ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
HTMLPurifier_Injector_SafeObject Class Reference

Adds important param elements to inside of object in order to make things safe. More...

+ Inheritance diagram for HTMLPurifier_Injector_SafeObject:
+ Collaboration diagram for HTMLPurifier_Injector_SafeObject:

Public Member Functions

 prepare ($config, $context)
 Prepares the injector by giving it the config and context objects: this allows references to important variables to be made within the injector.
 handleElement (&$token)
 Handler that is called when a start or empty token is processed.
 handleEnd (&$token)
 Handler that is called when an end token is processed.
- Public Member Functions inherited from HTMLPurifier_Injector
 rewind ($index)
 Rewind to a spot to re-perform processing.
 getRewind ()
 Retrieves rewind, and then unsets it.
 checkNeeded ($config)
 This function checks if the HTML environment will work with the Injector: if p tags are not allowed, the Auto-Paragraphing injector should not be enabled.
 allowsElement ($name)
 Tests if the context node allows a certain element.
 handleText (&$token)
 Handler that is called when a text token is processed.
 notifyEnd ($token)
 Notifier that is called when an end token is processed.

Data Fields

 $name = 'SafeObject'
 $needed = array('object', 'param')
- Data Fields inherited from HTMLPurifier_Injector
 $name
 Advisory name of injector, this is for friendly error messages.
 $needed = array()
 Array of elements and attributes this injector creates and therefore need to be allowed by the definition.

Protected Attributes

 $objectStack = array()
 $paramStack = array()
 $addParam
 $allowedParam
- Protected Attributes inherited from HTMLPurifier_Injector
 $htmlDefinition
 Instance of HTMLPurifier_HTMLDefinition.
 $currentNesting
 Reference to CurrentNesting variable in Context.
 $inputTokens
 Reference to InputTokens variable in Context.
 $inputIndex
 Reference to InputIndex variable in Context.
 $rewind = false
 Index of inputTokens to rewind to.

Additional Inherited Members

- Protected Member Functions inherited from HTMLPurifier_Injector
 forward (&$i, &$current)
 Iterator function, which starts with the next token and continues until you reach the end of the input tokens.
 forwardUntilEndToken (&$i, &$current, &$nesting)
 Similar to _forward, but accepts a third parameter $nesting (which should be initialized at 0) and stops when we hit the end tag for the node $this->inputIndex starts in.
 backward (&$i, &$current)
 Iterator function, starts with the previous token and continues until you reach the beginning of input tokens.
 current (&$i, &$current)
 Initializes the iterator at the current position.

Detailed Description

Adds important param elements to inside of object in order to make things safe.

Definition at line 7 of file SafeObject.php.

Member Function Documentation

HTMLPurifier_Injector_SafeObject::handleElement ( $token)

Handler that is called when a start or empty token is processed.

Reimplemented from HTMLPurifier_Injector.

Definition at line 32 of file SafeObject.php.

References $n, and $name.

{
if ($token->name == 'object') {
$this->objectStack[] = $token;
$this->paramStack[] = array();
$new = array($token);
foreach ($this->addParam as $name => $value) {
$new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
}
$token = $new;
} elseif ($token->name == 'param') {
$nest = count($this->currentNesting) - 1;
if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
$i = count($this->objectStack) - 1;
if (!isset($token->attr['name'])) {
$token = false;
return;
}
$n = $token->attr['name'];
// We need this fix because YouTube doesn't supply a data
// attribute, which we need if a type is specified. This is
// *very* Flash specific.
if (!isset($this->objectStack[$i]->attr['data']) &&
($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')) {
$this->objectStack[$i]->attr['data'] = $token->attr['value'];
}
// Check if the parameter is the correct value but has not
// already been added
if (
!isset($this->paramStack[$i][$n]) &&
isset($this->addParam[$n]) &&
$token->attr['name'] === $this->addParam[$n]
) {
// keep token, and add to param stack
$this->paramStack[$i][$n] = true;
} elseif (isset($this->allowedParam[$n])) {
// keep token, don't do anything to it
// (could possibly check for duplicates here)
} else {
$token = false;
}
} else {
// not directly inside an object, DENY!
$token = false;
}
}
}
HTMLPurifier_Injector_SafeObject::handleEnd ( $token)

Handler that is called when an end token is processed.

Reimplemented from HTMLPurifier_Injector.

Definition at line 79 of file SafeObject.php.

{
// This is the WRONG way of handling the object and param stacks;
// we should be inserting them directly on the relevant object tokens
// so that the global stack handling handles it.
if ($token->name == 'object') {
array_pop($this->objectStack);
array_pop($this->paramStack);
}
}
HTMLPurifier_Injector_SafeObject::prepare (   $config,
  $context 
)

Prepares the injector by giving it the config and context objects: this allows references to important variables to be made within the injector.

This function also checks if the HTML environment will work with the Injector (see checkNeeded()).

Parameters
$configInstance of HTMLPurifier_Config
$contextInstance of HTMLPurifier_Context
Returns
Boolean false if success, string of missing needed element/attribute if failure

Reimplemented from HTMLPurifier_Injector.

Definition at line 28 of file SafeObject.php.

{
parent::prepare($config, $context);
}

Field Documentation

HTMLPurifier_Injector_SafeObject::$addParam
protected
Initial value:
array(
'allowScriptAccess' => 'never',
'allowNetworking' => 'internal',
)

Definition at line 16 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$allowedParam
protected
Initial value:
array(
'wmode' => true,
'movie' => true,
'flashvars' => true,
'src' => true,
'allowFullScreen' => true,
)

Definition at line 20 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$name = 'SafeObject'

Definition at line 9 of file SafeObject.php.

Referenced by handleElement().

HTMLPurifier_Injector_SafeObject::$needed = array('object', 'param')

Definition at line 10 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$objectStack = array()
protected

Definition at line 12 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$paramStack = array()
protected

Definition at line 13 of file SafeObject.php.


The documentation for this class was generated from the following file: