Singleton for enforcing just one HTML Purifier in your system
public static instance ( HTMLPurifier | HTMLPurifier_Config $prototype = null ) : HTMLPurifier | ||
$prototype | HTMLPurifier | HTMLPurifier_Config | Optional prototype HTMLPurifier instance to overload singleton with, or HTMLPurifier_Config instance to configure the generated version with. |
return | HTMLPurifier |
/** * Passes markup through HTMLPurifier making it safe to output to end user * * @param string $content * @param array|null $config * @return string */ public static function process($content, $config = null) { $configInstance = \HTMLPurifier_Config::create($config); $configInstance->autoFinalize = false; $purifier = \HTMLPurifier::instance($configInstance); $purifier->config->set('Cache.SerializerPath', \Yii::$app->getRuntimePath()); return $purifier->purify($content); }
/** * @param string $html * @param array $config * @return string */ protected function purifyHTML($html, $config) { $configInstance = \HTMLPurifier_Config::create($config); $configInstance->autoFinalize = false; $purifier = \HTMLPurifier::instance($configInstance); $purifier->config->set('Cache.SerializerPath', $this->tmpPath); return $purifier->purify($html); }
/** * Passes markup through HTMLPurifier making it safe to output to end user * * @param string $content The HTML content to purify * @param array|\Closure|null $config The config to use for HtmlPurifier. * If not specified or `null` the default config will be used. * You can use an array or an anonymous function to provide configuration options: * * - An array will be passed to the `HTMLPurifier_Config::create()` method. * - An anonymous function will be called after the config was created. * The signature should be: `function($config)` where `$config` will be an * instance of `HTMLPurifier_Config`. * * Here is a usage example of such a function: * * ~~~ * // Allow the HTML5 data attribute `data-type` on `img` elements. * $content = HtmlPurifier::process($content, function ($config) { * $config->getHTMLDefinition(true) * ->addAttribute('img', 'data-type', 'Text'); * }); * ~~~ * * @return string the purified HTML content. */ public static function process($content, $config = null) { $configInstance = \HTMLPurifier_Config::create($config instanceof \Closure ? null : $config); $configInstance->autoFinalize = false; $purifier = \HTMLPurifier::instance($configInstance); $purifier->config->set('Cache.SerializerPath', Application::$app->getRuntimePath()); if ($config instanceof \Closure) { call_user_func($config, $configInstance); } return $purifier->purify($content); }
/** * Singleton for enforcing just one HTML Purifier in your system * * @param HTMLPurifier|HTMLPurifier_Config $prototype Optional prototype * HTMLPurifier instance to overload singleton with, * or HTMLPurifier_Config instance to configure the * generated version with. * * @return HTMLPurifier * @note Backwards compatibility, see instance() */ public static function getInstance($prototype = null) { return HTMLPurifier::instance($prototype); }
/** * HTMLPurifier cross site scripting filter. This version assumes the * existence of the "Standalone Distribution" htmlpurifier library, and is set to not tidy * input. * * @param string data to clean * @return string */ protected function xss_filter_htmlpurifier($data) { /** * @todo License should go here, http://htmlpurifier.org/ */ if (!class_exists('HTMLPurifier_Config', FALSE)) { // Load HTMLPurifier require Kohana::find_file('vendor', 'htmlpurifier/HTMLPurifier.standalone', TRUE); } // Set configuration $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.TidyLevel', 'none'); // Only XSS cleaning now $cache = Kohana::config('html_purifier.cache'); if ($cache and is_string($cache)) { $config->set('Cache.SerializerPath', $cache); } // Run HTMLPurifier $data = HTMLPurifier::instance($config)->purify($data); return $data; }
