HTMLPurifier_AttrTransform_SafeParam Class Reference

Validates name/value pairs in param tags to be used in safe objects. More...

Inheritance diagram for HTMLPurifier_AttrTransform_SafeParam:

Collaboration diagram for HTMLPurifier_AttrTransform_SafeParam:

Public Member Functions
	__construct ()
	transform ($attr, $config, $context)
	Abstract: makes changes to the attributes dependent on multiple values.
Public Member Functions inherited from HTMLPurifier_AttrTransform
	prependCSS (&$attr, $css)
	Prepends CSS properties to the style attribute, creating the attribute if it doesn't exist.
	confiscateAttr (&$attr, $key)
	Retrieves and removes an attribute.

Data Fields
	$name = "SafeParam"

Private Attributes
	$uri

Detailed Description

Validates name/value pairs in param tags to be used in safe objects.

This will only allow name values it recognizes, and pre-fill certain attributes with required values.

Note

This class only supports Flash. In the future, Quicktime support may be added.

Warning

This class expects an injector to add the necessary parameters tags.

Definition at line 15 of file SafeParam.php.

Constructor & Destructor Documentation

HTMLPurifier_AttrTransform_SafeParam::__construct

(

)

Definition at line 20 of file SafeParam.php.

                                  {
        $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
        $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
    }

Member Function Documentation

HTMLPurifier_AttrTransform_SafeParam::transform	(		$attr,
			$config,
			$context
	)

Abstract: makes changes to the attributes dependent on multiple values.

Parameters

$attr	Assoc array of attributes, usually from HTMLPurifier_Token_Tag::$attr
$config	Mandatory HTMLPurifier_Config object.
$context	Mandatory HTMLPurifier_Context object

Returns

Processed attribute array.

Reimplemented from HTMLPurifier_AttrTransform.

Definition at line 25 of file SafeParam.php.

References $config.

                                                        {
        // If we add support for other objects, we'll need to alter the
        // transforms.
        switch ($attr['name']) {
            // application/x-shockwave-flash
            // Keep this synchronized with Injector/SafeObject.php
            case 'allowScriptAccess':
                $attr['value'] = 'never';
                break;
            case 'allowNetworking':
                $attr['value'] = 'internal';
                break;
            case 'allowFullScreen':
                if ($config->get('HTML.FlashAllowFullScreen')) {
                    $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
                } else {
                    $attr['value'] = 'false';
                }
                break;
            case 'wmode':
                $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
                break;
            case 'movie':
            case 'src':
                $attr['name'] = "movie";
                $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
                break;
            case 'flashvars':
                // we're going to allow arbitrary inputs to the SWF, on
                // the reasoning that it could only hack the SWF, not us.
                break;
            // add other cases to support other param name/value pairs
            default:
                $attr['name'] = $attr['value'] = null;
        }
        return $attr;
    }

Field Documentation

HTMLPurifier_AttrTransform_SafeParam::$name = "SafeParam"

Definition at line 17 of file SafeParam.php.

HTMLPurifier_AttrTransform_SafeParam::$uri

private

Definition at line 18 of file SafeParam.php.

---

The documentation for this class was generated from the following file:

• Services/Html/HtmlPurifier/library/HTMLPurifier/AttrTransform/SafeParam.php