ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
HTMLPurifier.php
Go to the documentation of this file.
1 <?php
2 
21 /*
22  HTML Purifier 4.7.0 - Standards Compliant HTML Filtering
23  Copyright (C) 2006-2008 Edward Z. Yang
24 
25  This library is free software; you can redistribute it and/or
26  modify it under the terms of the GNU Lesser General Public
27  License as published by the Free Software Foundation; either
28  version 2.1 of the License, or (at your option) any later version.
29 
30  This library is distributed in the hope that it will be useful,
31  but WITHOUT ANY WARRANTY; without even the implied warranty of
32  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
33  Lesser General Public License for more details.
34 
35  You should have received a copy of the GNU Lesser General Public
36  License along with this library; if not, write to the Free Software
37  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
38  */
39 
54 class HTMLPurifier
55 {
56 
61  public $version = '4.7.0';
62 
66  const VERSION = '4.7.0';
67 
72  public $config;
73 
79  private $filters = array();
80 
85  private static $instance;
86 
90  protected $strategy;
91 
95  protected $generator;
96 
102  public $context;
103 
114  public function __construct($config = null)
115  {
116  $this->config = HTMLPurifier_Config::create($config);
117  $this->strategy = new HTMLPurifier_Strategy_Core();
118  }
119 
125  public function addFilter($filter)
126  {
127  trigger_error(
128  'HTMLPurifier->addFilter() is deprecated, use configuration directives' .
129  ' in the Filter namespace or Filter.Custom',
130  E_USER_WARNING
131  );
132  $this->filters[] = $filter;
133  }
134 
146  public function purify($html, $config = null)
147  {
148  // :TODO: make the config merge in, instead of replace
149  $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
150 
151  // implementation is partially environment dependant, partially
152  // configuration dependant
153  $lexer = HTMLPurifier_Lexer::create($config);
154 
155  $context = new HTMLPurifier_Context();
156 
157  // setup HTML generator
158  $this->generator = new HTMLPurifier_Generator($config, $context);
159  $context->register('Generator', $this->generator);
160 
161  // set up global context variables
162  if ($config->get('Core.CollectErrors')) {
163  // may get moved out if other facilities use it
164  $language_factory = HTMLPurifier_LanguageFactory::instance();
165  $language = $language_factory->create($config, $context);
166  $context->register('Locale', $language);
167 
168  $error_collector = new HTMLPurifier_ErrorCollector($context);
169  $context->register('ErrorCollector', $error_collector);
170  }
171 
172  // setup id_accumulator context, necessary due to the fact that
173  // AttrValidator can be called from many places
174  $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
175  $context->register('IDAccumulator', $id_accumulator);
176 
177  $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
178 
179  // setup filters
180  $filter_flags = $config->getBatch('Filter');
181  $custom_filters = $filter_flags['Custom'];
182  unset($filter_flags['Custom']);
183  $filters = array();
184  foreach ($filter_flags as $filter => $flag) {
185  if (!$flag) {
186  continue;
187  }
188  if (strpos($filter, '.') !== false) {
189  continue;
190  }
191  $class = "HTMLPurifier_Filter_$filter";
192  $filters[] = new $class;
193  }
194  foreach ($custom_filters as $filter) {
195  // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
196  $filters[] = $filter;
197  }
198  $filters = array_merge($filters, $this->filters);
199  // maybe prepare(), but later
200 
201  for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
202  $html = $filters[$i]->preFilter($html, $config, $context);
203  }
204 
205  // purified HTML
206  $html =
207  $this->generator->generateFromTokens(
208  // list of tokens
209  $this->strategy->execute(
210  // list of un-purified tokens
211  $lexer->tokenizeHTML(
212  // un-purified HTML
213  $html,
214  $config,
215  $context
216  ),
217  $config,
218  $context
219  )
220  );
221 
222  for ($i = $filter_size - 1; $i >= 0; $i--) {
223  $html = $filters[$i]->postFilter($html, $config, $context);
224  }
225 
226  $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
227  $this->context =& $context;
228  return $html;
229  }
230 
240  public function purifyArray($array_of_html, $config = null)
241  {
242  $context_array = array();
243  foreach ($array_of_html as $key => $html) {
244  $array_of_html[$key] = $this->purify($html, $config);
245  $context_array[$key] = $this->context;
246  }
247  $this->context = $context_array;
248  return $array_of_html;
249  }
250 
261  public static function instance($prototype = null)
262  {
263  if (!self::$instance || $prototype) {
264  if ($prototype instanceof HTMLPurifier) {
265  self::$instance = $prototype;
266  } elseif ($prototype) {
267  self::$instance = new HTMLPurifier($prototype);
268  } else {
269  self::$instance = new HTMLPurifier();
270  }
271  }
272  return self::$instance;
273  }
274 
286  public static function getInstance($prototype = null)
287  {
288  return HTMLPurifier::instance($prototype);
289  }
290 }
291 
292 // vim: et sw=4 sts=4
HTMLPurifier\$context
$context
Resultant context of last run purification.
Definition: HTMLPurifier.php:102
HTMLPurifier\purifyArray
purifyArray($array_of_html, $config=null)
Filters an array of HTML snippets.
Definition: HTMLPurifier.php:240
HTMLPurifier_Generator
Generates HTML from tokens.
Definition: Generator.php:10
HTMLPurifier\$generator
$generator
HTMLPurifier_Generator
Definition: HTMLPurifier.php:95
HTMLPurifier
Facade that coordinates HTML Purifier&#39;s subsystems in order to purify HTML.
Definition: HTMLPurifier.php:54
HTMLPurifier_Lexer\create
static create($config)
Retrieves or sets the default Lexer as a Prototype Factory.
Definition: Lexer.php:69
HTMLPurifier_Encoder\convertFromUTF8
static convertFromUTF8($str, $config, $context)
Converts a string from UTF-8 based on configuration.
Definition: Encoder.php:420
HTMLPurifier_IDAccumulator\build
static build($config, $context)
Builds an IDAccumulator, also initializing the default blacklist.
Definition: IDAccumulator.php:24
HTMLPurifier\instance
static instance($prototype=null)
Singleton for enforcing just one HTML Purifier in your system.
Definition: HTMLPurifier.php:261
HTMLPurifier\getInstance
static getInstance($prototype=null)
Singleton for enforcing just one HTML Purifier in your system.
Definition: HTMLPurifier.php:286
HTMLPurifier_Config\create
static create($config, $schema=null)
Convenience constructor that creates a config object based on a mixed var.
Definition: Config.php:123
HTMLPurifier_Encoder\convertToUTF8
static convertToUTF8($str, $config, $context)
Convert a string to UTF-8 based on configuration.
Definition: Encoder.php:372
HTMLPurifier\__construct
__construct($config=null)
Initializes the purifier.
Definition: HTMLPurifier.php:114
HTMLPurifier_LanguageFactory\instance
static instance($prototype=null)
Retrieve sole instance of the factory.
Definition: LanguageFactory.php:59
HTMLPurifier_ErrorCollector
Error collection class that enables HTML Purifier to report HTML problems back to the user...
Definition: ErrorCollector.php:7
HTMLPurifier\$version
$version
Version of HTML Purifier.
Definition: HTMLPurifier.php:61
HTMLPurifier\purify
purify($html, $config=null)
Filters an HTML snippet/document to be XSS-free and standards-compliant.
Definition: HTMLPurifier.php:146
HTMLPurifier\$config
$config
Global configuration object.
Definition: HTMLPurifier.php:72
HTMLPurifier\$instance
static $instance
Single instance of HTML Purifier.
Definition: HTMLPurifier.php:85
HTMLPurifier_Context
Registry object that contains information about the current context.
Definition: Context.php:10
HTMLPurifier
HTMLPurifier($html, $config=null)
Purify HTML.
Definition: HTMLPurifier.func.php:16
HTMLPurifier\$strategy
$strategy
HTMLPurifier_Strategy_Core
Definition: HTMLPurifier.php:90
HTMLPurifier_Strategy_Core
Core strategy composed of the big four strategies.
Definition: Core.php:6
HTMLPurifier\$filters
$filters
Array of extra filter objects to run on HTML, for backwards compatibility.
Definition: HTMLPurifier.php:79
HTMLPurifier\VERSION
const VERSION
Constant with version of HTML Purifier.
Definition: HTMLPurifier.php:66
$html
$html
Definition: example_001.php:87
HTMLPurifier\addFilter
addFilter($filter)
Adds a filter to process the output.
Definition: HTMLPurifier.php:125