ILIAS  release_4-4 Revision
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Attributes | Private Attributes | Static Private Attributes
HTMLPurifier Class Reference

Facade that coordinates HTML Purifier's subsystems in order to purify HTML. More...

+ Collaboration diagram for HTMLPurifier:

Public Member Functions

 __construct ($config=null)
 Initializes the purifier. More...
 
 addFilter ($filter)
 Adds a filter to process the output. More...
 
 purify ($html, $config=null)
 Filters an HTML snippet/document to be XSS-free and standards-compliant. More...
 
 purifyArray ($array_of_html, $config=null)
 Filters an array of HTML snippets. More...
 

Static Public Member Functions

static instance ($prototype=null)
 Singleton for enforcing just one HTML Purifier in your system. More...
 
static getInstance ($prototype=null)
 

Data Fields

 $version = '4.5.0'
 Version of HTML Purifier. More...
 
const VERSION = '4.5.0'
 Constant with version of HTML Purifier. More...
 
 $config
 Global configuration object. More...
 
 $generator
 
 $context
 Resultant HTMLPurifier_Context of last run purification. More...
 

Protected Attributes

 $strategy
 

Private Attributes

 $filters = array()
 Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility. More...
 

Static Private Attributes

static $instance
 Single instance of HTML Purifier. More...
 

Detailed Description

Facade that coordinates HTML Purifier's subsystems in order to purify HTML.

Note
There are several points in which configuration can be specified for HTML Purifier. The precedence of these (from lowest to highest) is as follows:
  1. Instance: new HTMLPurifier($config)
  2. Invocation: purify($html, $config) These configurations are entirely independent of each other and are not merged (this behavior may change in the future).
Todo:
We need an easier way to inject strategies using the configuration object.

Definition at line 54 of file HTMLPurifier.php.

Constructor & Destructor Documentation

◆ __construct()

HTMLPurifier::__construct (   $config = null)

Initializes the purifier.

Parameters
$configOptional HTMLPurifier_Config object for all instances of the purifier, if omitted, a default configuration is supplied (which can be overridden on a per-use basis). The parameter can also be any type that HTMLPurifier_Config::create() supports.

Definition at line 88 of file HTMLPurifier.php.

References $config, and HTMLPurifier_Config\create().

88  {
89 
90  $this->config = HTMLPurifier_Config::create($config);
91 
92  $this->strategy = new HTMLPurifier_Strategy_Core();
93 
94  }
HTMLPurifier_Config\create
static create($config, $schema=null)
Convenience constructor that creates a config object based on a mixed var.
Definition: Config.php:109
HTMLPurifier\$config
$config
Global configuration object.
Definition: HTMLPurifier.php:64
HTMLPurifier_Strategy_Core
Core strategy composed of the big four strategies.
Definition: Core.php:6
+ Here is the call graph for this function:

Member Function Documentation

◆ addFilter()

HTMLPurifier::addFilter (   $filter)

Adds a filter to process the output.

First come first serve

Parameters
$filterHTMLPurifier_Filter object

Definition at line 100 of file HTMLPurifier.php.

100  {
101  trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
102  $this->filters[] = $filter;
103  }

◆ getInstance()

static HTMLPurifier::getInstance (   $prototype = null)
static
Note
Backwards compatibility, see instance()

Definition at line 231 of file HTMLPurifier.php.

References instance().

Referenced by HTMLPurifier_ConfigSchema_Builder_Xml\writeHTMLDiv().

231  {
232  return HTMLPurifier::instance($prototype);
233  }
HTMLPurifier\instance
static instance($prototype=null)
Singleton for enforcing just one HTML Purifier in your system.
Definition: HTMLPurifier.php:215
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ instance()

static HTMLPurifier::instance (   $prototype = null)
static

Singleton for enforcing just one HTML Purifier in your system.

Parameters
$prototypeOptional prototype HTMLPurifier instance to overload singleton with, or HTMLPurifier_Config instance to configure the generated version with.

Definition at line 215 of file HTMLPurifier.php.

References HTMLPurifier().

Referenced by getInstance().

215  {
216  if (!self::$instance || $prototype) {
217  if ($prototype instanceof HTMLPurifier) {
218  self::$instance = $prototype;
219  } elseif ($prototype) {
220  self::$instance = new HTMLPurifier($prototype);
221  } else {
222  self::$instance = new HTMLPurifier();
223  }
224  }
225  return self::$instance;
226  }
HTMLPurifier
Facade that coordinates HTML Purifier's subsystems in order to purify HTML.
Definition: HTMLPurifier.php:54
HTMLPurifier
HTMLPurifier($html, $config=null)
Purify HTML.
Definition: HTMLPurifier.func.php:15
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ purify()

HTMLPurifier::purify (   $html,
  $config = null 
)

Filters an HTML snippet/document to be XSS-free and standards-compliant.

Parameters
$htmlString of HTML to purify
$configHTMLPurifier_Config object for this operation, if omitted, defaults to the config object specified during this object's construction. The parameter can also be any type that HTMLPurifier_Config::create() supports.
Returns
Purified HTML

Definition at line 115 of file HTMLPurifier.php.

References $config, $context, $filters, HTMLPurifier_IDAccumulator\build(), HTMLPurifier_Encoder\convertFromUTF8(), HTMLPurifier_Encoder\convertToUTF8(), HTMLPurifier_Lexer\create(), HTMLPurifier_Config\create(), and HTMLPurifier_LanguageFactory\instance().

Referenced by purifyArray().

115  {
116 
117  // :TODO: make the config merge in, instead of replace
118  $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
119 
120  // implementation is partially environment dependant, partially
121  // configuration dependant
122  $lexer = HTMLPurifier_Lexer::create($config);
123 
124  $context = new HTMLPurifier_Context();
125 
126  // setup HTML generator
127  $this->generator = new HTMLPurifier_Generator($config, $context);
128  $context->register('Generator', $this->generator);
129 
130  // set up global context variables
131  if ($config->get('Core.CollectErrors')) {
132  // may get moved out if other facilities use it
133  $language_factory = HTMLPurifier_LanguageFactory::instance();
134  $language = $language_factory->create($config, $context);
135  $context->register('Locale', $language);
136 
137  $error_collector = new HTMLPurifier_ErrorCollector($context);
138  $context->register('ErrorCollector', $error_collector);
139  }
140 
141  // setup id_accumulator context, necessary due to the fact that
142  // AttrValidator can be called from many places
143  $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
144  $context->register('IDAccumulator', $id_accumulator);
145 
146  $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
147 
148  // setup filters
149  $filter_flags = $config->getBatch('Filter');
150  $custom_filters = $filter_flags['Custom'];
151  unset($filter_flags['Custom']);
152  $filters = array();
153  foreach ($filter_flags as $filter => $flag) {
154  if (!$flag) continue;
155  if (strpos($filter, '.') !== false) continue;
156  $class = "HTMLPurifier_Filter_$filter";
157  $filters[] = new $class;
158  }
159  foreach ($custom_filters as $filter) {
160  // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
161  $filters[] = $filter;
162  }
163  $filters = array_merge($filters, $this->filters);
164  // maybe prepare(), but later
165 
166  for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
167  $html = $filters[$i]->preFilter($html, $config, $context);
168  }
169 
170  // purified HTML
171  $html =
172  $this->generator->generateFromTokens(
173  // list of tokens
174  $this->strategy->execute(
175  // list of un-purified tokens
176  $lexer->tokenizeHTML(
177  // un-purified HTML
178  $html, $config, $context
179  ),
180  $config, $context
181  )
182  );
183 
184  for ($i = $filter_size - 1; $i >= 0; $i--) {
185  $html = $filters[$i]->postFilter($html, $config, $context);
186  }
187 
188  $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
189  $this->context =& $context;
190  return $html;
191  }
HTMLPurifier\$context
$context
Resultant HTMLPurifier_Context of last run purification.
Definition: HTMLPurifier.php:78
HTMLPurifier_Generator
Generates HTML from tokens.
Definition: Generator.php:10
HTMLPurifier_Lexer\create
static create($config)
Retrieves or sets the default Lexer as a Prototype Factory.
Definition: Lexer.php:68
HTMLPurifier_Encoder\convertFromUTF8
static convertFromUTF8($str, $config, $context)
Converts a string from UTF-8 based on configuration.
Definition: Encoder.php:371
HTMLPurifier_IDAccumulator\build
static build($config, $context)
Builds an IDAccumulator, also initializing the default blacklist.
Definition: IDAccumulator.php:24
HTMLPurifier_Config\create
static create($config, $schema=null)
Convenience constructor that creates a config object based on a mixed var.
Definition: Config.php:109
HTMLPurifier_Encoder\convertToUTF8
static convertToUTF8($str, $config, $context)
Converts a string to UTF-8 based on configuration.
Definition: Encoder.php:336
HTMLPurifier_LanguageFactory\instance
static instance($prototype=null)
Retrieve sole instance of the factory.
Definition: LanguageFactory.php:57
HTMLPurifier_ErrorCollector
Error collection class that enables HTML Purifier to report HTML problems back to the user...
Definition: ErrorCollector.php:7
HTMLPurifier\$config
$config
Global configuration object.
Definition: HTMLPurifier.php:64
HTMLPurifier_Context
Registry object that contains information about the current context.
Definition: Context.php:10
HTMLPurifier\$filters
$filters
Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility.
Definition: HTMLPurifier.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ purifyArray()

