Skip to content
Browse files

MDL-22537 new html purifier backported to stable, unfortunately PHP5 …

…only
  • Loading branch information...
1 parent f850276 commit db359e6369926cf1d56782ef4a2e5346e0e32ef2 @skodak skodak committed May 21, 2010
Showing with 7,938 additions and 4,881 deletions.
  1. +2 −0 lib/htmlpurifier/CREDITS
  2. +0 −9 lib/htmlpurifier/HTMLPurifier.auto.php
  3. +0 −20 lib/htmlpurifier/HTMLPurifier.func.php
  4. +102 −100 lib/htmlpurifier/HTMLPurifier.php
  5. +204 −0 lib/htmlpurifier/HTMLPurifier.safe-includes.php
  6. +19 −20 lib/htmlpurifier/HTMLPurifier/AttrCollections.php
  7. +25 −29 lib/htmlpurifier/HTMLPurifier/AttrDef.php
  8. +21 −15 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
  9. +21 −0 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
  10. +18 −20 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
  11. +27 −30 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
  12. +8 −9 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
  13. +11 −37 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
  14. +10 −9 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
  15. +7 −5 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
  16. +54 −0 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
  17. +17 −18 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
  18. +11 −13 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
  19. +40 −0 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
  20. +12 −14 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
  21. +20 −21 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
  22. +14 −13 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
  23. +26 −22 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
  24. +13 −15 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
  25. +9 −10 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
  26. +16 −17 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
  27. +14 −14 lib/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
  28. +11 −12 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
  29. +34 −0 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
  30. +11 −13 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
  31. +10 −22 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
  32. +21 −71 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
  33. +15 −17 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
  34. +16 −35 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
  35. +14 −16 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
  36. +29 −27 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
  37. +16 −17 lib/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
  38. +19 −20 lib/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
  39. +15 −16 lib/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
  40. +10 −8 lib/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
  41. +4 −5 lib/htmlpurifier/HTMLPurifier/AttrDef/Text.php
  42. +36 −99 lib/htmlpurifier/HTMLPurifier/AttrDef/URI.php
  43. +5 −6 lib/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
  44. +5 −6 lib/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
  45. +16 −19 lib/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
  46. +12 −14 lib/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
  47. +17 −18 lib/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
  48. +12 −13 lib/htmlpurifier/HTMLPurifier/AttrTransform.php
  49. +23 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
  50. +5 −16 lib/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
  51. +9 −11 lib/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
  52. +11 −13 lib/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
  53. +3 −4 lib/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
  54. +19 −20 lib/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
  55. +18 −28 lib/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
  56. +17 −19 lib/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
  57. +40 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
  58. +8 −9 lib/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
  59. +9 −10 lib/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
  60. +6 −5 lib/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
  61. +27 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
  62. +15 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
  63. +16 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
  64. +56 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
  65. +16 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
  66. +18 −0 lib/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
  67. +21 −29 lib/htmlpurifier/HTMLPurifier/AttrTypes.php
  68. +46 −32 lib/htmlpurifier/HTMLPurifier/AttrValidator.php
  69. +98 −0 lib/htmlpurifier/HTMLPurifier/Bootstrap.php
  70. +142 −108 lib/htmlpurifier/HTMLPurifier/CSSDefinition.php
  71. +19 −31 lib/htmlpurifier/HTMLPurifier/ChildDef.php
  72. +12 −15 lib/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
  73. +21 −24 lib/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
  74. +5 −6 lib/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
  75. +6 −5 lib/htmlpurifier/HTMLPurifier/ChildDef/Optional.php
  76. +36 −30 lib/htmlpurifier/HTMLPurifier/ChildDef/Required.php
  77. +41 −28 lib/htmlpurifier/HTMLPurifier/ChildDef/StrictBlockquote.php
  78. +23 −24 lib/htmlpurifier/HTMLPurifier/ChildDef/Table.php
  79. +276 −190 lib/htmlpurifier/HTMLPurifier/Config.php
  80. +0 −9 lib/htmlpurifier/HTMLPurifier/ConfigDef.php
  81. +0 −79 lib/htmlpurifier/HTMLPurifier/ConfigDef/Directive.php
  82. +0 −26 lib/htmlpurifier/HTMLPurifier/ConfigDef/DirectiveAlias.php
  83. +0 −22 lib/htmlpurifier/HTMLPurifier/ConfigDef/Namespace.php
  84. +93 −371 lib/htmlpurifier/HTMLPurifier/ConfigSchema.php
  85. +44 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
  86. +106 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/Xml.php
  87. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/Exception.php
  88. +42 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange.php
  89. +77 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Directive.php
  90. +37 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php
  91. +180 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
  92. +206 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/Validator.php
  93. +66 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/ValidatorAtom.php
  94. BIN lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema.ser
  95. +8 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
  96. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
  97. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
  98. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
  99. +19 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
  100. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
  101. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
  102. +8 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
  103. +10 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
  104. +16 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
  105. +8 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
  106. +5 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
  107. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
  108. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
  109. +14 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
  110. +31 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
  111. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
  112. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
  113. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
  114. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
  115. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
  116. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
  117. +15 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
  118. +46 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
  119. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
  120. +8 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
  121. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
  122. +18 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
  123. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
  124. +16 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
  125. +10 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
  126. +14 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
  127. +13 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
  128. +18 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
  129. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
  130. +28 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
  131. +14 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
  132. +17 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
  133. +15 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
  134. +10 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
  135. +7 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
  136. +13 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
  137. +19 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
  138. +10 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
  139. +34 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
  140. +16 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
  141. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
  142. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
  143. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
  144. +14 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
  145. +29 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
  146. +16 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
  147. +74 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
  148. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
  149. +22 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
  150. +19 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
  151. +18 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
  152. +20 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
  153. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
  154. +18 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
  155. +23 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
  156. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
  157. +33 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
  158. +16 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
  159. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
  160. +21 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
  161. +20 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
  162. +14 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
  163. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
  164. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
  165. +13 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
  166. +13 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
  167. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
  168. +8 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
  169. +24 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
  170. +8 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
  171. +8 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
  172. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
  173. +10 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
  174. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
  175. +13 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
  176. +14 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
  177. +25 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
  178. +7 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
  179. +17 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
  180. +17 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
  181. +10 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
  182. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
  183. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
  184. +14 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
  185. +11 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
  186. +13 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
  187. +12 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
  188. +19 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
  189. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
  190. +13 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
  191. +83 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
  192. +17 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
  193. +30 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
  194. +9 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
  195. +3 −0 lib/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini
  196. +54 −49 lib/htmlpurifier/HTMLPurifier/ContentSets.php
  197. +17 −15 lib/htmlpurifier/HTMLPurifier/Context.php
  198. +11 −12 lib/htmlpurifier/HTMLPurifier/Definition.php
  199. +33 −56 lib/htmlpurifier/HTMLPurifier/DefinitionCache.php
  200. +26 −23 lib/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator.php
  201. +14 −15 lib/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php
  202. +16 −17 lib/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Memory.php
  203. +47 −46 lib/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Template.php.in
  204. +18 −15 lib/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php
  205. +39 −57 lib/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php
  206. +3 −0 lib/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README
  207. +21 −39 lib/htmlpurifier/HTMLPurifier/DefinitionCacheFactory.php
  208. +16 −22 lib/htmlpurifier/HTMLPurifier/Doctype.php
  209. +22 −43 lib/htmlpurifier/HTMLPurifier/DoctypeRegistry.php
  210. +55 −59 lib/htmlpurifier/HTMLPurifier/ElementDef.php
  211. +67 −108 lib/htmlpurifier/HTMLPurifier/Encoder.php
  212. +8 −9 lib/htmlpurifier/HTMLPurifier/EntityLookup.php
  213. +29 −41 lib/htmlpurifier/HTMLPurifier/EntityParser.php
  214. +0 −7 lib/htmlpurifier/HTMLPurifier/Error.php
  215. +149 −58 lib/htmlpurifier/HTMLPurifier/ErrorCollector.php
  216. +60 −0 lib/htmlpurifier/HTMLPurifier/ErrorStruct.php
  217. +12 −0 lib/htmlpurifier/HTMLPurifier/Exception.php
  218. +18 −10 lib/htmlpurifier/HTMLPurifier/Filter.php
  219. +135 −0 lib/htmlpurifier/HTMLPurifier/Filter/ExtractStyleBlocks.php
  220. +23 −17 lib/htmlpurifier/HTMLPurifier/Filter/YouTube.php
  221. +138 −122 lib/htmlpurifier/HTMLPurifier/Generator.php
  222. +200 −255 lib/htmlpurifier/HTMLPurifier/HTMLDefinition.php
  223. +65 −53 lib/htmlpurifier/HTMLPurifier/HTMLModule.php
  224. +10 −12 lib/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php
  225. +6 −6 lib/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php
  226. +13 −15 lib/htmlpurifier/HTMLPurifier/HTMLModule/Edit.php
  227. +118 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/Forms.php
  228. +9 −10 lib/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php
  229. +14 −31 lib/htmlpurifier/HTMLPurifier/HTMLModule/Image.php
  230. +65 −62 lib/htmlpurifier/HTMLPurifier/HTMLModule/Legacy.php
  231. +19 −18 lib/htmlpurifier/HTMLPurifier/HTMLModule/List.php
  232. +21 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/Name.php
  233. +4 −5 lib/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php
  234. +47 −47 lib/htmlpurifier/HTMLPurifier/HTMLModule/Object.php
  235. +19 −15 lib/htmlpurifier/HTMLPurifier/HTMLModule/Presentation.php
  236. +33 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php
  237. +12 −13 lib/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php
  238. +34 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php
  239. +53 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/SafeObject.php
  240. +15 −24 lib/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php
  241. +7 −9 lib/htmlpurifier/HTMLPurifier/HTMLModule/StyleAttribute.php
  242. +25 −27 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tables.php
  243. +7 −8 lib/htmlpurifier/HTMLPurifier/HTMLModule/Target.php
  244. +47 −40 lib/htmlpurifier/HTMLPurifier/HTMLModule/Text.php
  245. +42 −76 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy.php
  246. +24 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Name.php
  247. +18 −11 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php
  248. +21 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Strict.php
  249. +9 −0 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/Transitional.php
  250. +8 −11 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php
  251. +31 −76 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php
  252. +0 −26 lib/htmlpurifier/HTMLPurifier/HTMLModule/Tidy/XHTMLStrict.php
  253. +4 −5 lib/htmlpurifier/HTMLPurifier/HTMLModule/XMLCommonAttributes.php
  254. +147 −236 lib/htmlpurifier/HTMLPurifier/HTMLModuleManager.php
  255. +13 −18 lib/htmlpurifier/HTMLPurifier/IDAccumulator.php
  256. +159 −41 lib/htmlpurifier/HTMLPurifier/Injector.php
  257. +273 −211 lib/htmlpurifier/HTMLPurifier/Injector/AutoParagraph.php
  258. +26 −0 lib/htmlpurifier/HTMLPurifier/Injector/DisplayLinkURI.php
  259. +12 −22 lib/htmlpurifier/HTMLPurifier/Injector/Linkify.php
  260. +14 −34 lib/htmlpurifier/HTMLPurifier/Injector/PurifierLinkify.php
  261. +51 −0 lib/htmlpurifier/HTMLPurifier/Injector/RemoveEmpty.php
  262. +60 −0 lib/htmlpurifier/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php
  263. +90 −0 lib/htmlpurifier/HTMLPurifier/Injector/SafeObject.php
  264. +37 −34 lib/htmlpurifier/HTMLPurifier/Language.php
  265. +4 −3 lib/htmlpurifier/HTMLPurifier/Language/classes/en-x-test.php
  266. +1 −0 lib/htmlpurifier/HTMLPurifier/Language/messages/en-x-test.php
  267. +1 −0 lib/htmlpurifier/HTMLPurifier/Language/messages/en-x-testmini.php
  268. +8 −3 lib/htmlpurifier/HTMLPurifier/Language/messages/en.php
  269. +43 −54 lib/htmlpurifier/HTMLPurifier/LanguageFactory.php
  270. +37 −33 lib/htmlpurifier/HTMLPurifier/Length.php
  271. +144 −209 lib/htmlpurifier/HTMLPurifier/Lexer.php
  272. +44 −42 lib/htmlpurifier/HTMLPurifier/Lexer/DOMLex.php
  273. +133 −138 lib/htmlpurifier/HTMLPurifier/Lexer/DirectLex.php
  274. +60 −30 lib/htmlpurifier/HTMLPurifier/Lexer/PEARSax3.php
Sorry, we could not display the entire diff because too many files (330) changed.
View
2 lib/htmlpurifier/CREDITS
@@ -5,3 +5,5 @@ Almost everything written by Edward Z. Yang (Ambush Commander). Lots of thanks
to the DevNetwork Community for their help (see docs/ref-devnetwork.html for
more details), Feyd especially (namely IPv6 and optimization). Thanks to RSnake
for letting me package his fantastic XSS cheatsheet for a smoketest.
+
+ vim: et sw=4 sts=4
View
9 lib/htmlpurifier/HTMLPurifier.auto.php
@@ -1,9 +0,0 @@
-<?php
-
-/**
- * This is a stub include that automatically configures the include path.
- */
-
-set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
-require_once 'HTMLPurifier.php';
-
View
20 lib/htmlpurifier/HTMLPurifier.func.php
@@ -1,20 +0,0 @@
-<?php
-
-/**
- * Function wrapper for HTML Purifier for quick use.
- * @note This function only includes the library when it is called. While
- * this is efficient for instances when you only use HTML Purifier
- * on a few of your pages, it murders bytecode caching. You still
- * need to add HTML Purifier to your path.
- * @note ''HTMLPurifier()'' is NOT the same as ''new HTMLPurifier()''
- */
-
-function HTMLPurifier($html, $config = null) {
- static $purifier = false;
- if (!$purifier) {
- require_once 'HTMLPurifier.php';
- $purifier = new HTMLPurifier();
- }
- return $purifier->purify($html, $config);
-}
-
View
202 lib/htmlpurifier/HTMLPurifier.php
@@ -1,29 +1,26 @@
<?php
-/*!
- * @mainpage
- *
+/*! @mainpage
+ *
* HTML Purifier is an HTML filter that will take an arbitrary snippet of
* HTML and rigorously test, validate and filter it into a version that
* is safe for output onto webpages. It achieves this by:
- *
+ *
* -# Lexing (parsing into tokens) the document,
* -# Executing various strategies on the tokens:
* -# Removing all elements not in the whitelist,
* -# Making the tokens well-formed,
* -# Fixing the nesting of the nodes, and
* -# Validating attributes of the nodes; and
* -# Generating HTML from the purified tokens.
- *
+ *
* However, most users will only need to interface with the HTMLPurifier
- * class, so this massive amount of infrastructure is usually concealed.
- * If you plan on working with the internals, be sure to include
- * HTMLPurifier_ConfigSchema and HTMLPurifier_Config.
+ * and HTMLPurifier_Config.
*/
/*
- HTML Purifier 2.1.5 - Standards Compliant HTML Filtering
- Copyright (C) 2006-2007 Edward Z. Yang
+ HTML Purifier 4.1.0 - Standards Compliant HTML Filtering
+ Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -40,63 +37,46 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-// constants are slow, but we'll make one exception
-define('HTMLPURIFIER_PREFIX', dirname(__FILE__));
-
-// every class has an undocumented dependency to these, must be included!
-require_once 'HTMLPurifier/ConfigSchema.php'; // fatal errors if not included
-require_once 'HTMLPurifier/Config.php';
-require_once 'HTMLPurifier/Context.php';
-
-require_once 'HTMLPurifier/Lexer.php';
-require_once 'HTMLPurifier/Generator.php';
-require_once 'HTMLPurifier/Strategy/Core.php';
-require_once 'HTMLPurifier/Encoder.php';
-
-require_once 'HTMLPurifier/ErrorCollector.php';
-require_once 'HTMLPurifier/LanguageFactory.php';
-
-HTMLPurifier_ConfigSchema::define(
- 'Core', 'CollectErrors', false, 'bool', '
-Whether or not to collect errors found while filtering the document. This
-is a useful way to give feedback to your users. <strong>Warning:</strong>
-Currently this feature is very patchy and experimental, with lots of
-possible error messages not yet implemented. It will not cause any problems,
-but it may not help your users either. This directive has been available
-since 2.0.0.
-');
-
/**
* Facade that coordinates HTML Purifier's subsystems in order to purify HTML.
- *
- * @note There are several points in which configuration can be specified
+ *
+ * @note There are several points in which configuration can be specified
* for HTML Purifier. The precedence of these (from lowest to
* highest) is as follows:
* -# Instance: new HTMLPurifier($config)
* -# Invocation: purify($html, $config)
* These configurations are entirely independent of each other and
- * are *not* merged.
- *
- * @todo We need an easier way to inject strategies, it'll probably end
- * up getting done through config though.
+ * are *not* merged (this behavior may change in the future).
+ *
+ * @todo We need an easier way to inject strategies using the configuration
+ * object.
*/
class HTMLPurifier
{
-
- var $version = '2.1.5';
-
- var $config;
- var $filters = array();
-
- var $strategy, $generator;
-
+
+ /** Version of HTML Purifier */
+ public $version = '4.1.0';
+
+ /** Constant with version of HTML Purifier */
+ const VERSION = '4.1.0';
+
+ /** Global configuration object */
+ public $config;
+
+ /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
+ private $filters = array();
+
+ /** Single instance of HTML Purifier */
+ private static $instance;
+
+ protected $strategy, $generator;
+
/**
* Resultant HTMLPurifier_Context of last run purification. Is an array
* of contexts if the last called method was purifyArray().
- * @public
*/
- var $context;
-
+ public $context;
+
/**
* Initializes the purifier.
* @param $config Optional HTMLPurifier_Config object for all instances of
@@ -105,71 +85,90 @@ class HTMLPurifier
* The parameter can also be any type that
* HTMLPurifier_Config::create() supports.
*/
- function HTMLPurifier($config = null) {
-
+ public function __construct($config = null) {
+
$this->config = HTMLPurifier_Config::create($config);
-
+
$this->strategy = new HTMLPurifier_Strategy_Core();
- $this->generator = new HTMLPurifier_Generator();
-
+
}
-
+
/**
* Adds a filter to process the output. First come first serve
* @param $filter HTMLPurifier_Filter object
*/
- function addFilter($filter) {
+ public function addFilter($filter) {
+ trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
$this->filters[] = $filter;
}
-
+
/**
* Filters an HTML snippet/document to be XSS-free and standards-compliant.
- *
+ *
* @param $html String of HTML to purify
* @param $config HTMLPurifier_Config object for this operation, if omitted,
* defaults to the config object specified during this
* object's construction. The parameter can also be any type
* that HTMLPurifier_Config::create() supports.
* @return Purified HTML
*/
- function purify($html, $config = null) {
-
+ public function purify($html, $config = null) {
+
+ // :TODO: make the config merge in, instead of replace
$config = $config ? HTMLPurifier_Config::create($config) : $this->config;
-
+
// implementation is partially environment dependant, partially
// configuration dependant
$lexer = HTMLPurifier_Lexer::create($config);
-
+
$context = new HTMLPurifier_Context();
-
- // our friendly neighborhood generator, all primed with configuration too!
