ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Data Fields | Protected Attributes
HTMLPurifier_Injector_SafeObject Class Reference

Adds important param elements to inside of object in order to make things safe. More...

+ Inheritance diagram for HTMLPurifier_Injector_SafeObject:
+ Collaboration diagram for HTMLPurifier_Injector_SafeObject:

Public Member Functions

 prepare ($config, $context)
 handleElement (&$token)
 handleEnd (&$token)
 Handler that is called when an end token is processed.
- Public Member Functions inherited from HTMLPurifier_Injector
 rewindOffset ($offset)
 Rewind to a spot to re-perform processing.
 getRewindOffset ()
 Retrieves rewind offset, and then unsets it.
 checkNeeded ($config)
 This function checks if the HTML environment will work with the Injector: if p tags are not allowed, the Auto-Paragraphing injector should not be enabled.
 allowsElement ($name)
 Tests if the context node allows a certain element.
 handleText (&$token)
 Handler that is called when a text token is processed.
 notifyEnd ($token)
 Notifier that is called when an end token is processed.

Data Fields

 $name = 'SafeObject'
 string
 $needed = array('object', 'param')
 array
- Data Fields inherited from HTMLPurifier_Injector
 $name
 Advisory name of injector, this is for friendly error messages.
 $needed = array()
 Array of elements and attributes this injector creates and therefore need to be allowed by the definition.

Protected Attributes

 $objectStack = array()
 array
 $paramStack = array()
 array
 $addParam
 Keep this synchronized with AttrTransform/SafeParam.php.
 $allowedParam
 array
- Protected Attributes inherited from HTMLPurifier_Injector
 $htmlDefinition
 HTMLPurifier_HTMLDefinition
 $currentNesting
 Reference to CurrentNesting variable in Context.
 $currentToken
 Reference to current token.
 $inputZipper
 Reference to InputZipper variable in Context.
 $rewindOffset = false
 Number of elements to rewind backwards (relative).

Additional Inherited Members

- Protected Member Functions inherited from HTMLPurifier_Injector
 forward (&$i, &$current)
 Iterator function, which starts with the next token and continues until you reach the end of the input tokens.
 forwardUntilEndToken (&$i, &$current, &$nesting)
 Similar to _forward, but accepts a third parameter $nesting (which should be initialized at 0) and stops when we hit the end tag for the node $this->inputIndex starts in.
 backward (&$i, &$current)
 Iterator function, starts with the previous token and continues until you reach the beginning of input tokens.

Detailed Description

Adds important param elements to inside of object in order to make things safe.

Definition at line 7 of file SafeObject.php.

Member Function Documentation

HTMLPurifier_Injector_SafeObject::handleElement ( $token)
Parameters
HTMLPurifier_Token$token

Reimplemented from HTMLPurifier_Injector.

Definition at line 62 of file SafeObject.php.

References $n, and $name.

{
if ($token->name == 'object') {
$this->objectStack[] = $token;
$this->paramStack[] = array();
$new = array($token);
foreach ($this->addParam as $name => $value) {
$new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
}
$token = $new;
} elseif ($token->name == 'param') {
$nest = count($this->currentNesting) - 1;
if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
$i = count($this->objectStack) - 1;
if (!isset($token->attr['name'])) {
$token = false;
return;
}
$n = $token->attr['name'];
// We need this fix because YouTube doesn't supply a data
// attribute, which we need if a type is specified. This is
// *very* Flash specific.
if (!isset($this->objectStack[$i]->attr['data']) &&
($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')
) {
$this->objectStack[$i]->attr['data'] = $token->attr['value'];
}
// Check if the parameter is the correct value but has not
// already been added
if (!isset($this->paramStack[$i][$n]) &&
isset($this->addParam[$n]) &&
$token->attr['name'] === $this->addParam[$n]) {
// keep token, and add to param stack
$this->paramStack[$i][$n] = true;
} elseif (isset($this->allowedParam[$n])) {
// keep token, don't do anything to it
// (could possibly check for duplicates here)
} else {
$token = false;
}
} else {
// not directly inside an object, DENY!
$token = false;
}
}
}
HTMLPurifier_Injector_SafeObject::handleEnd ( $token)

Handler that is called when an end token is processed.

Reimplemented from HTMLPurifier_Injector.

Definition at line 109 of file SafeObject.php.

{
// This is the WRONG way of handling the object and param stacks;
// we should be inserting them directly on the relevant object tokens
// so that the global stack handling handles it.
if ($token->name == 'object') {
array_pop($this->objectStack);
array_pop($this->paramStack);
}
}
HTMLPurifier_Injector_SafeObject::prepare (   $config,
  $context 
)
Parameters
HTMLPurifier_Config$config
HTMLPurifier_Context$context
Returns
void

Reimplemented from HTMLPurifier_Injector.

Definition at line 54 of file SafeObject.php.

{
parent::prepare($config, $context);
}

Field Documentation

HTMLPurifier_Injector_SafeObject::$addParam
protected
Initial value:
array(
'allowScriptAccess' => 'never',
'allowNetworking' => 'internal',
)

Keep this synchronized with AttrTransform/SafeParam.php.

array

Definition at line 33 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$allowedParam
protected
Initial value:
array(
'wmode' => true,
'movie' => true,
'flashvars' => true,
'src' => true,
'allowFullScreen' => true,
)

array

Definition at line 41 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$name = 'SafeObject'

string

Definition at line 12 of file SafeObject.php.

Referenced by handleElement().

HTMLPurifier_Injector_SafeObject::$needed = array('object', 'param')

array

Definition at line 17 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$objectStack = array()
protected

array

Definition at line 22 of file SafeObject.php.

HTMLPurifier_Injector_SafeObject::$paramStack = array()
protected

array

Definition at line 27 of file SafeObject.php.

The documentation for this class was generated from the following file: