/** * Convert the token * * @param \Zend\Markup\Token $token * @param string $text * * @return string */ public function __invoke(Token $token, $text) { $uri = $text; if (!preg_match('/^([a-z][a-z+\\-.]*):/i', $uri)) { $uri = 'http://' . $uri; } // check if the URL is valid // TODO: use \Zend\Uri for this if (!\Zend\Markup\Renderer\Html::isValidUri($uri)) { return $text; } if ($token->hasAttribute('alt')) { $alt = $token->getAttribute('alt'); } else { // try to get the alternative from the URL $alt = rtrim($text, '/'); $alt = strrchr($alt, '/'); if (false !== strpos($alt, '.')) { $alt = substr($alt, 1, strpos($alt, '.') - 1); } } // run the URI and alt through htmlentities $uri = htmlentities($uri, ENT_QUOTES, $this->getEncoding()); $alt = htmlentities($alt, ENT_QUOTES, $this->getEncoding()); return "<img src=\"{$uri}\" alt=\"{$alt}\"" . $this->renderAttributes($token) . " />"; }
/** * Convert the token * * @param \Zend\Markup\Token $token * @param string $text * * @return string */ public function __invoke(Token $token, $text) { if ($token->hasAttribute('url')) { $uri = $token->getAttribute('url'); } else { $uri = $text; } if (!preg_match('/^([a-z][a-z+\\-.]*):/i', $uri)) { $uri = 'http://' . $uri; } // check if the URL is valid // TODO: use the new Zend\Uri for this if (!\Zend\Markup\Renderer\Html::isValidUri($uri)) { return $text; } $attributes = $this->renderAttributes($token); // run the URI through htmlentities $uri = htmlentities($uri, ENT_QUOTES, $this->getEncoding()); return "<a href=\"{$uri}\"{$attributes}>{$text}</a>"; }
public function testValidUri() { $this->assertTrue(HTMLRenderer::isValidUri("http://www.example.com")); $this->assertTrue(!HTMLRenderer::isValidUri("www.example.com")); $this->assertTrue(!HTMLRenderer::isValidUri("http:///test")); $this->assertTrue(HTMLRenderer::isValidUri("https://www.example.com")); $this->assertTrue(HTMLRenderer::isValidUri("magnet:?xt=urn:bitprint:XZBS763P4HBFYVEMU5OXQ44XK32OMLIN.HGX3CO3BVF5AG2G34MVO3OHQLRSUF4VJXQNLQ7A &xt=urn:ed2khash:aa52fb210465bddd679d6853b491ccce&")); $this->assertTrue(!HTMLRenderer::isValidUri("javascript:alert(1)")); }