Convenience constructor that creates a default configuration object.
public static createDefault ( ) : HTMLPurifier_Config | ||
return | HTMLPurifier_Config | default object. |
function html_purify($dirty_html, $config = FALSE) { require_once APPPATH . 'third_party/htmlpurifier-4.6.0-standalone/HTMLPurifier.standalone.php'; if (is_array($dirty_html)) { foreach ($dirty_html as $key => $val) { $clean_html[$key] = html_purify($val, $config); } } else { $ci =& get_instance(); switch ($config) { //settings for rhe WYSIWYG case 'comment': $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', $ci->config->item('charset')); $config->set('HTML.Doctype', 'XHTML 1.0 Strict'); $config->set('HTML.Allowed', 'a[href|title],img[title|src|alt],em,strong,cite,blockquote,code,ul,ol,li,dl,dt,dd,p,br,h1,h2,h3,h4,h5,h6,span,*[style]'); $config->set('AutoFormat.AutoParagraph', TRUE); $config->set('AutoFormat.Linkify', TRUE); $config->set('AutoFormat.RemoveEmpty', TRUE); break; case FALSE: $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', $ci->config->item('charset')); $config->set('HTML.Doctype', 'XHTML 1.0 Strict'); break; default: show_error('The HTMLPurifier configuration labeled "' . htmlentities($config, ENT_QUOTES, 'UTF-8') . '" could not be found.'); } $purifier = new HTMLPurifier($config); $clean_html = $purifier->purify($dirty_html); } return $clean_html; }
/** * Value sanitation. Sanitize input and output with ease using one of the sanitation types below. * * @param string $data the string/value you wish to sanitize * @param string $type the type of sanitation you wish to use. * @return string the sanitized string */ public function sanitize($data, $type = '') { ## Use the HTML Purifier, as it help remove malicious scripts and code. ## ## HTML Purifier 4.4.0 - Standards Compliant HTML Filtering ## require_once 'htmlpurifier/HTMLPurifier.standalone.php'; $purifier = new HTMLPurifier(); $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', 'UTF-8'); // If no type if selected, it will simply run it through the HTML purifier only. switch ($type) { // Remove HTML tags (can have issues with invalid tags, keep that in mind!) case 'purestring': $data = strip_tags($data); break; // Only allow a-z (H & L case) // Only allow a-z (H & L case) case 'atoz': $data = preg_replace('/[^a-zA-Z]+/', '', $data); break; // Integers only - Remove any non 0-9 and use Intval() to make sure it is an integer which comes out. // Integers only - Remove any non 0-9 and use Intval() to make sure it is an integer which comes out. case 'integer': $data = intval(preg_replace('/[^0-9]+/', '', $data)); break; } /* HTML purifier to help prevent XSS in case anything slipped through. */ $data = $purifier->purify($data); return $data; }
/** * clean the comment text field from html, in order to use it as submitted text * uses the htmlpurifier library, or a simple strip_tags call, based on the app.yml config file * * @return String * @param String - the text to be cleaned * * @author Guglielmo Celata * @see http://htmlpurifier.org/ **/ public static function clean($text) { $allowed_html_tags = sfConfig::get('app_deppPropelActAsCommentableBehaviorPlugin_allowed_tags', array()); $use_htmlpurifier = sfConfig::get('app_deppPropelActAsCommentableBehaviorPlugin_use_htmlpurifier', false); if ($use_htmlpurifier) { $htmlpurifier_path = sfConfig::get('app_deppPropelActAsCommentableBehaviorPlugin_htmlpurifier_path', SF_ROOT_DIR . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . 'htmlpurifier' . DIRECTORY_SEPARATOR . 'library' . DIRECTORY_SEPARATOR); require_once $htmlpurifier_path . 'HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('HTML', 'Doctype', 'XHTML 1.0 Strict'); $config->set('HTML', 'Allowed', implode(',', array_keys($allowed_html_tags))); if (isset($allowed_html_tags['a'])) { $config->set('HTML', 'AllowedAttributes', 'a.href'); $config->set('AutoFormat', 'Linkify', true); } if (isset($allowed_html_tags['p'])) { $config->set('AutoFormat', 'AutoParagraph', true); } $purifier = new HTMLPurifier($config); $clean_text = $purifier->purify($text); } else { $allowed_html_tags_as_string = ""; foreach ($allowed_html_tags as $tag) { $allowed_html_tags_as_string .= "{$tag}"; } $clean_text = strip_tags($text, $allowed_html_tags_as_string); } return $clean_text; }