HTMLPurifier::purifyArray (   $array_of_html,
  $config = null 
)

Filters an array of HTML snippets.

Parameters
$configOptional HTMLPurifier_Config object for this operation. See HTMLPurifier::purify() for more details.
Returns
Array of purified HTML

Definition at line 199 of file HTMLPurifier.php.

References $config, $context, and purify().

199  {
200  $context_array = array();
201  foreach ($array_of_html as $key => $html) {
202  $array_of_html[$key] = $this->purify($html, $config);
203  $context_array[$key] = $this->context;
204  }
205  $this->context = $context_array;
206  return $array_of_html;
207  }
HTMLPurifier\$context
$context
Resultant HTMLPurifier_Context of last run purification.
Definition: HTMLPurifier.php:78
HTMLPurifier\purify
purify($html, $config=null)
Filters an HTML snippet/document to be XSS-free and standards-compliant.
Definition: HTMLPurifier.php:115
HTMLPurifier\$config
$config
Global configuration object.
Definition: HTMLPurifier.php:64
+ Here is the call graph for this function:

Field Documentation

◆ $config

HTMLPurifier::$config

Global configuration object.

Definition at line 64 of file HTMLPurifier.php.

Referenced by __construct(), purify(), and purifyArray().

◆ $context

HTMLPurifier::$context

Resultant HTMLPurifier_Context of last run purification.

Is an array of contexts if the last called method was purifyArray().

Definition at line 78 of file HTMLPurifier.php.

Referenced by purify(), and purifyArray().

◆ $filters

HTMLPurifier::$filters = array()
private

Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility.

Definition at line 67 of file HTMLPurifier.php.

Referenced by purify().

◆ $generator

HTMLPurifier::$generator

Definition at line 72 of file HTMLPurifier.php.

◆ $instance

HTMLPurifier::$instance
staticprivate

Single instance of HTML Purifier.

Definition at line 70 of file HTMLPurifier.php.

◆ $strategy

HTMLPurifier::$strategy
protected

Definition at line 72 of file HTMLPurifier.php.

◆ $version

HTMLPurifier::$version = '4.5.0'

Version of HTML Purifier.

Definition at line 58 of file HTMLPurifier.php.

◆ VERSION

const HTMLPurifier::VERSION = '4.5.0'

Constant with version of HTML Purifier.

Definition at line 61 of file HTMLPurifier.php.

The documentation for this class was generated from the following file: