ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
HTMLPurifier Class Reference

Facade that coordinates HTML Purifier's subsystems in order to purify HTML. More...

+ Collaboration diagram for HTMLPurifier:

Public Member Functions

 __construct ($config=null)
 Initializes the purifier. More...
 
 addFilter ($filter)
 Adds a filter to process the output. More...
 
 purify ($html, $config=null)
 Filters an HTML snippet/document to be XSS-free and standards-compliant. More...
 
 purifyArray ($array_of_html, $config=null)
 Filters an array of HTML snippets. More...
 

Static Public Member Functions

static instance ($prototype=null)
 Singleton for enforcing just one HTML Purifier in your system. More...
 
static getInstance ($prototype=null)
 Singleton for enforcing just one HTML Purifier in your system. More...
 

Data Fields

 $version = '4.7.0'
 Version of HTML Purifier. More...
 
const VERSION = '4.7.0'
 Constant with version of HTML Purifier. More...
 
 $config
 Global configuration object. More...
 
 $context
 Resultant context of last run purification. More...
 

Protected Attributes

 $strategy
 @type HTMLPurifier_Strategy_Core More...
 
 $generator
 @type HTMLPurifier_Generator More...
 

Private Attributes

 $filters = array()
 Array of extra filter objects to run on HTML, for backwards compatibility. More...
 

Static Private Attributes

static $instance
 Single instance of HTML Purifier. More...
 

Detailed Description

Facade that coordinates HTML Purifier's subsystems in order to purify HTML.

Note
There are several points in which configuration can be specified for HTML Purifier. The precedence of these (from lowest to highest) is as follows:
  1. Instance: new HTMLPurifier($config)
  2. Invocation: purify($html, $config) These configurations are entirely independent of each other and are not merged (this behavior may change in the future).
Todo:
We need an easier way to inject strategies using the configuration object.

Definition at line 54 of file HTMLPurifier.php.

Constructor & Destructor Documentation

◆ __construct()

HTMLPurifier::__construct (   $config = null)

Initializes the purifier.

Parameters
HTMLPurifier_Config$configOptional HTMLPurifier_Config object for all instances of the purifier, if omitted, a default configuration is supplied (which can be overridden on a per-use basis). The parameter can also be any type that HTMLPurifier_Config::create() supports.

Definition at line 114 of file HTMLPurifier.php.

115 {
116 $this->config = HTMLPurifier_Config::create($config);
117 $this->strategy = new HTMLPurifier_Strategy_Core();
118 }
static create($config, $schema=null)
Convenience constructor that creates a config object based on a mixed var.
Definition: Config.php:123
Core strategy composed of the big four strategies.
Definition: Core.php:7
$config
Global configuration object.

References $config, and HTMLPurifier_Config\create().

+ Here is the call graph for this function:

Member Function Documentation

◆ addFilter()

HTMLPurifier::addFilter (   $filter)

Adds a filter to process the output.

First come first serve

Parameters
HTMLPurifier_Filter$filterHTMLPurifier_Filter object

Definition at line 125 of file HTMLPurifier.php.

126 {
127 trigger_error(
128 'HTMLPurifier->addFilter() is deprecated, use configuration directives' .
129 ' in the Filter namespace or Filter.Custom',
130 E_USER_WARNING
131 );
132 $this->filters[] = $filter;
133 }

◆ getInstance()

static HTMLPurifier::getInstance (   $prototype = null)
static

Singleton for enforcing just one HTML Purifier in your system.

Parameters
HTMLPurifier | HTMLPurifier_Config$prototypeOptional prototype HTMLPurifier instance to overload singleton with, or HTMLPurifier_Config instance to configure the generated version with.
Returns
HTMLPurifier
Note
Backwards compatibility, see instance()

Definition at line 286 of file HTMLPurifier.php.

287 {
288 return HTMLPurifier::instance($prototype);
289 }
static instance($prototype=null)
Singleton for enforcing just one HTML Purifier in your system.

References instance().

Referenced by HTMLPurifier_ConfigSchema_Builder_Xml\writeHTMLDiv().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ instance()

static HTMLPurifier::instance (   $prototype = null)
static

Singleton for enforcing just one HTML Purifier in your system.

Parameters
HTMLPurifier | HTMLPurifier_Config$prototypeOptional prototype HTMLPurifier instance to overload singleton with, or HTMLPurifier_Config instance to configure the generated version with.
Returns
HTMLPurifier

Definition at line 261 of file HTMLPurifier.php.

262 {
263 if (!self::$instance || $prototype) {
264 if ($prototype instanceof HTMLPurifier) {
265 self::$instance = $prototype;
266 } elseif ($prototype) {
267 self::$instance = new HTMLPurifier($prototype);
268 } else {
269 self::$instance = new HTMLPurifier();
270 }
271 }
272 return self::$instance;
273 }
HTMLPurifier($html, $config=null)
Purify HTML.
Facade that coordinates HTML Purifier's subsystems in order to purify HTML.
static $instance
Single instance of HTML Purifier.

References $instance, and HTMLPurifier().

Referenced by getInstance().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ purify()

HTMLPurifier::purify (   $html,
  $config = null 
)

Filters an HTML snippet/document to be XSS-free and standards-compliant.

Parameters
string$htmlString of HTML to purify
HTMLPurifier_Config$configConfig object for this operation, if omitted, defaults to the config object specified during this object's construction. The parameter can also be any type that HTMLPurifier_Config::create() supports.
Returns
string Purified HTML

Definition at line 146 of file HTMLPurifier.php.

147 {
148 // :TODO: make the config merge in, instead of replace
150
151 // implementation is partially environment dependant, partially
152 // configuration dependant
154
156
157 // setup HTML generator
158 $this->generator = new HTMLPurifier_Generator($config, $context);
159 $context->register('Generator', $this->generator);
160
161 // set up global context variables
162 if ($config->get('Core.CollectErrors')) {
163 // may get moved out if other facilities use it
164 $language_factory = HTMLPurifier_LanguageFactory::instance();
165 $language = $language_factory->create($config, $context);
166 $context->register('Locale', $language);
167
168 $error_collector = new HTMLPurifier_ErrorCollector($context);
169 $context->register('ErrorCollector', $error_collector);
170 }
171
172 // setup id_accumulator context, necessary due to the fact that
173 // AttrValidator can be called from many places
175 $context->register('IDAccumulator', $id_accumulator);
176
178
179 // setup filters
180 $filter_flags = $config->getBatch('Filter');
181 $custom_filters = $filter_flags['Custom'];
182 unset($filter_flags['Custom']);
183 $filters = array();
184 foreach ($filter_flags as $filter => $flag) {
185 if (!$flag) {
186 continue;
187 }
188 if (strpos($filter, '.') !== false) {
189 continue;
190 }
191 $class = "HTMLPurifier_Filter_$filter";
192 $filters[] = new $class;
193 }
194 foreach ($custom_filters as $filter) {
195 // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
196 $filters[] = $filter;
197 }
198 $filters = array_merge($filters, $this->filters);
199 // maybe prepare(), but later
200
201 for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
202 $html = $filters[$i]->preFilter($html, $config, $context);
203 }
204
205 // purified HTML
206 $html =
207 $this->generator->generateFromTokens(
208 // list of tokens
209 $this->strategy->execute(
210 // list of un-purified tokens
211 $lexer->tokenizeHTML(
212 // un-purified HTML
213 $html,
214 $config,
216 ),
217 $config,
219 )
220 );
221
222 for ($i = $filter_size - 1; $i >= 0; $i--) {
223 $html = $filters[$i]->postFilter($html, $config, $context);
224 }
225
227 $this->context =& $context;
228 return $html;
229 }
Registry object that contains information about the current context.
Definition: Context.php:11
static convertFromUTF8($str, $config, $context)
Converts a string from UTF-8 based on configuration.
Definition: Encoder.php:420
static convertToUTF8($str, $config, $context)
Convert a string to UTF-8 based on configuration.
Definition: Encoder.php:372
Error collection class that enables HTML Purifier to report HTML problems back to the user.
Generates HTML from tokens.
Definition: Generator.php:11
static build($config, $context)
Builds an IDAccumulator, also initializing the default blacklist.
static instance($prototype=null)
Retrieve sole instance of the factory.
static create($config)
Retrieves or sets the default Lexer as a Prototype Factory.
Definition: Lexer.php:69
$filters
Array of extra filter objects to run on HTML, for backwards compatibility.
$context
Resultant context of last run purification.
$html
Definition: example_001.php:87

References $config, $context, $filters, $html, HTMLPurifier_IDAccumulator\build(), HTMLPurifier_Encoder\convertFromUTF8(), HTMLPurifier_Encoder\convertToUTF8(), HTMLPurifier_Lexer\create(), HTMLPurifier_Config\create(), and HTMLPurifier_LanguageFactory\instance().

Referenced by purifyArray().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ purifyArray()

HTMLPurifier::purifyArray (   $array_of_html,
  $config = null 
)

Filters an array of HTML snippets.

Parameters
string[]$array_of_htmlArray of html snippets
HTMLPurifier_Config$configOptional config object for this operation. See HTMLPurifier::purify() for more details.
Returns
string[] Array of purified HTML

Definition at line 240 of file HTMLPurifier.php.

241 {
242 $context_array = array();
243 foreach ($array_of_html as $key => $html) {
244 $array_of_html[$key] = $this->purify($html, $config);
245 $context_array[$key] = $this->context;
246 }
247 $this->context = $context_array;
248 return $array_of_html;
249 }
purify($html, $config=null)
Filters an HTML snippet/document to be XSS-free and standards-compliant.

References $config, $context, $html, and purify().

+ Here is the call graph for this function:

Field Documentation

◆ $config

HTMLPurifier::$config

Global configuration object.

@type HTMLPurifier_Config

Definition at line 72 of file HTMLPurifier.php.

Referenced by __construct(), purify(), and purifyArray().

◆ $context

HTMLPurifier::$context

Resultant context of last run purification.

Is an array of contexts if the last called method was purifyArray(). @type HTMLPurifier_Context

Definition at line 102 of file HTMLPurifier.php.

Referenced by purify(), and purifyArray().

◆ $filters

HTMLPurifier::$filters = array()
private

Array of extra filter objects to run on HTML, for backwards compatibility.

@type HTMLPurifier_Filter[]

Definition at line 79 of file HTMLPurifier.php.

Referenced by purify().

◆ $generator

HTMLPurifier::$generator
protected

@type HTMLPurifier_Generator

Definition at line 95 of file HTMLPurifier.php.

◆ $instance

HTMLPurifier::$instance
staticprivate

Single instance of HTML Purifier.

@type HTMLPurifier

Definition at line 85 of file HTMLPurifier.php.

Referenced by instance().

◆ $strategy

HTMLPurifier::$strategy
protected

@type HTMLPurifier_Strategy_Core

Definition at line 90 of file HTMLPurifier.php.

◆ $version

HTMLPurifier::$version = '4.7.0'

Version of HTML Purifier.

@type string

Definition at line 61 of file HTMLPurifier.php.

◆ VERSION

const HTMLPurifier::VERSION = '4.7.0'

Constant with version of HTML Purifier.

Definition at line 66 of file HTMLPurifier.php.


The documentation for this class was generated from the following file: