function _filterMETA($content, $type) { $type = strtolower($this->_sanitize($type)); switch ($type) { case 'set-cookie': /* <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> */ $filter = new HTMLFilter(); $content = $filter->parse(html_entity_decode($content)); return $content; case 'link': /* <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> */ if (!$this->_filterURL($content)) { return false; } else { return $content; } case 'refresh': /* <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> */ $content_arr = explode(';', $content); $content = array(); $f_data = false; foreach ($content_arr as $cnt) { if ($f_data) { /* <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> */ $f_data = false; continue; } if (preg_match('/url\\s*=(.*)/i', $cnt, $m)) { if ($this->_checkExpress($m[1], 'data:', false)) { /* we don't know what is the data in many cases, get rid of it!!! */ $f_data = true; continue; } if (!$this->_filterURL($m[1])) { continue; } } $content[] = $cnt; } if (!count($content)) { return false; } return implode(';', $content); default: return $content; } }
/** * HTML filter * * Provides filtering of input into accepted HTML. * * @param $text * @param $format * @param $filter * @return string */ public static function html($text, $format, $filter) { $text = (string) HTMLFilter::factory($text, $format, $filter)->render(); if ($filter['settings']['html_nofollow']) { $html_dom = static::dom_load($text); $links = $html_dom->getElementsByTagName('a'); foreach ($links as $link) { $link->setAttribute('rel', 'nofollow'); //Shortens long URLs to http://www.example.com/long/url... if ($filter['settings']['url_length']) { $link->nodeValue = static::limit_chars($link->nodeValue, (int) $filter['settings']['url_length'], '....'); } } $text = static::dom_serialize($html_dom); } return trim($text); }