/** * Purify it. Create an instance of HTMLPurifier if it does not exists. * * @param $text string the dirty HTML. * @returns string as the clean HTML. */ public static function Purify($text) { if (!self::$instance) { require_once __DIR__ . '/htmlpurifier-4.4.0-standalone/HTMLPurifier.standalone.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); self::$instance = new HTMLPurifier($config); } return self::$instance->purify($text); }
/** * Filter content according to a filter. * * @param $data string of text to filter and format according its filter settings. * @returns string with the filtered data. */ public static function Filter($data, $filter) { switch ($filter) { /*case 'php': $data = nl2br(makeClickable(eval('?>'.$data))); break; case 'html': $data = nl2br(makeClickable($data)); break;*/ case 'htmlpurify': $data = nl2br(HTMLPurifierWrapper::Purify($data)); break; case 'bbcode': $data = nl2br(bbcode2html(htmlEnt($data))); break; case 'plain': default: $data = nl2br(makeClickable(htmlEnt($data))); break; } return $data; }
/** * Validate HTML. * * @param string $html * The source HTML. * @param string $allowed_tags * The allowed HTML tags. * @param string $allowed_css * The allowed css elements. * @param boolean $trusted * Whether this is from a trusted source like an admin user. * @param boolean $full_page * Whether to allow all HTML. * TODO: This currently skips all validation and returns the input. * * @return string * The sanitized HTML. */ public static function html($html, $allowed_tags = '', $allowed_css = '', $trusted = false, $full_page = false) { $purifier = HTMLPurifierWrapper::getInstance(); $config = HTMLPurifierConfig::createDefault(); if ($full_page) { return $html; } elseif ($trusted) { $config->set('CSS.Trusted', true); $config->set('HTML.Trusted', true); $config->set('Attr.EnableID', true); $allowed_tags = self::SCRUB_BASIC_HTML . ',' . self::SCRUB_ADVANCED_HTML; } else { $config->set('CSS.Trusted', false); $config->set('HTML.Trusted', false); $config->set('Attr.EnableID', false); if (!empty($allowed_tags) && $allowed_tags == '.') { $allowed_tags = self::SCRUB_BASIC_HTML . ',' . substr($allowed_tags, 1); } else { $allowed_tags = self::SCRUB_BASIC_HTML; } } if (empty($allowed_css) || $allowed_css[0] == '.') { $allowed_css = self::SCRUB_BASIC_CSS . ',' . substr($allowed_css, 1); } elseif ($allowed_css == '') { $allowed_css = self::SCRUB_BASIC_CSS; } $config->set('HTML.Allowed', $allowed_tags); $config->set('CSS.AllowedProperties', $allowed_css); $config->set('Core.EscapeNonASCIICharacters', true); return $purifier->purify($html, $config); }