allows references to important variables to be made within the injector.

This function also checks if the HTML environment will work with the Injector (see checkNeeded()).

Parameters

$config	Instance of HTMLPurifier_Config
$context	Instance of HTMLPurifier_Context

Returns: Boolean false if success, string of missing needed element/attribute if failure

Reimplemented from HTMLPurifier_Injector.

Definition at line 25 of file SafeObject.php.

References $config.

                                               {
        parent::prepare($config, $context);
    }

Field Documentation

HTMLPurifier_Injector_SafeObject::$addParam

protected

Initial value:

 array(
        'allowScriptAccess' => 'never',
        'allowNetworking' => 'internal',
    )

Definition at line 16 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$allowedParam

protected

Initial value:

 array(
        'wmode' => true,
        'movie' => true,
    )

Definition at line 20 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$name = 'SafeObject'

Definition at line 9 of file SafeObject.php.

Referenced by handleElement().

HTMLPurifier_Injector_SafeObject::$needed = array('object', 'param')

Definition at line 10 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$objectStack = array()

protected

Definition at line 12 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$paramStack = array()

protected

Definition at line 13 of file SafeObject.php.

The documentation for this class was generated from the following file:

Services/Html/HtmlPurifier/library/HTMLPurifier/Injector/SafeObject.php

Public Member Functions

Data Fields

Protected Attributes

Additional Inherited Members

Detailed Description

Member Function Documentation

Field Documentation