/** * Retrieves a scheme validator object * @param $scheme String scheme name like http or mailto * @param $config HTMLPurifier_Config object * @param $config HTMLPurifier_Context object */ public function getScheme($scheme, $config, $context) { if (!$config) { $config = HTMLPurifier_Config::createDefault(); } $null = null; // for the sake of passing by reference // important, otherwise attacker could include arbitrary file $allowed_schemes = $config->get('URI', 'AllowedSchemes'); if (!$config->get('URI', 'OverrideAllowedSchemes') && !isset($allowed_schemes[$scheme])) { return $null; } if (isset($this->schemes[$scheme])) { return $this->schemes[$scheme]; } if (!isset($allowed_schemes[$scheme])) { return $null; } $class = 'HTMLPurifier_URIScheme_' . $scheme; if (!class_exists($class)) { return $null; } $this->schemes[$scheme] = new $class(); return $this->schemes[$scheme]; }
public function getConfig() { if ($this->config === null) { $this->config = \HTMLPurifier_Config::createDefault(); } return $this->config; }
/** * Retrieves a scheme validator object * @param $scheme String scheme name like http or mailto * @param $config HTMLPurifier_Config object * @param $config HTMLPurifier_Context object */ public function getScheme($scheme, $config, $context) { if (!$config) { $config = HTMLPurifier_Config::createDefault(); } // important, otherwise attacker could include arbitrary file $allowed_schemes = $config->get('URI.AllowedSchemes'); if (!$config->get('URI.OverrideAllowedSchemes') && !isset($allowed_schemes[$scheme])) { return; } if (isset($this->schemes[$scheme])) { return $this->schemes[$scheme]; } if (!isset($allowed_schemes[$scheme])) { return; } $class = 'HTMLPurifier_URIScheme_' . $scheme; // Case-sensitive on all non-windows systems require_once 'HTMLPurifier/URIScheme/' . $scheme . '.php'; if (!class_exists($class)) { return; } $this->schemes[$scheme] = new $class(); return $this->schemes[$scheme]; }
function html_filter_admin($html) { static $purifier; if (!isset($purifier)) { $ci = get_instance(); $ci->config->load('html_filter_admin', true, true); $config = $ci->config->item('html_filter_admin'); if (!is_array($config)) { $config = array(); } if (!isset($config['allowed_tags'])) { $config['allowed_tags'] = ''; } $purifier_config = HTMLPurifier_Config::createDefault(); $purifier_config->set('Cache.SerializerPath', APPPATH . 'cache_htmlpurifier'); $purifier_config->set('Core.Encoding', 'utf-8'); $purifier_config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); $purifier_config->set('HTML.TidyLevel', 'light'); $purifier_config->set('Core.ConvertDocumentToFragment', false); $purifier_config->set('Core.RemoveProcessingInstructions', true); @$purifier_config->set('HTML.Allowed', $config['allowed_tags']); $purifier_config->set('HTML.SafeEmbed', true); $purifier_config->set('HTML.SafeObject', true); $purifier_config->set('HTML.FlashAllowFullScreen', true); $purifier_config->set('HTML.SafeIframe', true); $purifier_config->set('Attr.EnableID', true); $purifier_config->set('CSS.AllowImportant', true); $purifier_config->set('CSS.AllowTricky', true); $purifier_config->set('CSS.Proprietary', true); $purifier_config->set('Core.EnableIDNA', true); $purifier = @new HTMLPurifier($purifier_config); } return @$purifier->purify($html); }
/** * Prebehneme data HTML purifierom * @param array * @return void */ public function loadHttpData() { $data = $this->getForm()->getHttpData(); $name = $this->getName(); $value = isset($data[$name]) && is_scalar($data[$name]) ? $data[$name] : NULL; $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', $this->encoding); if (!is_null($this->docType)) { $config->set('HTML.Doctype', $this->docType); } $config->set('HTML.Allowed', 'p,a[href],strong,em,b,i,ul,ol,li,h1,h2,h3,h4,h5,div[class],span[class],br,sup,table[border],tr,td,th,thead,tbody,img[src],img[style]'); // $config->set('HTML.Allowed', 'p,a[href],strong,em,ul,ol,li,h1,h2,div[class],span[class],br,sup'); // $config->set('HTML.Allowed', 'p,a[href],strong,em,ul,ol,li,h2,h3,h4,h5'); // povoli lubovolny obsah pre href atribut odkazu - aby sa dali vyuzit latte links $config->set('HTML.DefinitionID', 'enduser-customize.html tutorial'); // $config->set('HTML.DefinitionRev', 1); // $config->set('Cache.DefinitionImpl', null); // remove this later! $def = $config->getHTMLDefinition(true); $def->addAttribute('a', 'href*', 'Text'); $purifier = new HTMLPurifier($config); // var_dump($value); // kedze CKEDITOR to escapuje a neviem ho prinutit aby to nerobil, tak to tu dam naspat, Purifier to nasledne aj tak spravne zescapuje // $value = html_entity_decode($value); // var_dump($value); // var_dump($purifier->purify($value));die(); $this->setValue($purifier->purify($value)); }
function scrape($url, $path, $parse) { $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', 'UTF-8'); //encoding of output $config->set('HTML.Doctype', 'XHTML 1.1'); //doctype of output $purifier = new HTMLPurifier($config); $dirty_html = file_get_contents($url); $clean_html = $purifier->purify($dirty_html); $html = str_get_html($clean_html); switch ($parse) { case 'tag': $ret = $html->find($path)->tag; break; case 'outertext': $ret = $html->find($path)->outertext; break; case 'innertext': $ret = $html->find($path)->innertext; break; case 'plaintext': $ret = $html->find($path)->plaintext; break; default: $ret = $html->find($path); break; } // clean up memory $html->clear(); unset($dirty_html); unset($clean_html); unset($html); return $ret; }
/** * Adds an element to the allowedElements list * * Security::addpurifierelement("cms", Array("attributes" => Array("name" => "Text"))); * * @param elementname elementname to add to the allowedelements * @param elementconfig array with config options for the new element; currently only 'attributes' are supported */ public static function addpurifierelement($elementname, $elementconfig = array()) { // Create a new configuration object, or load it if there is already one set if (Security::$htmlpurifierconfig != False) { $config = Security::$htmlpurifierconfig; } else { $config = HTMLPurifier_Config::createDefault(); $config->autoFinalize = false; // To allow for later changes to the config if (is_array($settings = Kohana::config('purifier.settings'))) { // Load the settings $config->loadArray($settings); } } if (!isset($elementconfig["attributes"]) or !is_array($elementconfig["attributes"])) { $elementconfig["attributes"] = array(); } $config->set('Core.Encoding', "UTF-8"); $config->set('HTML.DefinitionID', 'cms-specific'); $config->set('Cache.DefinitionImpl', null); // Do not use caching $def = $config->getHTMLDefinition(true); $element = $def->addElement($elementname, 'Inline', 'Flow', 'Common', $elementconfig["attributes"]); // Save configuration for later use Security::$htmlpurifierconfig = $config; }
public static function text($str) { $config = HTMLPurifier_Config::createDefault(); $cache_dir = Tiny::getPath('cache') . "/htmlpurifier/"; if (!file_exists($cache_dir)) { File::mkdir($cache_dir); } $config = HTMLPurifier_Config::createDefault(); //配置 缓存目录 $config->set('Cache.SerializerPath', $cache_dir); //设置cache目录 //配置 允许flash $config->set('HTML.SafeEmbed', true); $config->set('HTML.SafeObject', true); $config->set('Output.FlashCompat', true); //$config->set('HTML.Allowed', 'p'); //$config->set('AutoFormat.AutoParagraph', true); //$config->set('AutoFormat.RemoveEmpty', true); //允许<a>的target属性 $def = $config->getHTMLDefinition(true); $def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top'); $purifier = new HTMLPurifier($config); if (get_magic_quotes_gpc()) { $str = stripslashes($str); $str = $purifier->purify($str); $str = addslashes($str); } else { $str = $purifier->purify($str); } return self::sql($str); }
/** * Create custom post types */ function cvtx_init() { // Tagesordnungspunkte register_post_type('cvtx_top', array('labels' => array('name' => __('Agenda points', 'cvtx'), 'singular_name' => __('Agenda point', 'cvtx'), 'add_new_item' => __('Create agenda point', 'cvtx'), 'edit_item' => __('Edit agenda point', 'cvtx'), 'view_item' => __('View agenda point', 'cvtx'), 'menu_name' => __('agenda points (menu_name)', 'cvtx'), 'new_item' => __('New agenda point', 'cvtx'), 'search_items' => __('Search agenda points', 'cvtx'), 'not_found' => __('No agenda points found', 'cvtx'), 'not_found_in_trash' => __('No agenda points found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_top_small.png', 'rewrite' => array('slug' => __('agenda points (slug)', 'cvtx')), 'supports' => array('title', 'editor'))); // Anträge register_post_type('cvtx_antrag', array('labels' => array('name' => __('Resolutions', 'cvtx'), 'singular_name' => __('Resolution', 'cvtx'), 'add_new_item' => __('Create resolution', 'cvtx'), 'edit_item' => __('Edit resolution', 'cvtx'), 'view_item' => __('View resolution', 'cvtx'), 'menu_name' => __('resolutions (menu_name)', 'cvtx'), 'new_item' => __('New resolution', 'cvtx'), 'search_items' => __('Search resolutions', 'cvtx'), 'not_found' => __('No resolutions found', 'cvtx'), 'not_found_in_trash' => __('No resolutions found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_antrag_small.png', 'rewrite' => array('slug' => __('resolutions (slug)', 'cvtx')), 