d0/d8e/SafeIframe_8php_source.html

<?php


class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter

{

    public $name = 'SafeIframe';


    public $always_load = true;


    protected $regexp = null;


    // XXX: The not so good bit about how this is all set up now is we

    // can't check HTML.SafeIframe in the 'prepare' step: we have to

    // defer till the actual filtering.

    public function prepare($config)

    {

        $this->regexp = $config->get('URI.SafeIframeRegexp');

        return true;

    }


    public function filter(&$uri, $config, $context)

    {

        // check if filter not applicable

        if (!$config->get('HTML.SafeIframe')) {

            return true;

        }

        // check if the filter should actually trigger

        if (!$context->get('EmbeddedURI', true)) {

            return true;

        }

        $token = $context->get('CurrentToken', true);

        if (!($token && $token->name == 'iframe')) {

            return true;

        }

        // check if we actually have some whitelists enabled

        if ($this->regexp === null) {

            return false;

        }

        // actually check the whitelists

        return preg_match($this->regexp, $uri->toString());

    }

}


// vim: et sw=4 sts=4

HTMLPurifier_URIFilter_SafeIframe
Implements safety checks for safe iframes.
Definition: SafeIframe.php:10

HTMLPurifier_URIFilter_SafeIframe\filter
filter(&$uri, $config, $context)
Definition: SafeIframe.php:45

HTMLPurifier_URIFilter_SafeIframe\$always_load
$always_load
@type bool
Definition: SafeIframe.php:19

HTMLPurifier_URIFilter_SafeIframe\$name
$name
@type string
Definition: SafeIframe.php:14

HTMLPurifier_URIFilter_SafeIframe\prepare
prepare($config)
Definition: SafeIframe.php:33

HTMLPurifier_URIFilter_SafeIframe\$regexp
$regexp
@type string
Definition: SafeIframe.php:24

HTMLPurifier_URIFilter
Chainable filters for custom URI processing.
Definition: URIFilter.php:29