- $this->generator->generateFromTokens(array(), $config, $context);
+
+ // setup HTML generator
+ $this->generator = new HTMLPurifier_Generator($config, $context);
$context->register('Generator', $this->generator);
-
+
// set up global context variables
- if ($config->get('Core', 'CollectErrors')) {
+ if ($config->get('Core.CollectErrors')) {
// may get moved out if other facilities use it
$language_factory = HTMLPurifier_LanguageFactory::instance();
$language = $language_factory->create($config, $context);
$context->register('Locale', $language);
-
+
$error_collector = new HTMLPurifier_ErrorCollector($context);
$context->register('ErrorCollector', $error_collector);
}
-
+
// setup id_accumulator context, necessary due to the fact that
// AttrValidator can be called from many places
$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
$context->register('IDAccumulator', $id_accumulator);
-
+
$html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
-
- for ($i = 0, $size = count($this->filters); $i < $size; $i++) {
- $html = $this->filters[$i]->preFilter($html, $config, $context);
+
+ // setup filters
+ $filter_flags = $config->getBatch('Filter');
+ $custom_filters = $filter_flags['Custom'];
+ unset($filter_flags['Custom']);
+ $filters = array();
+ foreach ($filter_flags as $filter => $flag) {
+ if (!$flag) continue;
+ if (strpos($filter, '.') !== false) continue;
+ $class = "HTMLPurifier_Filter_$filter";
+ $filters[] = new $class;
+ }
+ foreach ($custom_filters as $filter) {
+ // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
+ $filters[] = $filter;
+ }
+ $filters = array_merge($filters, $this->filters);
+ // maybe prepare(), but later
+
+ for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
+ $html = $filters[$i]->preFilter($html, $config, $context);
}
-
+
// purified HTML
- $html =
+ $html =
$this->generator->generateFromTokens(
// list of tokens
$this->strategy->execute(
@@ -179,26 +178,25 @@ function purify($html, $config = null) {
$html, $config, $context
),
$config, $context
- ),
- $config, $context
+ )
);
-
- for ($i = $size - 1; $i >= 0; $i--) {
- $html = $this->filters[$i]->postFilter($html, $config, $context);
+
+ for ($i = $filter_size - 1; $i >= 0; $i--) {
+ $html = $filters[$i]->postFilter($html, $config, $context);
}
-
+
$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
$this->context =& $context;
return $html;
}
-
+
/**
* Filters an array of HTML snippets
* @param $config Optional HTMLPurifier_Config object for this operation.
* See HTMLPurifier::purify() for more details.
* @return Array of purified HTML
*/
- function purifyArray($array_of_html, $config = null) {
+ public function purifyArray($array_of_html, $config = null) {
$context_array = array();
foreach ($array_of_html as $key => $html) {
$array_of_html[$key] = $this->purify($html, $config);
@@ -207,29 +205,33 @@ function purifyArray($array_of_html, $config = null) {
$this->context = $context_array;
return $array_of_html;
}
-
+
/**
* Singleton for enforcing just one HTML Purifier in your system
* @param $prototype Optional prototype HTMLPurifier instance to
- * overload singleton with.
+ * overload singleton with, or HTMLPurifier_Config
+ * instance to configure the generated version with.
*/
- function &instance($prototype = null) {
- static $htmlpurifier;
- if (!$htmlpurifier || $prototype) {
- if (is_a($prototype, 'HTMLPurifier')) {
- $htmlpurifier = $prototype;
+ public static function instance($prototype = null) {
+ if (!self::$instance || $prototype) {
+ if ($prototype instanceof HTMLPurifier) {
+ self::$instance = $prototype;
} elseif ($prototype) {
- $htmlpurifier = new HTMLPurifier($prototype);
+ self::$instance = new HTMLPurifier($prototype);
} else {
- $htmlpurifier = new HTMLPurifier();
+ self::$instance = new HTMLPurifier();
}
}
- return $htmlpurifier;
+ return self::$instance;
}
-
- function &getInstance($prototype = null) {
+
+ /**
+ * @note Backwards compatibility, see instance()
+ */
+ public static function getInstance($prototype = null) {
return HTMLPurifier::instance($prototype);
}
-
+
}
+// vim: et sw=4 sts=4
View
204 lib/htmlpurifier/HTMLPurifier.safe-includes.php
@@ -0,0 +1,204 @@
+<?php
+
+/**
+ * @file
+ * This file was auto-generated by generate-includes.php and includes all of
+ * the core files required by HTML Purifier. This is a convenience stub that
+ * includes all files using dirname(__FILE__) and require_once. PLEASE DO NOT
+ * EDIT THIS FILE, changes will be overwritten the next time the script is run.
+ *
+ * Changes to include_path are not necessary.
+ */
+
+$__dir = dirname(__FILE__);
+
+require_once $__dir . '/HTMLPurifier.php';
+require_once $__dir . '/HTMLPurifier/AttrCollections.php';
+require_once $__dir . '/HTMLPurifier/AttrDef.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform.php';
+require_once $__dir . '/HTMLPurifier/AttrTypes.php';
+require_once $__dir . '/HTMLPurifier/AttrValidator.php';
+require_once $__dir . '/HTMLPurifier/Bootstrap.php';
+require_once $__dir . '/HTMLPurifier/Definition.php';
+require_once $__dir . '/HTMLPurifier/CSSDefinition.php';
+require_once $__dir . '/HTMLPurifier/ChildDef.php';
+require_once $__dir . '/HTMLPurifier/Config.php';
+require_once $__dir . '/HTMLPurifier/ConfigSchema.php';
+require_once $__dir . '/HTMLPurifier/ContentSets.php';
+require_once $__dir . '/HTMLPurifier/Context.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCacheFactory.php';
+require_once $__dir . '/HTMLPurifier/Doctype.php';
+require_once $__dir . '/HTMLPurifier/DoctypeRegistry.php';
+require_once $__dir . '/HTMLPurifier/ElementDef.php';
+require_once $__dir . '/HTMLPurifier/Encoder.php';
+require_once $__dir . '/HTMLPurifier/EntityLookup.php';
+require_once $__dir . '/HTMLPurifier/EntityParser.php';
+require_once $__dir . '/HTMLPurifier/ErrorCollector.php';
+require_once $__dir . '/HTMLPurifier/ErrorStruct.php';
+require_once $__dir . '/HTMLPurifier/Exception.php';
+require_once $__dir . '/HTMLPurifier/Filter.php';
+require_once $__dir . '/HTMLPurifier/Generator.php';
+require_once $__dir . '/HTMLPurifier/HTMLDefinition.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule.php';
+require_once $__dir . '/HTMLPurifier/HTMLModuleManager.php';
+require_once $__dir . '/HTMLPurifier/IDAccumulator.php';
+require_once $__dir . '/HTMLPurifier/Injector.php';
+require_once $__dir . '/HTMLPurifier/Language.php';
+require_once $__dir . '/HTMLPurifier/LanguageFactory.php';
+require_once $__dir . '/HTMLPurifier/Length.php';
+require_once $__dir . '/HTMLPurifier/Lexer.php';
+require_once $__dir . '/HTMLPurifier/PercentEncoder.php';
+require_once $__dir . '/HTMLPurifier/PropertyList.php';
+require_once $__dir . '/HTMLPurifier/PropertyListIterator.php';
+require_once $__dir . '/HTMLPurifier/Strategy.php';
+require_once $__dir . '/HTMLPurifier/StringHash.php';
+require_once $__dir . '/HTMLPurifier/StringHashParser.php';
+require_once $__dir . '/HTMLPurifier/TagTransform.php';
+require_once $__dir . '/HTMLPurifier/Token.php';
+require_once $__dir . '/HTMLPurifier/TokenFactory.php';
+require_once $__dir . '/HTMLPurifier/URI.php';
+require_once $__dir . '/HTMLPurifier/URIDefinition.php';
+require_once $__dir . '/HTMLPurifier/URIFilter.php';
+require_once $__dir . '/HTMLPurifier/URIParser.php';
+require_once $__dir . '/HTMLPurifier/URIScheme.php';
+require_once $__dir . '/HTMLPurifier/URISchemeRegistry.php';
+require_once $__dir . '/HTMLPurifier/UnitConverter.php';
+require_once $__dir . '/HTMLPurifier/VarParser.php';
+require_once $__dir . '/HTMLPurifier/VarParserException.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Enum.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Integer.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Lang.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Switch.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Text.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Number.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/AlphaValue.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Background.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Border.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Color.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Composite.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Filter.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Font.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/FontFamily.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Multiple.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Class.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/LinkTypes.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/MultiLength.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Host.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv4.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv6.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Background.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BdoDir.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BgColor.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BoolToCSS.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Border.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/EnumToCSS.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ImgRequired.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ImgSpace.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Input.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ScriptRequired.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Textarea.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Empty.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Required.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Optional.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/StrictBlockquote.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Table.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Null.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Serializer.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Memory.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Bdo.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/CommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Edit.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Forms.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Hypertext.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/List.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Ruby.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/SafeEmbed.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Scripting.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/StyleAttribute.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tables.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Target.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Text.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Name.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Strict.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Transitional.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTML.php';
+require_once $__dir . '/HTMLPurifier/Injector/AutoParagraph.php';
+require_once $__dir . '/HTMLPurifier/Injector/DisplayLinkURI.php';
+require_once $__dir . '/HTMLPurifier/Injector/Linkify.php';
+require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php';
+require_once $__dir . '/HTMLPurifier/Injector/RemoveEmpty.php';
+require_once $__dir . '/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
+require_once $__dir . '/HTMLPurifier/Injector/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php';
+require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php';
+require_once $__dir . '/HTMLPurifier/Strategy/Composite.php';
+require_once $__dir . '/HTMLPurifier/Strategy/Core.php';
+require_once $__dir . '/HTMLPurifier/Strategy/FixNesting.php';
+require_once $__dir . '/HTMLPurifier/Strategy/MakeWellFormed.php';
+require_once $__dir . '/HTMLPurifier/Strategy/RemoveForeignElements.php';
+require_once $__dir . '/HTMLPurifier/Strategy/ValidateAttributes.php';
+require_once $__dir . '/HTMLPurifier/TagTransform/Font.php';
+require_once $__dir . '/HTMLPurifier/TagTransform/Simple.php';
+require_once $__dir . '/HTMLPurifier/Token/Comment.php';
+require_once $__dir . '/HTMLPurifier/Token/Tag.php';
+require_once $__dir . '/HTMLPurifier/Token/Empty.php';
+require_once $__dir . '/HTMLPurifier/Token/End.php';
+require_once $__dir . '/HTMLPurifier/Token/Start.php';
+require_once $__dir . '/HTMLPurifier/Token/Text.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternal.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternalResources.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/HostBlacklist.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/MakeAbsolute.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/Munge.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/data.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/ftp.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/http.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/https.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/mailto.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/news.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/nntp.php';
+require_once $__dir . '/HTMLPurifier/VarParser/Flexible.php';
+require_once $__dir . '/HTMLPurifier/VarParser/Native.php';
View
39 lib/htmlpurifier/HTMLPurifier/AttrCollections.php
@@ -1,27 +1,25 @@
<?php
-require_once 'HTMLPurifier/AttrTypes.php';
-
/**
* Defines common attribute collections that modules reference
*/
class HTMLPurifier_AttrCollections
{
-
+
/**
* Associative array of attribute collections, indexed by name
*/
- var $info = array();
-
+ public $info = array();
+
/**
* Performs all expansions on internal data for use by other inclusions
* It also collects all attribute collection extensions from
* modules
* @param $attr_types HTMLPurifier_AttrTypes instance
* @param $modules Hash array of HTMLPurifier_HTMLModule members
*/
- function HTMLPurifier_AttrCollections($attr_types, $modules) {
+ public function __construct($attr_types, $modules) {
// load extensions from the modules
foreach ($modules as $module) {
foreach ($module->attr_collections as $coll_i => $coll) {
@@ -47,13 +45,13 @@ function HTMLPurifier_AttrCollections($attr_types, $modules) {
$this->expandIdentifiers($this->info[$name], $attr_types);
}
}
-
+
/**
* Takes a reference to an attribute associative array and performs
* all inclusions specified by the zero index.
* @param &$attr Reference to attribute array
*/
- function performInclusions(&$attr) {
+ public function performInclusions(&$attr) {
if (!isset($attr[0])) return;
$merge = $attr[0];
$seen = array(); // recursion guard
@@ -74,56 +72,57 @@ function performInclusions(&$attr) {
}
unset($attr[0]);
}
-
+
/**
* Expands all string identifiers in an attribute array by replacing
* them with the appropriate values inside HTMLPurifier_AttrTypes
* @param &$attr Reference to attribute array
* @param $attr_types HTMLPurifier_AttrTypes instance
*/
- function expandIdentifiers(&$attr, $attr_types) {
-
+ public function expandIdentifiers(&$attr, $attr_types) {
+
// because foreach will process new elements we add, make sure we
// skip duplicates
$processed = array();
-
+
foreach ($attr as $def_i => $def) {
// skip inclusions
if ($def_i === 0) continue;
-
+
if (isset($processed[$def_i])) continue;
-
+
// determine whether or not attribute is required
if ($required = (strpos($def_i, '*') !== false)) {
// rename the definition
unset($attr[$def_i]);
$def_i = trim($def_i, '*');
$attr[$def_i] = $def;
}
-
+
$processed[$def_i] = true;
-
+
// if we've already got a literal object, move on
if (is_object($def)) {
// preserve previous required
$attr[$def_i]->required = ($required || $attr[$def_i]->required);
continue;
}
-
+
if ($def === false) {
unset($attr[$def_i]);
continue;
}
-
+
if ($t = $attr_types->get($def)) {
$attr[$def_i] = $t;
$attr[$def_i]->required = $required;
} else {
unset($attr[$def_i]);
}
}
-
+
}
-
+
}
+// vim: et sw=4 sts=4
View
54 lib/htmlpurifier/HTMLPurifier/AttrDef.php
@@ -2,90 +2,86 @@
/**
* Base class for all validating attribute definitions.
- *
+ *
* This family of classes forms the core for not only HTML attribute validation,
* but also any sort of string that needs to be validated or cleaned (which
- * means CSS properties and composite definitions are defined here too).
+ * means CSS properties and composite definitions are defined here too).
* Besides defining (through code) what precisely makes the string valid,
* subclasses are also responsible for cleaning the code if possible.
*/
-class HTMLPurifier_AttrDef
+abstract class HTMLPurifier_AttrDef
{
-
+
/**
* Tells us whether or not an HTML attribute is minimized. Has no
* meaning in other contexts.
*/
- var $minimized = false;
-
+ public $minimized = false;
+
/**
* Tells us whether or not an HTML attribute is required. Has no
* meaning in other contexts
*/
- var $required = false;
-
+ public $required = false;
+
/**
* Validates and cleans passed string according to a definition.
- *
- * @public
+ *
* @param $string String to be validated and cleaned.
* @param $config Mandatory HTMLPurifier_Config object.
* @param $context Mandatory HTMLPurifier_AttrContext object.
*/
- function validate($string, $config, &$context) {
- trigger_error('Cannot call abstract function', E_USER_ERROR);
- }
-
+ abstract public function validate($string, $config, $context);
+
/**
* Convenience method that parses a string as if it were CDATA.
- *
+ *
* This method process a string in the manner specified at
* <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
* leading and trailing whitespace, ignoring line feeds, and replacing
* carriage returns and tabs with spaces. While most useful for HTML
* attributes specified as CDATA, it can also be applied to most CSS
* values.
- *
+ *
* @note This method is not entirely standards compliant, as trim() removes
* more types of whitespace than specified in the spec. In practice,
* this is rarely a problem, as those extra characters usually have
* already been removed by HTMLPurifier_Encoder.
- *
+ *
* @warning This processing is inconsistent with XML's whitespace handling
* as specified by section 3.3.3 and referenced XHTML 1.0 section
* 4.7. However, note that we are NOT necessarily
* parsing XML, thus, this behavior may still be correct. We
* assume that newlines have been normalized.
- *
- * @public
*/
- function parseCDATA($string) {
+ public function parseCDATA($string) {
$string = trim($string);
$string = str_replace(array("\n", "\t", "\r"), ' ', $string);
return $string;
}
-
+
/**
* Factory method for creating this class from a string.
* @param $string String construction info
* @return Created AttrDef object corresponding to $string
- * @public
*/
- function make($string) {
- // default implementation, return flyweight of this object
- // if overloaded, it is *necessary* for you to clone the
- // object (usually by instantiating a new copy) and return that
+ public function make($string) {
+ // default implementation, return a flyweight of this object.
+ // If $string has an effect on the returned object (i.e. you
+ // need to overload this method), it is best
+ // to clone or instantiate new copies. (Instantiation is safer.)
return $this;
}
-
+
/**
* Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
* properly. THIS IS A HACK!
*/
- function mungeRgb($string) {
+ protected function mungeRgb($string) {
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
}
-
+
}
+// vim: et sw=4 sts=4
View
36 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
@@ -1,8 +1,5 @@
<?php
-require_once 'HTMLPurifier/AttrDef.php';
-require_once 'HTMLPurifier/CSSDefinition.php';
-
/**
* Validates the HTML attribute style, otherwise known as CSS.
* @note We don't implement the whole CSS specification, so it might be
@@ -16,22 +13,28 @@
*/
class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
{
-
- function validate($css, $config, &$context) {
-
+
+ public function validate($css, $config, $context) {
+
$css = $this->parseCDATA($css);
-
+
$definition = $config->getCSSDefinition();
-
+
// we're going to break the spec and explode by semicolons.
// This is because semicolon rarely appears in escaped form
// Doing this is generally flaky but fast
// IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
// for details
-
+
$declarations = explode(';', $css);
$propvalues = array();
-
+
+ /**
+ * Name of the current CSS property being validated.
+ */
+ $property = false;
+ $context->register('CurrentCSSProperty', $property);
+
foreach ($declarations as $declaration) {
if (!$declaration) continue;
if (!strpos($declaration, ':')) continue;
@@ -63,19 +66,22 @@ function validate($css, $config, &$context) {
if ($result === false) continue;
$propvalues[$property] = $result;
}
-
+
+ $context->destroy('CurrentCSSProperty');
+
// procedure does not write the new CSS simultaneously, so it's
// slightly inefficient, but it's the only way of getting rid of
// duplicates. Perhaps config to optimize it, but not now.
-
+
$new_declarations = '';
foreach ($propvalues as $prop => $value) {
$new_declarations .= "$prop:$value;";
}
-
+
return $new_declarations ? $new_declarations : false;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
View
21 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
@@ -0,0 +1,21 @@
+<?php
+
+class HTMLPurifier_AttrDef_CSS_AlphaValue extends HTMLPurifier_AttrDef_CSS_Number
+{
+
+ public function __construct() {
+ parent::__construct(false); // opacity is non-negative, but we will clamp it
+ }
+
+ public function validate($number, $config, $context) {
+ $result = parent::validate($number, $config, $context);
+ if ($result === false) return $result;
+ $float = (float) $result;
+ if ($float < 0.0) $result = '0';
+ if ($float > 1.0) $result = '1';
+ return $result;
+ }
+
+}
+
+// vim: et sw=4 sts=4
View
38 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
@@ -1,52 +1,49 @@
<?php
-require_once 'HTMLPurifier/AttrDef.php';
-require_once 'HTMLPurifier/CSSDefinition.php';
-
/**
* Validates shorthand CSS property background.
* @warning Does not support url tokens that have internal spaces.
*/
class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
{
-
+
/**
* Local copy of component validators.
* @note See HTMLPurifier_AttrDef_Font::$info for a similar impl.
*/
- var $info;
-
- function HTMLPurifier_AttrDef_CSS_Background($config) {
+ protected $info;
+
+ public function __construct($config) {
$def = $config->getCSSDefinition();
$this->info['background-color'] = $def->info['background-color'];
$this->info['background-image'] = $def->info['background-image'];
$this->info['background-repeat'] = $def->info['background-repeat'];
$this->info['background-attachment'] = $def->info['background-attachment'];
$this->info['background-position'] = $def->info['background-position'];
}
-
- function validate($string, $config, &$context) {
-
+
+ public function validate($string, $config, $context) {
+
// regular pre-processing
$string = $this->parseCDATA($string);
if ($string === '') return false;
-
+
// munge rgb() decl if necessary
$string = $this->mungeRgb($string);
-
+
// assumes URI doesn't have spaces in it
$bits = explode(' ', strtolower($string)); // bits to process
-
+
$caught = array();
$caught['color'] = false;
$caught['image'] = false;
$caught['repeat'] = false;
$caught['attachment'] = false;
$caught['position'] = false;
-
+
$i = 0; // number of catches
$none = false;
-
+
foreach ($bits as $bit) {
if ($bit === '') continue;
foreach ($caught as $key => $status) {
@@ -67,23 +64,24 @@ function validate($string, $config, &$context) {
break;
}
}
-
+
if (!$i) return false;
if ($caught['position'] !== false) {
$caught['position'] = $this->info['background-position']->
validate($caught['position'], $config, $context);
}
-
+
$ret = array();
foreach ($caught as $value) {
if ($value === false) continue;
$ret[] = $value;
}
-
+
if (empty($ret)) return false;
return implode(' ', $ret);
-
+
}
-
+
}
+// vim: et sw=4 sts=4
View
57 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
@@ -1,17 +1,13 @@
<?php
-require_once 'HTMLPurifier/AttrDef.php';
-require_once 'HTMLPurifier/AttrDef/CSS/Length.php';
-require_once 'HTMLPurifier/AttrDef/CSS/Percentage.php';
-
/* W3C says:
[ // adjective and number must be in correct order, even if
// you could switch them without introducing ambiguity.
// some browsers support that syntax
[
<percentage> | <length> | left | center | right
]
- [
+ [
<percentage> | <length> | top | center | bottom
]?
] |
@@ -32,10 +28,10 @@
/* QuirksMode says:
keyword + length/percentage must be ordered correctly, as per W3C
-
+
Internet Explorer and Opera, however, support arbitrary ordering. We
should fix it up.
-
+
Minor issue though, not strictly necessary.
*/
@@ -47,83 +43,84 @@
*/
class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
{
-
- var $length;
- var $percentage;
-
- function HTMLPurifier_AttrDef_CSS_BackgroundPosition() {
+
+ protected $length;
+ protected $percentage;
+
+ public function __construct() {
$this->length = new HTMLPurifier_AttrDef_CSS_Length();
$this->percentage = new HTMLPurifier_AttrDef_CSS_Percentage();
}
-
- function validate($string, $config, &$context) {
+
+ public function validate($string, $config, $context) {
$string = $this->parseCDATA($string);
$bits = explode(' ', $string);
-
+
$keywords = array();
$keywords['h'] = false; // left, right
$keywords['v'] = false; // top, bottom
$keywords['c'] = false; // center
$measures = array();
-
+
$i = 0;
-
+
$lookup = array(
'top' => 'v',
'bottom' => 'v',
'left' => 'h',
'right' => 'h',
'center' => 'c'
);
-
+
foreach ($bits as $bit) {
if ($bit === '') continue;
-
+
// test for keyword
$lbit = ctype_lower($bit) ? $bit : strtolower($bit);
if (isset($lookup[$lbit])) {
$status = $lookup[$lbit];
$keywords[$status] = $lbit;
$i++;
}
-
+
// test for length
$r = $this->length->validate($bit, $config, $context);
if ($r !== false) {
$measures[] = $r;
$i++;
}
-
+
// test for percentage
$r = $this->percentage->validate($bit, $config, $context);
if ($r !== false) {
$measures[] = $r;
$i++;
}
-
+
}
-
+
if (!$i) return false; // no valid values were caught
-
-
+
+
$ret = array();
-
+
// first keyword
if ($keywords['h']) $ret[] = $keywords['h'];
elseif (count($measures)) $ret[] = array_shift($measures);
elseif ($keywords['c']) {
$ret[] = $keywords['c'];
$keywords['c'] = false; // prevent re-use: center = center center
}
-
+
if ($keywords['v']) $ret[] = $keywords['v'];
elseif (count($measures)) $ret[] = array_shift($measures);
elseif ($keywords['c']) $ret[] = $keywords['c'];
-
+
if (empty($ret)) return false;
return implode(' ', $ret);
-
+
}
-
+
}
+// vim: et sw=4 sts=4
View
17 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
@@ -1,26 +1,24 @@
<?php
-require_once 'HTMLPurifier/AttrDef.php';
-
/**
* Validates the border property as defined by CSS.
*/
class HTMLPurifier_AttrDef_CSS_Border extends HTMLPurifier_AttrDef
{
-
+
/**
* Local copy of properties this property is shorthand for.
*/
- var $info = array();
-
- function HTMLPurifier_AttrDef_CSS_Border($config) {
+ protected $info = array();
+
+ public function __construct($config) {
$def = $config->getCSSDefinition();
$this->info['border-width'] = $def->info['border-width'];
$this->info['border-style'] = $def->info['border-style'];
$this->info['border-top-color'] = $def->info['border-top-color'];
}
-
- function validate($string, $config, &$context) {
+
+ public function validate($string, $config, $context) {
$string = $this->parseCDATA($string);
$string = $this->mungeRgb($string);
$bits = explode(' ', $string);
@@ -39,6 +37,7 @@ function validate($string, $config, &$context) {
}
return rtrim($ret);
}
-
+
}
+// vim: et sw=4 sts=4
View
48 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
@@ -1,49 +1,22 @@
<?php
-require_once 'HTMLPurifier/AttrDef.php';
-
-HTMLPurifier_ConfigSchema::define(
- 'Core', 'ColorKeywords', array(
- 'maroon' => '#800000',
- 'red' => '#FF0000',
- 'orange' => '#FFA500',
- 'yellow' => '#FFFF00',
- 'olive' => '#808000',
- 'purple' => '#800080',
- 'fuchsia' => '#FF00FF',
- 'white' => '#FFFFFF',
- 'lime' => '#00FF00',
- 'green' => '#008000',
- 'navy' => '#000080',
- 'blue' => '#0000FF',
- 'aqua' => '#00FFFF',
- 'teal' => '#008080',
- 'black' => '#000000',
- 'silver' => '#C0C0C0',
- 'gray' => '#808080'
- ), 'hash', '
-Lookup array of color names to six digit hexadecimal number corresponding
-to color, with preceding hash mark. Used when parsing colors.
-This directive has been available since 2.0.0.
-');
-
/**
* Validates Color as defined by CSS.
*/
class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
{
-
- function validate($color, $config, &$context) {
-
+
+ public function validate($color, $config, $context) {
+
static $colors = null;
- if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
-
+ if ($colors === null) $colors = $config->get('Core.ColorKeywords');
+
$color = trim($color);
if ($color === '') return false;
-
+
$lower = strtolower($color);
if (isset($colors[$lower])) return $colors[$lower];
-
+
if (strpos($color, 'rgb(') !== false) {
// rgb literal handling
$length = strlen($color);
@@ -95,10 +68,11 @@ function validate($color, $config, &$context) {
if ($length !== 3 && $length !== 6) return false;
if (!ctype_xdigit($hex)) return false;
}
-
+
return $color;
-
+
}
-
+
}
+// vim: et sw=4 sts=4
View
19 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
@@ -2,7 +2,7 @@
/**
* Allows multiple validators to attempt to validate attribute.
- *
+ *
* Composite is just what it sounds like: a composite of many validators.
* This means that multiple HTMLPurifier_AttrDef objects will have a whack
* at the string. If one of them passes, that's what is returned. This is
@@ -11,27 +11,28 @@
*/
class HTMLPurifier_AttrDef_CSS_Composite extends HTMLPurifier_AttrDef
{
-
+
/**
* List of HTMLPurifier_AttrDef objects that may process strings
- * @protected
+ * @todo Make protected
*/
- var $defs;
-
+ public $defs;
+
/**
* @param $defs List of HTMLPurifier_AttrDef objects
*/
- function HTMLPurifier_AttrDef_CSS_Composite($defs) {
+ public function __construct($defs) {
$this->defs = $defs;
}
-
- function validate($string, $config, &$context) {
+
+ public function validate($string, $config, $context) {
foreach ($this->defs as $i => $def) {
$result = $this->defs[$i]->validate($string, $config, $context);
if ($result !== false) return $result;
}
return false;
}
-
+
}
+// vim: et sw=4 sts=4
View
12 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
@@ -5,22 +5,24 @@
*/
class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
{
- var $def, $element;
-
+ public $def, $element;
+
/**
* @param $def Definition to wrap
* @param $element Element to deny
*/
- function HTMLPurifier_AttrDef_CSS_DenyElementDecorator(&$def, $element) {
- $this->def =& $def;
+ public function __construct($def, $element) {
+ $this->def = $def;
$this->element = $element;
}
/**
* Checks if CurrentToken is set and equal to $this->element
*/
- function validate($string, $config, $context) {
+ public function validate($string, $config, $context) {
$token = $context->get('CurrentToken', true);
if ($token && $token->name == $this->element) return false;
return $this->def->validate($string, $config, $context);
}
}
+
+// vim: et sw=4 sts=4
View
54 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * Microsoft's proprietary filter: CSS property
+ * @note Currently supports the alpha filter. In the future, this will
+ * probably need an extensible framework
+ */
+class HTMLPurifier_AttrDef_CSS_Filter extends HTMLPurifier_AttrDef
+{
+
+ protected $intValidator;
+
+ public function __construct() {
+ $this->intValidator = new HTMLPurifier_AttrDef_Integer();
+ }
+
+ public function validate($value, $config, $context) {
+ $value = $this->parseCDATA($value);
+ if ($value === 'none') return $value;
+ // if we looped this we could support multiple filters
+ $function_length = strcspn($value, '(');
+ $function = trim(substr($value, 0, $function_length));
+ if ($function !== 'alpha' &&
+ $function !== 'Alpha' &&
+ $function !== 'progid:DXImageTransform.Microsoft.Alpha'
+ ) return false;
+ $cursor = $function_length + 1;
+ $parameters_length = strcspn($value, ')', $cursor);
+ $parameters = substr($value, $cursor, $parameters_length);
+ $params = explode(',', $parameters);
+ $ret_params = array();
+ $lookup = array();
+ foreach ($params as $param) {
+ list($key, $value) = explode('=', $param);
+ $key = trim($key);
+ $value = trim($value);
+ if (isset($lookup[$key])) continue;
+ if ($key !== 'opacity') continue;
+ $value = $this->intValidator->validate($value, $config, $context);
+ if ($value === false) continue;
+ $int = (int) $value;
+ if ($int > 100) $value = '100';
+ if ($int < 0) $value = '0';
+ $ret_params[] = "$key=$value";
+ $lookup[$key] = true;
+ }
+ $ret_parameters = implode(',', $ret_params);
+ $ret_function = "$function($ret_parameters)";
+ return $ret_function;
+ }
+
+}
+
+// vim: et sw=4 sts=4
View
35 lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
@@ -1,24 +1,22 @@
<?php
-require_once 'HTMLPurifier/AttrDef.php';
-
/**
* Validates shorthand CSS property font.
*/
class HTMLPurifier_AttrDef_CSS_Font extends HTMLPurifier_AttrDef
{
-
+
/**
* Local copy of component validators.
- *
+ *
* @note If we moved specific CSS property definitions to their own
* classes instead of having them be assembled at run time by
* CSSDefinition, this wouldn't be necessary. We'd instantiate
* our own copies.
*/
- var $info = array();
-
- function HTMLPurifier_AttrDef_CSS_Font($config) {
+ protected $info = array();
+
+ public function __construct($config) {
$def = $config->getCSSDefinition();
$this->info['font-style'] = $def->info['font-style'];
$this->info['font-variant'] = $def->info['font-variant'];
@@ -27,9 +25,9 @@ function HTMLPurifier_AttrDef_CSS_Font($config) {
$this->info['line-height'] = $def->info['line-height'];
$this->info['font-family'] = $def->info['font-family'];
}
-
- function validate($string, $config, &$context) {
-
+
+ public function validate($string, $config, $context) {
+
static $system_fonts = array(
'caption' => true,
'icon' => true,
@@ -38,27 +36,27 @@ function validate($string, $config, &$context) {
'small-caption' => true,
'status-bar' => true