'supports' => array('title', 'editor'))); // Änderungsanträge register_post_type('cvtx_aeantrag', array('labels' => array('name' => __('Amendments', 'cvtx'), 'singular_name' => __('Amendment', 'cvtx'), 'add_new_item' => __('Create amendment', 'cvtx'), 'edit_item' => __('Edit amendment', 'cvtx'), 'view_item' => __('View amendment', 'cvtx'), 'menu_name' => __('amendments (menu_name)', 'cvtx'), 'new_item' => __('New amendment', 'cvtx'), 'search_items' => __('Search amendment', 'cvtx'), 'not_found' => __('No amendments found', 'cvtx'), 'not_found_in_trash' => __('No amendments found in Trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_aeantrag_small.png', 'rewrite' => array('slug' => __('amendments (slug)', 'cvtx')), 'supports' => array('editor'))); // Applications register_post_type('cvtx_application', array('labels' => array('name' => __('Applications', 'cvtx'), 'singular_name' => __('Application', 'cvtx'), 'add_new_item' => __('Create application', 'cvtx'), 'edit_item' => __('Edit application', 'cvtx'), 'view_item' => __('View application', 'cvtx'), 'menu_name' => __('Applications', 'cvtx'), 'new_item' => __('New application', 'cvtx'), 'search_items' => __('Search applications', 'cvtx'), 'not_found' => __('No applications found', 'cvtx'), 'not_found_in_trash' => __('No applications found in Trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'rewrite' => array('slug' => __('applications (slug)', 'cvtx')), 'supports' => array('title', 'editor'))); // Reader register_post_type('cvtx_reader', array('labels' => array('name' => __('Readers', 'cvtx'), 'singular_name' => __('Reader', 'cvtx'), 'add_new_item' => __('Create reader', 'cvtx'), 'new_item' => __('New reader', 'cvtx'), 'edit_item' => __('Edit reader', 'cvtx'), 'view_item' => __('View reader', 'cvtx'), 'menu_name' => __('readers (menu_name)', 'cvtx'), 'search_items' => __('Search reader', 'cvtx'), 'not_found' => __('No readers found', 'cvtx'), 'not_found_in_trash' => __('No readers found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_reader_small.png', 'rewrite' => array('slug' => __('readers (slug)', 'cvtx')), 'supports' => array('title'))); register_post_type('cvtx_event', array('labels' => array('name' => __('Events', 'cvtx'), 'singular_name' => __('Event', 'cvtx'), 'add_new_item' => __('Create event', 'cvtx'), 'new_item' => __('New event', 'cvtx'), 'edit_item' => __('Edit event', 'cvtx'), 'view_item' => __('View event', 'cvtx'), 'menu_name' => __('Events', 'cvtx'), 'search_items' => __('Search event', 'cvtx'), 'not_found' => __('No events found', 'cvtx'), 'not_found_in_trash' => __('No events found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'rewrite' => array('slug' => 'veranstaltungen'), 'supports' => array('title', 'editor'))); // Register reader taxonomy to Anträgen register_taxonomy('cvtx_tax_reader', 'cvtx_antrag', array('hierarchical' => true, 'label' => __('Readers', 'cvtx'), 'show_ui' => false, 'query_var' => true, 'rewrite' => false)); // Register reader taxonomy to amendments register_taxonomy('cvtx_tax_reader', 'cvtx_aeantrag', array('hierarchical' => true, 'label' => __('Readers', 'cvtx'), 'show_ui' => false, 'query_var' => true, 'rewrite' => false)); // Register reader taxonomy to applications register_taxonomy('cvtx_tax_reader', 'cvtx_application', array('hierarchical' => true, 'label' => __('Readers', 'cvtx'), 'show_ui' => false, 'query_var' => true, 'rewrite' => false)); // Register taxonomy of "Überweisen an" to Anträge register_taxonomy('cvtx_tax_assign_to', array('cvtx_antrag', 'cvtx_aeantrag'), array('hierarchical' => false, 'label' => 'Überwiesen an', 'show_ui' => true, 'show_admin_column' => true, 'query_var' => true, 'rewrite' => true)); // Initialize HTML Purifier if plugin activated if (is_plugin_active('html-purified/html-purified.php')) { global $html_purifier, $cvtx_purifier, $cvtx_purifier_config; $cvtx_purifier = $html_purifier->get_purifier(); $cvtx_purifier_config = HTMLPurifier_Config::createDefault(); $cvtx_purifier_config->set('HTML.Doctype', 'XHTML 1.1'); $cvtx_purifier_config->set('HTML.Allowed', 'strong,b,em,i,h1,h2,h3,h4,ul,ol,li,br,p,del,ins,code,span[style|class],a[href],div'); $cvtx_purifier_config->set('Attr.AllowedClasses', 'color-red,color-lila,color-grau,color-green'); $cvtx_purifier_config->set('CSS.AllowedProperties', 'text-decoration'); } }
/** * 过滤数据 重组 * @param array $data * @param array $modelfield */ public function filterData($data = array(), $modelfield = array()) { $newmodelfield = $this->parseModelField($modelfield); $newdata = $data; foreach ($data as $k => $d) { if (key_exists($k, $newmodelfield)) { switch ($newmodelfield[$k]['type']) { case 'editor': //编辑器过滤XSS Vendor('Htmlpurifier.library.HTMLPurifier#auto'); $config = \HTMLPurifier_Config::createDefault(); $purifier = new \HTMLPurifier($config); $newdata[$k] = $purifier->purify(htmlspecialchars_decode($d)); break; case 'position': //推荐位 $newdata[$k] = implode(',', $d); break; case 'checkbox': $newdata[$k] = implode(',', $d); break; } } } return $newdata; }
protected function _comment($params) { $pageId = (int) $params['page']; $itemId = (int) $params['id']; $sql = "SELECT * FROM news WHERE page_id = {$pageId} AND id = {$itemId}"; $query = $this->kobros->db->query($sql); $news = array(); while ($res = $query->fetch(PDO::FETCH_OBJ)) { $news[] = $res; } if (!sizeof($news)) { throw new Exception('No news be here'); } $item = $news[0]; $now = new DateTime(); $now = $now->format('Y-m-d H:i:s'); $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $dirty_html = strip_tags($_POST['comment']); $clean_html = $purifier->purify($dirty_html); $sql = "INSERT INTO news_comments (news_id, comment, created) VALUES(?, ?, ?)"; $stmt = $this->kobros->db->prepare($sql); $stmt->execute(array($item->id, $clean_html, $now)); header("Location: {$_SERVER['HTTP_REFERER']}"); }
function smarty_modifier_xoops_html_purifier($html, $ecoding = null, $doctype = null) { require_once XOOPS_LIBRARY_PATH . '/htmlpurifier/library/HTMLPurifier.auto.php'; $encoding = $encoding ? $encoding : _CHARSET; $doctypeArr = array("HTML 4.01 Strict", "HTML 4.01 Transitional", "XHTML 1.0 Strict", "XHTML 1.0 Transitional", "XHTML 1.1"); $config = HTMLPurifier_Config::createDefault(); if (in_array($doctype, $doctypeArr)) { $config->set('HTML.Doctype', $doctype); } if ($_conv = $encoding !== 'UTF-8' && function_exists('mb_convert_encoding')) { $_substitute = mb_substitute_character(); mb_substitute_character('none'); $html = mb_convert_encoding($html, 'UTF-8', $encoding); $config->set('Core.Encoding', 'UTF-8'); } else { $config->set('Core.Encoding', $encoding); } $purifier = new HTMLPurifier($config); $html = $purifier->purify($html); if ($_conv) { $html = mb_convert_encoding($html, $encoding, 'UTF-8'); mb_substitute_character($_substitute); } return $html; }
function execute() { global $xoopsUser; // HTMLPurifier runs with PHP5 only if (version_compare(PHP_VERSION, '5.0.0') < 0) { die('Turn postcommon_post_htmlpurify4guest.php off because this filter cannot run with PHP4'); } if (is_object($xoopsUser)) { return true; } // use HTMLPurifier inside ImpressCMS if (!class_exists('icms_core_HTMLFilter')) { $this->purifier =& icms_core_HTMLFilter::getInstance(); $this->method = 'htmlpurify'; } else { // use HTMLPurifier inside Protector require_once dirname(dirname(__FILE__)) . '/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Cache', 'SerializerPath', XOOPS_TRUST_PATH . '/modules/protector/configs'); $config->set('Core', 'Encoding', _CHARSET); //$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional'); $this->purifier = new HTMLPurifier($config); $this->method = 'purify'; } $_POST = $this->purify_recursive($_POST); }
/** * constructor, this is a singleton class please don't use this but make a call like this : $var =& DBPurifier::getInstance() * @access private */ function DbPurifier() { $config = HTMLPurifier_Config::createDefault(); $config->set('Core', 'Encoding', 'UTF-8'); $config->set('Core', 'XHTML', true); parent::HTMLPurifier($config); }
public function purify($html, $options = array()) { if (empty($html)) { return ''; } require_once Config::get('HTML_PURIFIER'); require_once 'HTMLPurifier.func.php'; $html = Util\toUTF8String($html); $config = \HTMLPurifier_Config::createDefault(); $config->set('AutoFormat.AutoParagraph', false); $config->set('AutoFormat.RemoveEmpty.RemoveNbsp', true); //$config->set('AutoFormat.RemoveEmpty', true);//slows down htmls parsing //$config->set('AutoFormat.RemoveSpansWithoutAttributes', true); //medium slows down htmls parsing $config->set('HTML.ForbiddenElements', array('head')); $config->set('HTML.SafeIframe', true); $config->set('HTML.TargetBlank', true); $config->set('URI.DefaultScheme', 'https'); $config->set('Attr.EnableID', true); if (!empty($options)) { foreach ($options as $k => $v) { $config->set($k, $v); } } $purifier = new \HTMLPurifier($config); // This storage is freed on error Cache::set('memory', str_repeat('*', 1024 * 1024)); register_shutdown_function(array($this, 'onScriptShutdown')); $html = $purifier->purify($html); Cache::remove('memory'); $html = str_replace('/preview/#', '#', $html); return $html; }
