public function testSpecialChars() { $inputOne = 'a+b-c'; $expectedOne = 'a+b-c'; $inputTwo = '+49-52 <br />'; $expectedTwo = '+49-52 <br />'; $safe = new HTML_Safe(); $this->assertSame($expectedOne, $safe->parse($inputOne)); $this->assertSame($expectedTwo, $safe->parse($inputTwo)); }
/** * Parses the text * * @access public * @param string $string String to parse * @param bool $strict How strict we can be. True will be very strict (default), false * will allow some attributes (id) and tags (object, applet, embed) * @return string The safe string */ static function parse($string, $strict = null) { static $safe_xss; static $xss_parsing_level; if (!isset($safe_xss)) { $xss_parsing_level = $GLOBALS['app']->Registry->fetch('xss_parsing_level', 'Policy'); //Create safe html object require_once PEAR_PATH . 'HTML/Safe.php'; $safe_xss = new HTML_Safe(); } if (is_null($strict)) { $strict = $xss_parsing_level == "paranoid"; } $string = $safe_xss->parse($string, $strict); $safe_xss->clear(); return $string; }
function wash($content) { $content = preg_replace('|<b></b>|', '', $content); $content = preg_replace('/\\s*\\n\\s*/', "\n", $content); $content = preg_replace('/\\b(\\w+=")\\n\\s*/', '$1', $content); $content = preg_replace('/\\s*\\n\\s*/', "\n", $content); $content = preg_replace('/\\s*\\n\\s*>/', '>', $content); $parser = new HTML_Safe(); $parser->attributes = array(); $parser->deleteTags[] = 'noscript'; $parser->deleteTagsContent[] = 'noscript'; $result = $parser->parse($content); $result = $parser->getXHTML(); $content = '<html><body>' . $result . '</body></html>'; // remove reblog lineages. $content = preg_replace('/<p><a href=".+?">\\w+<\\/a>:<\\/p>/', '', $content); $content = $this->removeEntities($content); return $content; }
/** * @deprecated HTML Safe is not good enough (blacklist instead of whitelist based). */ function get_safer_html_html_safe($string) { require_once 'HTML/Safe.php'; $parser = new HTML_Safe(); $parser->attributes = array('dynsrc'); return $parser->parse($string); }
function safe_html_string($string) { $htmlSafe = new HTML_Safe(); array_push($htmlSafe->whiteProtocols, 'cid'); return $htmlSafe->parse($string); }
function safe_html_string($string) { $htmlSafe = new HTML_Safe(); return $htmlSafe->parse($string); }
protected static function sanitizeHtml($html) { static $parser; if (!isset($parser)) { $parser = new HTML_Safe(); $parser->deleteTags[] = 'form'; } return $parser->parse($html); }
/** * returns the HTML text part of a multi-part message * * @param int msgNo the relative message number for the monitored mailbox * @param string $type the type of text processed, either 'PLAIN' or 'HTML' * @return string UTF-8 encoded version of the requested message text */ function getMessageText($msgNo, $type, $structure, $fullHeader) { $msgPart = ''; $bc = $this->buildBreadCrumbs($structure->parts, $type); if (!empty($bc)) { // multi-part $msgPartRaw = imap_fetchbody($this->conn, $msgNo, $bc); $enc = $this->getEncodingFromBreadCrumb($bc, $structure->parts); $charset = $this->getCharsetFromBreadCrumb($bc, $structure->parts); $msgPart = $this->handleTranserEncoding($msgPartRaw, $enc); $msgPart = $this->handleCharsetTranslation($msgPart, $charset); /* _pp('bc: '.$bc); _pp("enc: ".$enc); _pp("charset: ".$charset); _pp("msgPart: ".$msgPart); _pp('xfer-encoding: '.$this->transfer_encoding); _ppd($structure->parts); */ //return $msgPart; } else { // either PLAIN message type (flowed) or b0rk3d RFC // make sure we're working on valid data here. if ($structure->subtype != $type) { return ''; } $decodedHeader = $this->decodeHeader($fullHeader); //_pp($fullHeader); //_ppd($decodedHeader); // now get actual body contents $text = imap_body($this->conn, $msgNo); // handle transfer encoding (usually mb-char for text portions) if (isset($decodedHeader['Content-Transfer-Encoding'])) { $flip = array_flip($this->transferEncoding); $text = $this->handleTranserEncoding($text, $flip[strtoupper($decodedHeader['Content-Transfer-Encoding'])]); } $msgPart = $text; if (isset($decodedHeader['Content-Type']['charset']) && !empty($decodedHeader['Content-Type']['charset'])) { $msgPart = $this->handleCharsetTranslation($text, $decodedHeader['Content-Type']['charset']); } //return $msgPart; } // end else clause /* cn: bug 9176 - htmlEntitites hide XSS attacks. * decode to pass refreshed HTML to HTML_Safe */ $msgPart = from_html($msgPart); require_once 'include/Pear/HTML_Safe/Safe.php'; $safe = new HTML_Safe(); return $safe->parse($msgPart); }