Adds important param elements to inside of object in order to make things safe. More...

Inheritance diagram for HTMLPurifier_Injector_SafeObject:

Collaboration diagram for HTMLPurifier_Injector_SafeObject:

Public Member Functions
	prepare ($config, $context)

	handleElement (&$token)

	handleEnd (&$token)

Public Member Functions inherited from HTMLPurifier_Injector
	rewind ($index)
	Rewind to a spot to re-perform processing. More...

	getRewind ()
	Retrieves rewind, and then unsets it. More...

	prepare ($config, $context)
	Prepares the injector by giving it the config and context objects: this allows references to important variables to be made within the injector. More...

	checkNeeded ($config)
	This function checks if the HTML environment will work with the Injector: if p tags are not allowed, the Auto-Paragraphing injector should not be enabled. More...

	allowsElement ($name)
	Tests if the context node allows a certain element. More...

	handleText (&$token)
	Handler that is called when a text token is processed. More...

	handleElement (&$token)
	Handler that is called when a start or empty token is processed. More...

	handleEnd (&$token)
	Handler that is called when an end token is processed. More...

	notifyEnd ($token)
	Notifier that is called when an end token is processed. More...

Data Fields
	$name = 'SafeObject'

	$needed = array('object', 'param')

Data Fields inherited from HTMLPurifier_Injector
	$name
	Advisory name of injector, this is for friendly error messages. More...

	$needed = array()
	Array of elements and attributes this injector creates and therefore need to be allowed by the definition. More...

Protected Attributes
	$objectStack = array()

	$paramStack = array()

	$addParam

	$allowedParam

Protected Attributes inherited from HTMLPurifier_Injector
	$htmlDefinition
	Instance of HTMLPurifier_HTMLDefinition. More...

	$currentNesting
	Reference to CurrentNesting variable in Context. More...

	$inputTokens
	Reference to InputTokens variable in Context. More...

	$inputIndex
	Reference to InputIndex variable in Context. More...

	$rewind = false
	Index of inputTokens to rewind to. More...

Additional Inherited Members
Protected Member Functions inherited from HTMLPurifier_Injector
	forward (&$i, &$current)
	Iterator function, which starts with the next token and continues until you reach the end of the input tokens. More...

	forwardUntilEndToken (&$i, &$current, &$nesting)
	Similar to _forward, but accepts a third parameter $nesting (which should be initialized at 0) and stops when we hit the end tag for the node $this->inputIndex starts in. More...

	backward (&$i, &$current)
	Iterator function, starts with the previous token and continues until you reach the beginning of input tokens. More...

	current (&$i, &$current)
	Initializes the iterator at the current position. More...

Detailed Description

Adds important param elements to inside of object in order to make things safe.

Definition at line 7 of file SafeObject.php.

Member Function Documentation

◆ handleElement()

HTMLPurifier_Injector_SafeObject::handleElement ( & $token )

Definition at line 32 of file SafeObject.php.

References $n, and $name.

                                            {
         if ($token->name == 'object') {
             $this->objectStack[] = $token;
             $this->paramStack[] = array();
             $new = array($token);
             foreach ($this->addParam as $name => $value) {
                 $new[] = new HTMLPurifier_Token_Empty('param', array('name' => $name, 'value' => $value));
             }
             $token = $new;
         } elseif ($token->name == 'param') {
             $nest = count($this->currentNesting) - 1;
             if ($nest >= 0 && $this->currentNesting[$nest]->name === 'object') {
                 $i = count($this->objectStack) - 1;
                 if (!isset($token->attr['name'])) {
                     $token = false;
                     return;
                 }
                 $n = $token->attr['name'];
                 // We need this fix because YouTube doesn't supply a data
                 // attribute, which we need if a type is specified. This is
                 // *very* Flash specific.
                 if (!isset($this->objectStack[$i]->attr['data']) &&
                     ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')) {
                     $this->objectStack[$i]->attr['data'] = $token->attr['value'];
                 }
                 // Check if the parameter is the correct value but has not
                 // already been added
                 if (
                     !isset($this->paramStack[$i][$n]) &&
                     isset($this->addParam[$n]) &&
                     $token->attr['name'] === $this->addParam[$n]
                 ) {
                     // keep token, and add to param stack
                     $this->paramStack[$i][$n] = true;
                 } elseif (isset($this->allowedParam[$n])) {
                     // keep token, don't do anything to it
                     // (could possibly check for duplicates here)
                 } else {
                     $token = false;
                 }
             } else {
                 // not directly inside an object, DENY!
                 $token = false;
             }
         }
     }

◆ handleEnd()

HTMLPurifier_Injector_SafeObject::handleEnd ( & $token )

Definition at line 79 of file SafeObject.php.

                                        {
         // This is the WRONG way of handling the object and param stacks;
         // we should be inserting them directly on the relevant object tokens
         // so that the global stack handling handles it.
         if ($token->name == 'object') {
             array_pop($this->objectStack);
             array_pop($this->paramStack);
         }
     }

◆ prepare()

HTMLPurifier_Injector_SafeObject::prepare	(	$config,
		$context
	)

Definition at line 28 of file SafeObject.php.

                                                {
         parent::prepare($config, $context);
     }

Field Documentation

◆ $addParam

HTMLPurifier_Injector_SafeObject::$addParam

protected

Initial value:

= array(
        'allowScriptAccess' => 'never',
        'allowNetworking' => 'internal',
    )

Definition at line 16 of file SafeObject.php.

◆ $allowedParam

HTMLPurifier_Injector_SafeObject::$allowedParam

protected

Initial value:

= array(
        'wmode' => true,
        'movie' => true,
        'flashvars' => true,
        'src' => true,
        'allowFullScreen' => true, 
    )

Definition at line 20 of file SafeObject.php.

◆ $name

HTMLPurifier_Injector_SafeObject::$name = 'SafeObject'

Definition at line 9 of file SafeObject.php.

Referenced by handleElement().

◆ $needed

HTMLPurifier_Injector_SafeObject::$needed = array('object', 'param')

Definition at line 10 of file SafeObject.php.

◆ $objectStack

HTMLPurifier_Injector_SafeObject::$objectStack = array()

protected

Definition at line 12 of file SafeObject.php.

◆ $paramStack

HTMLPurifier_Injector_SafeObject::$paramStack = array()

protected

Definition at line 13 of file SafeObject.php.

The documentation for this class was generated from the following file:

Services/Html/HtmlPurifier/library/HTMLPurifier/Injector/SafeObject.php

Public Member Functions

Data Fields

Protected Attributes

Additional Inherited Members

Detailed Description

Member Function Documentation

◆ handleElement()

◆ handleEnd()

◆ prepare()

Field Documentation

◆ $addParam

◆ $allowedParam

◆ $name

◆ $needed

◆ $objectStack

◆ $paramStack