Skip to content

Filtering parameters

Jump to bottom
Sebastian Rettig edited this page Dec 1, 2019 · 1 revision
  • validateMetadata:
    • set group.license to U if unset
    • call validateGroup with metadata as group value
  • validateText
    • if value != string --> make empty string
    • if semantics only allows certain HTML tags: (semantics->tags === defined; means that its HTML)
      • add div, span, p, br (= always allowed)
      • add alternative names for tags / other related tags
        • table -> tr, td, th, colgroup, thead, tbody, tfoot
        • b -> strong
        • i -> em
        • ul -> ol, li
        • del, strike --> s
      • create regex patterns for allowed styles (if set)
        • semantics.font.size
        • semantics.font.family
        • semantics.font.color
        • semantics.font.background
        • semantics.font.spacing
        • semantics.font.height
        • always allow: text-align
      • call filter with allowed tags and allowed style patterns
            • Removes characters and constructs that can trick browsers.
            • Makes sure all HTML entities are well-formed.
            • Makes sure all HTML tags and attributes are well-formed.
            • Makes sure no HTML tags contain URLs with a disallowed protocol (e.g.
          • javascript:).
        • (in PHP: Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses.)
    • if not tags allowed
      • convert special characters to HTML entities
    • cut string to semantics.maxLength
    • check if string matches regexp in semantics.regexp
      • escapes / characters
      • error: Provided string is not valid according to regexp in semantics. (value: "%value", regexp: "%regexp") / semantics-invalid-according-regexp
  • validateContentFiles
    • check if all content files in the content directory have an allowed file extension
      • error: File "%filename" not allowed. Only files with the following extensions are allowed: %files-allowed. / not-in-whitelist
        • BREAK
  • validateNumber
    • check if realy is number --> no? --> default = 0
    • move within bounds (semantics.min / semantics.max)
    • move to next step (semantics.step)
    • round number to proper number of decimals
  • validateBoolean
    • check if is boolean
  • validateSelect
    • semantics->options != empty --> "strict" set of options
      • go through all options
        • if option.type === 'optgroup'
          • go through suboptions
            • set options[suboption.value] to true ??? // TODO: ???
        • ?????
    • XXXXXXXXXXXXXX HIER WEITER
  • validateList
    • remove list entries beyond max (semantics.max)
    • recurse into each entry
  • _validateFilelike
    • remove relative paths
    • remove temporary file suffix (#tmp)
    • escape special characters to html in path and mime type (file.path, file.mime)
    • remove all attributes expect path, mime and copyright and those set in semantics->extraAttributes and those for the file type
      • image: width, height, originalImage
      • video: width, height, codecs, quality, bitrate
    • make width, height, bitrate to int
    • escape file.codecs to html
    • process file.quality
      • remove file.quality if its not an object or if it hasn't got level and label attributes
      • remove all attributes of file.quality expect level and label
      • make level to int
      • escape label to html
    • validate file.copyright against getCopyrightSemantics()
  • validateVideo/Audio
    • iterate over each list entry and call _validateFilelike
  • validateFile/Image
    • just call _validateFilelike
  • validateGroup XXXXXXXXXXXXXXXXX HIER WEITER
Clone this wiki locally