public function create() { access::verify_csrf(); $form = $this->_get_theme_form(); if ($form->validate()) { $session = Session::instance(); $extract_path = $session->get_once("theme_extract_path"); $v = new View("admin_themeroller_progress.html"); $task_def = Task_Definition::factory()->callback("themeroller_task::create_theme")->description(t("Generate theme from a themeroller archive"))->name(t("Generate theme")); $v->task = task::create($task_def, array("path" => $extract_path, "user_name" => SafeString::purify(identity::active_user()->name), "original_name" => SafeString::purify($form->theme->original->value), "theme_name" => SafeString::purify($form->theme->theme_name->value), "display_name" => SafeString::purify($form->theme->display_name->value), "description" => SafeString::purify($form->theme->description->value), "author_url" => SafeString::purify($form->theme->author_url->value), "info_url" => SafeString::purify($form->theme->info_url->value), "discuss_url" => SafeString::purify($form->theme->discuss_url->value), "is_admin" => $session->get("themeroller_is_admin"))); json::reply(array("html" => (string) $v)); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
/** * Returns a string that is safe to be used in HTML (XSS protection), * purifying (filtering) the given HTML to ensure that the result contains * only non-malicious HTML. * * Example:<pre> * <div><?= html::purify($item->title) ?> * </pre> */ static function purify($html) { return SafeString::purify($html); }
public function purify_safe_html_test() { $safe_string = SafeString::of_safe_html("hello <p >world</p>"); $actual = SafeString::purify($safe_string); $this->assert_equal("hello <p >world</p>", $actual); }