/** * Base configuration of HTML Purifier for codendi. */ protected function getCodendiConfig() { $config = HTMLPurifier_Config::createDefault(); $this->setConfigAttribute($config, 'Core', 'Encoding', 'UTF-8'); $this->setConfigAttribute($config, 'Cache', 'SerializerPath', $GLOBALS['codendi_cache_dir']); return $config; }
/** * Returns HTML Purifier instance matching the configuration * * @param array $local_config Local HTML Purifier configuration * * @return \HTMLPurifier * * @access private * * @static */ private static function __instance(array $config) { $config_key = md5(json_encode($config)); if (!isset(self::$_instances[$config_key])) { /** * Grab HTML Purifier default configuration */ $hp_default_config = \HTMLPurifier_Config::createDefault(); /** * Grab HTML Purifier user configuration (global and local) */ $hp_user_config = json_decode(HTML_PURIFIER_CONFIG, true); $hp_user_config += $config; /** * Add HTML Purifier user configuration */ foreach ($hp_user_config as $key => $value) { if (is_array($value)) { call_user_func_array(array($hp_default_config, 'set'), array($key) + $value); } else { $hp_default_config->set($key, $value); } } self::$_instances[$config_key] = new \HTMLPurifier($hp_default_config); } return self::$_instances[$config_key]; }
/** * Create config. * * @return HTMLPurifier_Config */ public function getConfig() { $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.DefinitionID', 'Garp3'); $config->set('HTML.DefinitionRev', 5); $config->set('HTML.Doctype', 'HTML 4.01 Transitional'); $config->set('HTML.Trusted', true); $config->set('HTML.AllowedElements', array('a', 'abbr', 'acronym', 'b', 'blockquote', 'br', 'caption', 'cite', 'code', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'embed', 'figure', 'figcaption', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'iframe', 'img', 'ins', 'kbd', 'li', 'object', 'ol', 'p', 'param', 'pre', 's', 'small', 'span', 'strong', 'sub', 'sup', 'u', 'ul', 'var')); $config->set('AutoFormat.RemoveEmpty', true); $config->set('AutoFormat.RemoveSpansWithoutAttributes', true); $config->set('AutoFormat.RemoveEmpty.RemoveNbsp', true); $config->set('Output.TidyFormat', true); $config->set('Attr.AllowedClasses', $this->_getAllowedClasses()); $config->set('CSS.AllowedProperties', array('font-weight', 'font-style', 'float', 'vertical-align', 'width', 'height')); $config->set('CSS.MaxImgLength', null); $config->set('Cache.SerializerPath', $this->_getCachePath()); $config->set('URI.MakeAbsolute', true); $config->set('URI.Base', (string) new Garp_Util_FullUrl('/')); $config->set('Filter.Custom', array(new Garp_Service_HTMLPurifier_Filter_MyIframe(), new Garp_Service_HTMLPurifier_Filter_MyEmbed())); // add proprietary elements if ($def = $config->maybeGetRawHTMLDefinition()) { $def->addAttribute('a', 'target', 'Enum#_blank,_self'); $iframe = $def->addElement('iframe', 'Inline', 'Custom: #PCDATA', 'Common', array('src*' => 'URI', 'width*' => 'Number', 'height*' => 'Number', 'frameborder' => 'Text', 'scrolling' => 'Text', 'allowtransparency' => 'Text')); $embed = $def->addElement('embed', 'Inline', 'Custom: #PCDATA', 'Common', array('src*' => 'URI', 'type*' => 'Text', 'width*' => 'Number', 'height*' => 'Number', 'allowscriptaccess' => 'Text')); $figure = $def->addElement('figure', 'Inline', 'Flow', 'Common', array('class*' => 'Text')); $figcaption = $def->addElement('figcaption', 'Inline', 'Inline', 'Common', array()); } return $config; }
public static function Save(Affiliation $dbAffiliation, $newAffiliation, $org_name, Member $CurrentMember) { $org_name = Convert::raw2sql($org_name); // attempt to retrieve Org by the submitted name $org = Org::get()->filter('Name', $org_name)->First(); if (!$org) { // no org matched, create a new org of that name and associate it $org = new Org(); $org->Name = $org_name; $org->write(); } $config = HTMLPurifier_Config::createDefault(); // Remove any CSS or inline styles $config->set('CSS.AllowedProperties', array()); $purifier = new HTMLPurifier($config); $dbAffiliation->OrganizationID = $org->ID; $dbAffiliation->JobTitle = $newAffiliation->JobTitle; $dbAffiliation->MemberID = $CurrentMember->ID; $dbAffiliation->StartDate = $newAffiliation->StartDate; $dbAffiliation->EndDate = !empty($newAffiliation->EndDate) ? $newAffiliation->EndDate : null; $dbAffiliation->Current = $newAffiliation->Current == 1 ? true : false; if (empty($newAffiliation->EndDate)) { $dbAffiliation->Current = true; } $dbAffiliation->write(); }
/** * Returns the singleton instance of HTML Purifier. If no instance has * been created, a new instance will be created. Configuration options * for HTML Purifier can be set in `APPPATH/config/purifier.php` in the * "settings" key. * * $purifier = Security::htmlpurifier(); * * @return HTMLPurifier */ public static function htmlpurifier() { if (!Security::$htmlpurifier) { if (!class_exists('HTMLPurifier_Config', FALSE)) { if (kohana::$config->load('purifier')->get('preload')) { // Load the all of HTML Purifier right now. // This increases performance with a slight hit to memory usage. require Kohana::find_file('vendor', 'htmlpurifier/library/HTMLPurifier.includes'); } // Load the HTML Purifier auto loader require Kohana::find_file('vendor', 'htmlpurifier/library/HTMLPurifier.auto'); } // Create a new configuration object $config = HTMLPurifier_Config::createDefault(); if (!kohana::$config->load('purifier')->get('finalize')) { // Allow configuration to be modified $config->autoFinalize = FALSE; } // Use the same character set as Kohana $config->set('Core.Encoding', Kohana::$charset); if (is_array($settings = kohana::$config->load('purifier')->get('settings'))) { // Load the settings $config->loadArray($settings); } // Configure additional options $config = Security::configure($config); // Create the purifier instance Security::$htmlpurifier = new HTMLPurifier($config); } return Security::$htmlpurifier; }
function testLineNumbers() { // . . . . . . . . . . // 01234567890123 01234567890123 0123456789012345 0123456789012 012345 $html = "<b>Line 1</b>\n<i>Line 2</i>\nStill Line 2<br\n/>Now Line 4\n\n<br />"; $expect = array(0 => new HTMLPurifier_Token_Start('b'), 1 => new HTMLPurifier_Token_Text('Line 1'), 2 => new HTMLPurifier_Token_End('b'), 3 => new HTMLPurifier_Token_Text("\n"), 4 => new HTMLPurifier_Token_Start('i'), 5 => new HTMLPurifier_Token_Text('Line 2'), 6 => new HTMLPurifier_Token_End('i'), 7 => new HTMLPurifier_Token_Text("\nStill Line 2"), 8 => new HTMLPurifier_Token_Empty('br'), 9 => new HTMLPurifier_Token_Text("Now Line 4\n\n"), 10 => new HTMLPurifier_Token_Empty('br')); $context = new HTMLPurifier_Context(); $config = HTMLPurifier_Config::createDefault(); $output = $this->DirectLex->tokenizeHTML($html, $config, $context); $this->assertIdentical($output, $expect); $context = new HTMLPurifier_Context(); $config = HTMLPurifier_Config::create(array('Core.MaintainLineNumbers' => true)); $expect[0]->position(1, 0); $expect[1]->position(1, 3); $expect[2]->position(1, 9); $expect[3]->position(2, -1); $expect[4]->position(2, 0); $expect[5]->position(2, 3); $expect[6]->position(2, 9); $expect[7]->position(3, -1); $expect[8]->position(3, 12); $expect[9]->position(4, 2); $expect[10]->position(6, 0); $output = $this->DirectLex->tokenizeHTML($html, $config, $context); $this->assertIdentical($output, $expect); }
/** * Cross-site scripting (XSS) 공격을 방어하기 위해서 위험 문자열을 제거한다. * @param string $data */ function kboard_xssfilter($data) { global $kboard_xssfilter_active; if (is_array($data)) { return array_map('kboard_xssfilter', $data); } if ($kboard_xssfilter_active) { if (!$GLOBALS['KBOARD']['HTMLPurifier'] || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) { $HTMLPurifier_Config = HTMLPurifier_Config::createDefault(); $HTMLPurifier_Config->set('HTML.SafeIframe', true); $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)'); $HTMLPurifier_Config->set('HTML.TidyLevel', 'light'); $HTMLPurifier_Config->set('HTML.SafeObject', true); $HTMLPurifier_Config->set('HTML.SafeEmbed', true); $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank')); $HTMLPurifier_Config->set('Output.FlashCompat', true); $HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier'); $GLOBALS['KBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config; $GLOBALS['KBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance(); unset($HTMLPurifier_Config); } $data = $GLOBALS['KBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KBOARD']['HTMLPurifier_Config']); } return kboard_safeiframe($data); }
/** * Convert user input to HTML * Do not call this function recursively. * * @param string $text Text we want to parse * @param Title $title * @param ParserOptions $options * @param bool $linestart * @param bool $clearState * @param int $revid Number to pass in {{REVISIONID}} * @return ParserOutputInterface A ParserOutput */ public function parse($text, Title $title, ParserOptions $options, $lineStart = true, $clearState = true, $revId = null) { $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $text = $purifier->purify($text); return new ParserOutput($text); }
function execute() { // HTMLPurifier runs with PHP5 only if (version_compare(PHP_VERSION, '5.0.0') < 0) { die('Turn postcommon_post_htmlpurify4everyone.php off because this filter cannot run with PHP4'); } /* if ( file_exists( XOOPS_ROOT_PATH.'/class/icms.htmlpurifier.php' ) ) { // use HTMLPurifier inside ImpressCMS if ( ! class_exists( 'icms_HTMLPurifier' ) ) { require_once ICMS_ROOT_PATH.'/class/icms.htmlpurifier.php' ; } // $pure =& icms_HTMLPurifier::getPurifierInstance() ; // $_POST = $pure->icms_html_purifier( $_POST , 'protector' ) ; $this->purifier =& icms_HTMLPurifier::getPurifierInstance() ; $this->method = 'icms_html_purifier' ; } else { */ // use HTMLPurifier inside Protector require_once dirname(dirname(__FILE__)) . '/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Cache', 'SerializerPath', XOOPS_TRUST_PATH . '/modules/protector/configs'); $config->set('Core', 'Encoding', _CHARSET); //$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional'); $this->purifier = new HTMLPurifier($config); $this->method = 'purify'; // } $_POST = $this->purify_recursive($_POST); }
/** * Cross-site scripting (XSS) 공격을 방어하기 위해서 위험한 문자열을 제거한다. * @param string $data */ function kboard_xssfilter($data) { global $kboard_xssfilter_active; if (is_array($data)) { return array_map('kboard_xssfilter', $data); } if ($kboard_xssfilter_active) { if (!isset($GLOBALS['KBOARD']) || !isset($GLOBALS['KBOARD']['HTMLPurifier']) && !$GLOBALS['KBOARD']['HTMLPurifier'] || !isset($GLOBALS['KBOARD']['HTMLPurifier_Config']) || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) { $HTMLPurifier_Config = HTMLPurifier_Config::createDefault(); $HTMLPurifier_Config->set('URI.AllowedSchemes', array('http' => true, 'https' => true, 'mailto' => true)); $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)'); $HTMLPurifier_Config->set('HTML.SafeIframe', true); $HTMLPurifier_Config->set('HTML.SafeObject', true); $HTMLPurifier_Config->set('HTML.SafeEmbed', true); $HTMLPurifier_Config->set('HTML.TidyLevel', 'light'); $HTMLPurifier_Config->set('HTML.FlashAllowFullScreen', true); $HTMLPurifier_Config->set('HTML.AllowedElements', 'img,div,a,strong,font,span,em,br,p,u,i,b,sup,sub,small,table,thead,tbody,tfoot,tr,td,th,caption,pre,code,ul,li,ol,big,code,blockquote,center,hr,h1,h2,h3,h4,h5,h6,iframe'); $HTMLPurifier_Config->set('HTML.AllowedAttributes', 'a.href,a.target,img.src,iframe.src,iframe.frameborder,*.id,*.alt,*.style,*.class,*.title,*.width,*.height,*.border,*.colspan,*.rowspan'); $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank')); $HTMLPurifier_Config->set('Output.FlashCompat', true); $HTMLPurifier_Config->set('Core.RemoveInvalidImg', true); $HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier'); $GLOBALS['KBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config; $GLOBALS['KBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance(); unset($HTMLPurifier_Config); } $data = $GLOBALS['KBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KBOARD']['HTMLPurifier_Config']); } return $data; }
/** * Build new instance * @param type $config * @return */ public static function setInstance($config = null) { if (is_null($config)) { $config = HTMLPurifier_Config::createDefault(); } self::$_instance = new HTMLPurifier($config); }
public function saveAction() { $form = new News_Form_Article(); $formData = $this->_request->getPost(); $form->populate($formData); if (!$form->isValid($formData)) { $appSession = Zend_Registry::get('appSession'); $appSession->articleForm = $form; $this->_forward('index'); return; } $news = new News_Model_News(); if ($this->_getParam('id')) { if (!($article = $news->getRowInstance($this->_getParam('id')))) { $this->_helper->FlashMessenger->addMessage($this->view->translate('The article doesn\'t exist.')); $this->_redirect('/news'); return; } } else { $article = $news->createRow(); } require_once 'htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $cleanHtml = $purifier->purify($form->getValue('content')); $article->title = $form->getValue('title'); $article->date = $form->getValue('date'); $article->excerpt = $form->getValue('excerpt'); $article->content = $cleanHtml; $article->save(); $this->_helper->FlashMessenger->addMessage($this->view->translate('The article has been saved.')); $this->_redirect('/news'); }