ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
HTMLPurifier_AttrTransform_SafeParam Class Reference

Validates name/value pairs in param tags to be used in safe objects. More...

+ Inheritance diagram for HTMLPurifier_AttrTransform_SafeParam:
+ Collaboration diagram for HTMLPurifier_AttrTransform_SafeParam:

Public Member Functions

 __construct ()
 transform ($attr, $config, $context)
 Abstract: makes changes to the attributes dependent on multiple values.
- Public Member Functions inherited from HTMLPurifier_AttrTransform
 prependCSS (&$attr, $css)
 Prepends CSS properties to the style attribute, creating the attribute if it doesn't exist.
 confiscateAttr (&$attr, $key)
 Retrieves and removes an attribute.

Data Fields

 $name = "SafeParam"

Private Attributes

 $uri

Detailed Description

Validates name/value pairs in param tags to be used in safe objects.

This will only allow name values it recognizes, and pre-fill certain attributes with required values.

Note
This class only supports Flash. In the future, Quicktime support may be added.
Warning
This class expects an injector to add the necessary parameters tags.

Definition at line 15 of file SafeParam.php.

Constructor & Destructor Documentation

HTMLPurifier_AttrTransform_SafeParam::__construct ( )

Definition at line 20 of file SafeParam.php.

{
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
$this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
}

Member Function Documentation

HTMLPurifier_AttrTransform_SafeParam::transform (   $attr,
  $config,
  $context 
)

Abstract: makes changes to the attributes dependent on multiple values.

Parameters
$attrAssoc array of attributes, usually from HTMLPurifier_Token_Tag::$attr
$configMandatory HTMLPurifier_Config object.
$contextMandatory HTMLPurifier_Context object
Returns
Processed attribute array.

Reimplemented from HTMLPurifier_AttrTransform.

Definition at line 25 of file SafeParam.php.

References $config.

{
// If we add support for other objects, we'll need to alter the
// transforms.
switch ($attr['name']) {
// application/x-shockwave-flash
// Keep this synchronized with Injector/SafeObject.php
case 'allowScriptAccess':
$attr['value'] = 'never';
break;
case 'allowNetworking':
$attr['value'] = 'internal';
break;
case 'allowFullScreen':
if ($config->get('HTML.FlashAllowFullScreen')) {
$attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
} else {
$attr['value'] = 'false';
}
break;
case 'wmode':
$attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
break;
case 'movie':
case 'src':
$attr['name'] = "movie";
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
break;
case 'flashvars':
// we're going to allow arbitrary inputs to the SWF, on
// the reasoning that it could only hack the SWF, not us.
break;
// add other cases to support other param name/value pairs
default:
$attr['name'] = $attr['value'] = null;
}
return $attr;
}

Field Documentation

HTMLPurifier_AttrTransform_SafeParam::$name = "SafeParam"

Definition at line 17 of file SafeParam.php.

HTMLPurifier_AttrTransform_SafeParam::$uri
private

Definition at line 18 of file SafeParam.php.


The documentation for this class was generated from the following file: