function KHTMLNode($type, $name = '', $attr = '', $text = '', $cleanXSS = 0, $for_comments = 0, $safe_tags = null)
{
global $FUNCS;
if ($name[0] == '/') {
$this->is_end_tag = 1;
$name = trim(substr($name, 1));
} elseif (substr($attr[0], -1) == '/') {
$this->is_self_closing = 1;
$attr[0] = substr($attr[0], 0, -1);
} elseif (in_array($name, $this->self_closing_tags)) {
$this->is_self_closing = 1;
}
$this->cleanXSS = $cleanXSS;
$this->for_comments = $for_comments;
if (is_array($safe_tags)) {
$this->safe_tags = $safe_tags;
}
if ($this->cleanXSS) {
if ($type == K_NODE_TYPE_TEXT) {
$text = $FUNCS->escape_HTML($text);
if ($this->for_comments == 1) {
$text = $this->nl2br($text);
}
} elseif ($type == K_NODE_TYPE_CODE) {
if (!in_array($name, $this->safe_tags)) {
$this->escape_tag = 1;
}
if (strlen($attr[0])) {
$val = $attr[0];
// normalize (decode) all entities before hunting for XSS elements
$val = $this->normalize_entities($val);
// sanitize
$val = $this->sanitize($val);
if ($this->escape_tag) {
$val = $FUNCS->escape_HTML($val);
}
$attr[0] = $val;
}
// if tag being used within comments, strip off attributes (except href of 'a' tag)
if ($this->for_comments) {
if ($name == 'a') {
$link = preg_match('@\\bhref\\s*=\\s*["\']([^"\']*)["\']@is', $attr[0], $matches) ? $matches[1] : '';
$attr[0] = 'rel="external nofollow" href="' . $link . '"';
} else {
$attr[0] = '';
}
}
}
}
parent::KNode($type, $name, $attr, $text);
}
function KHTMLNode($type, $name = '', $attr = '', $text = '', $cleanXSS = 0, $for_comments = 0, $safe_tags = null, $not_so_safe_tags = null)
{
global $FUNCS;
if ($name[0] == '/') {
$this->is_end_tag = 1;
$name = trim(substr($name, 1));
} elseif (substr($attr[0], -1) == '/') {
$this->is_self_closing = 1;
$attr[0] = substr($attr[0], 0, -1);
} elseif (in_array($name, $this->self_closing_tags)) {
$this->is_self_closing = 1;
}
$this->cleanXSS = $cleanXSS;
$this->for_comments = $for_comments;
if (is_array($safe_tags)) {
$this->safe_tags = $safe_tags;
}
if (is_array($not_so_safe_tags)) {
$this->not_so_safe_tags = $not_so_safe_tags;
}
if ($this->cleanXSS) {
if ($type == K_NODE_TYPE_TEXT) {
$text = $FUNCS->escape_HTML($text);
if ($this->for_comments == 1) {
$text = $this->nl2br($text);
}
} elseif ($type == K_NODE_TYPE_CODE) {
if (!in_array($name, $this->safe_tags)) {
if (array_key_exists($name, $this->not_so_safe_tags)) {
while (preg_match('/([^= ]+)=(["\'])(.*?)\\2/', $attr[0], $matches, PREG_OFFSET_CAPTURE, $offset)) {
$offset = $matches[3][1];
foreach ($this->not_so_safe_tags[$name] as $tag_key => $tag_pattern) {
if (strtolower($matches[1][0]) != $tag_key) {
continue;
}
if (!preg_match($tag_pattern, $matches[3][0])) {
$this->escape_tag = 1;
break;
}
}
if ($this->escape_tag) {
break;
}
}
} else {
$this->escape_tag = 1;
}
}
if (strlen($attr[0])) {
$val = $attr[0];
// normalize (decode) all entities before hunting for XSS elements
$val = $this->normalize_entities($val);
// sanitize
$val = $this->sanitize($val);
if ($this->escape_tag) {
$val = $FUNCS->escape_HTML($val);
}
$attr[0] = $val;
}
// if tag being used within comments, strip off attributes (except href of 'a' tag)
if ($this->for_comments) {
if ($name == 'a') {
$link = preg_match('@\\bhref\\s*=\\s*["\']([^"\']*)["\']@is', $attr[0], $matches) ? $matches[1] : '';
$attr[0] = 'rel="external nofollow" href="' . $link . '"';
} else {
$attr[0] = '';
}
}
}
}
parent::KNode($type, $name, $attr, $text);
}
