ILIAS  release_4-4 Revision
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Data Fields | Private Attributes
HTMLPurifier_AttrTransform_SafeParam Class Reference

Validates name/value pairs in param tags to be used in safe objects. More...

+ Inheritance diagram for HTMLPurifier_AttrTransform_SafeParam:
+ Collaboration diagram for HTMLPurifier_AttrTransform_SafeParam:

Public Member Functions

 __construct ()
 
 transform ($attr, $config, $context)
 
- Public Member Functions inherited from HTMLPurifier_AttrTransform
 transform ($attr, $config, $context)
 Abstract: makes changes to the attributes dependent on multiple values. More...
 
 prependCSS (&$attr, $css)
 Prepends CSS properties to the style attribute, creating the attribute if it doesn't exist. More...
 
 confiscateAttr (&$attr, $key)
 Retrieves and removes an attribute. More...
 

Data Fields

 $name = "SafeParam"
 

Private Attributes

 $uri
 

Detailed Description

Validates name/value pairs in param tags to be used in safe objects.

This will only allow name values it recognizes, and pre-fill certain attributes with required values.

Note
This class only supports Flash. In the future, Quicktime support may be added.
Warning
This class expects an injector to add the necessary parameters tags.

Definition at line 15 of file SafeParam.php.

Constructor & Destructor Documentation

◆ __construct()

HTMLPurifier_AttrTransform_SafeParam::__construct ( )

Definition at line 20 of file SafeParam.php.

20  {
21  $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
22  $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
23  }
HTMLPurifier_AttrDef_Enum
Validates a keyword against a list of valid values.
Definition: Enum.php:10
HTMLPurifier_AttrDef_URI
Validates a URI as defined by RFC 3986.
Definition: URI.php:7

Member Function Documentation

◆ transform()

HTMLPurifier_AttrTransform_SafeParam::transform (   $attr,
  $config,
  $context 
)

Definition at line 25 of file SafeParam.php.

25  {
26  // If we add support for other objects, we'll need to alter the
27  // transforms.
28  switch ($attr['name']) {
29  // application/x-shockwave-flash
30  // Keep this synchronized with Injector/SafeObject.php
31  case 'allowScriptAccess':
32  $attr['value'] = 'never';
33  break;
34  case 'allowNetworking':
35  $attr['value'] = 'internal';
36  break;
37  case 'allowFullScreen':
38  if ($config->get('HTML.FlashAllowFullScreen')) {
39  $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
40  } else {
41  $attr['value'] = 'false';
42  }
43  break;
44  case 'wmode':
45  $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
46  break;
47  case 'movie':
48  case 'src':
49  $attr['name'] = "movie";
50  $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
51  break;
52  case 'flashvars':
53  // we're going to allow arbitrary inputs to the SWF, on
54  // the reasoning that it could only hack the SWF, not us.
55  break;
56  // add other cases to support other param name/value pairs
57  default:
58  $attr['name'] = $attr['value'] = null;
59  }
60  return $attr;
61  }

Field Documentation

◆ $name

HTMLPurifier_AttrTransform_SafeParam::$name = "SafeParam"

Definition at line 17 of file SafeParam.php.

◆ $uri

HTMLPurifier_AttrTransform_SafeParam::$uri
private

Definition at line 18 of file SafeParam.php.

The documentation for this class was generated from the following file: