Esempio n. 1
0
<?php

require_once dirname(__FILE__) . "/../vendor/autoload.php";
use Inspekt\Cage;
$inputarray['html'] = array('xss' => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', 'bad_nesting' => '<p>This is a malformed fragment of <em>HTML</p></em>', 'arstechnica' => file_get_contents('./htmlpurifier_example_ars.html'), 'google' => file_get_contents('./htmlpurifier_example_google.html'), 'imorecords' => file_get_contents('./htmlpurifier_example_imorecords.html'), 'soup' => file_get_contents('./htmlpurifier_example_soup.html'));
var_dump($inputarray);
/*
 * build our cage
 */
$cage = Cage::Factory($inputarray);
/*
 * set options to disable caching. This will slow down HTMLPurifer, but for the
 * sake of this example, we'll turn it off. You should set the cache path with
 * 'Cache.SerializerPath' in a production situation to a server-writable folder
 */
$opts['Cache.DefinitionImpl'] = null;
/**
 * HTMLPurifier loading should be handled by your composer autoloader
 */
$cage->loadHTMLPurifier($opts);
$cleanHTML = $cage->getPurifiedHTML('html');
echo "<hr>";
echo "<h2>xss</h2>";
var_dump($cleanHTML['xss']);
echo "<h2>bad_nesting</h2>";
var_dump($cleanHTML['bad_nesting']);
echo "<h2>arstechnica</h2>";
echo "<pre>";
echo htmlspecialchars($cleanHTML['arstechnica'], ENT_QUOTES);
echo "</pre>";
echo "<h2>google</h2>";
Esempio n. 2
0
 /**
  */
 public function testGetPurifiedHTML()
 {
     $inputarray['html'] = array('xss' => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', 'bad_nesting' => '<p>This is a malformed fragment of <em>HTML</p></em>');
     $cage = Cage::Factory($inputarray);
     $cage->loadHTMLPurifier();
     $this->assertSame("\"&gt;", $cage->getPurifiedHTML('html/xss'));
     $this->assertSame("<p>This is a malformed fragment of <em>HTML</em></p>", $cage->getPurifiedHTML('html/bad_nesting'));
 }
Esempio n. 3
0
    protected function inspekt($val)
    {
        return preg_replace("/\\s+/", '', $val);
    }
}
$superCage = Inspekt::makeSuperCage();
$superCage->addAccessor('testUsername');
$superCage->addAccessor('noWhitespace');
$rs = $superCage->server->testUsername('QUERY_STRING');
var_dump($superCage->server->getRaw('QUERY_STRING'));
var_dump($rs);
$rs = $superCage->server->noWhitespace('HTTP_USER_AGENT');
var_dump($superCage->server->getRaw('HTTP_USER_AGENT'));
var_dump($rs);
/**
 * Now let's take an arbitrary cage
 */
$d = array();
$d['input'] = '<img id="475">yes</img>';
$d['lowascii'] = '    ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array('booyah' => 'meet at the bar at 7:30 pm', 'ultimate' => '<strong>hi there!</strong>');
$dc = Cage::Factory($d);
/**
 * Sad that we have to re-add, but it's done on a cage-by-cage basis
 */
$dc->addAccessor('testUsername');
$dc->addAccessor('noWhitespace');
var_dump($dc->getRaw('x'));
$rs = $dc->noWhitespace('x');
var_dump($rs);
Esempio n. 4
0
$d['lowascii'] = '    ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array('booyah' => 'meet at the bar at 7:30 pm', 'ultimate' => '<strong>hi there!</strong>');
$d['lemon'][][][][][][][][][][][][][][] = 'far';
?>
<h2>A crazy, crazy array ($d)</h2>
<?php 
echo "<pre>";
var_dump($d);
echo "</pre>\n";
?>


<h2>Create a cage for the array</h2>
<?php 
$d_cage = Cage::Factory($d);
?>


<h2>$d_cage->getAlpha('/x/woot/ultimate')</h2>
<?php 
echo "<pre>";
var_dump($d_cage->getAlpha('/x/woot/ultimate'));
echo "</pre>\n";
?>


<h2>$d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0')</h2>
<?php 
echo "<pre>";
var_dump($d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0'));