<input type="hidden" id="<?php echo $genid; ?> commentsRequired" value="<?php echo config_option('file_revision_comments_required') ? '1' : '0'; ?> "/> <?php tpl_display(get_template_path('form_errors')); if ($file->isNew()) { $ckEditorContent = ''; } else { $content = $file->getFileContentWithRealUrls(); require_once LIBRARY_PATH . "/htmlpurifier/HTMLPurifier.standalone.php"; $ckEditorContent = HTMLPurifier::instance()->purify($content); } if (config_option('checkout_for_editing_online')) { ajx_on_leave("og.openLink('" . get_url('files', 'release_file', array('id' => $file->getId())) . "')"); add_page_action(lang("checkin file"), "javascript:(function(){ var form = document.getElementById('{$genid}form'); form.checkin.value = '1'; form.new_revision_document.value = 'checked'; form.rename = false; form.onsubmit(); })()", "ico-checkin"); } add_page_action(lang("save"), "javascript:(function(){ var form = document.getElementById('{$genid}form'); form.new_revision_document.value = 'checked'; form.rename = false; form.onsubmit(); })()", "save"); add_page_action(lang("save as"), "javascript:(function(){ var form = document.getElementById('{$genid}form'); form.new_revision_document.value = 'checked'; form.rename = true; form.onsubmit(); })()", "save_as"); ?> <div> <input type="hidden" id="fileContent" name="fileContent" value="" /> <input type="hidden" id="fileid" name="file[id]" value="<?php if (!$file->isNew()) { echo $file->getId(); }
/** * Used to sanitize user-inputed HTML from any XSS code. * Use this function when you want to use HTML-code inputed by users safely. * * @param string $raw_html Input HTML code * * @return string Sanitized HTML ready to be safely displayed on page. */ public static function sanitizeHtml($raw_html) { try { $cache_dir = fn_get_cache_path(false) . 'html_purifier/'; if (!is_dir($cache_dir)) { fn_mkdir($cache_dir); } $config_instance = \HTMLPurifier_Config::createDefault(); $config_instance->set('HTML.DefinitionID', PRODUCT_NAME . '_' . PRODUCT_VERSION); $config_instance->set('HTML.DefinitionRev', 1); $config_instance->set('Cache.SerializerPath', $cache_dir); $config_instance->set('Cache.SerializerPermissions', DEFAULT_DIR_PERMISSIONS); $config_instance->autoFinalize = false; /** * Allows to configure HTMLPurifier before it purifies given HTML. * * @param \HTMLPurifier_Config $config_instance Instance of HTMLPurifier_Config * @param string $raw_html HTML to be purified */ fn_set_hook('sanitize_html', $config_instance, $raw_html); /** @var \HTMLPurifier_HTMLDefinition $html_definition */ if ($html_definition = $config_instance->maybeGetRawHTMLDefinition()) { $html_definition->addAttribute('a', 'target', new \HTMLPurifier_AttrDef_Enum(array('_blank', '_self', '_target', '_top'))); } $purifier_instance = \HTMLPurifier::instance($config_instance); $html_purify = $purifier_instance->purify($raw_html); return html_entity_decode($html_purify, ENT_QUOTES, 'UTF-8'); } catch (\Exception $e) { throw new DeveloperException($e->getMessage()); } }
/** * Used to sanitize user-inputed HTML from any XSS code. * Use this function when you want to use HTML-code inputed by users safely. * * @param string $raw_html Input HTML code * * @return string Sanitized HTML ready to be safely displayed on page. */ public static function sanitizeHtml($raw_html) { try { $cache_dir = Registry::get('config.dir.cache_misc') . 'html_purifier/'; if (!is_dir($cache_dir)) { fn_mkdir($cache_dir); } $config_instance = \HTMLPurifier_Config::createDefault(); $config_instance->set('HTML.DefinitionID', PRODUCT_NAME . '_' . PRODUCT_VERSION); $config_instance->set('HTML.DefinitionRev', 1); $config_instance->set('Cache.SerializerPath', $cache_dir); $config_instance->set('Cache.SerializerPermissions', DEFAULT_DIR_PERMISSIONS); $config_instance->autoFinalize = false; if ($html_definition = $config_instance->maybeGetRawHTMLDefinition()) { $html_definition->addAttribute('a', 'target', new \HTMLPurifier_AttrDef_Enum(array('_blank', '_self', '_target', '_top'))); } $purifier_instance = \HTMLPurifier::instance($config_instance); $html_purify = $purifier_instance->purify($raw_html); return html_entity_decode($html_purify, ENT_QUOTES, 'UTF-8'); } catch (\Exception $e) { throw new DeveloperException($e->getMessage()); } }
function &getInstance($prototype = null) { return HTMLPurifier::instance($prototype); }
/** * @param array $allowedHtmlElements An array of strings representing * allowed HTML elements * @param array $allowedHtmlAttributes An array of strings representing * allowed HTML attributes * @return HTMLPurifier **/ public static function createHtmlPurifier($allowedHtmlElements = null, $allowedHtmlAttributes = null) { // Require the HTML Purfier autoloader. require_once 'htmlpurifier/HTMLPurifier.auto.php'; // Get the allowed HTML elements from the configuration file // Setting this as NULL allows a subest of TinyMCE's // valid_elements whitelist. Setting this as an empty string disallows // all HTML elements. if ($allowedHtmlElements === null) { $allowedHtmlElements = explode(',', get_option('html_purifier_allowed_html_elements')); } // Get the allowed HTML attributes from the configuration file if ($allowedHtmlAttributes === null) { $allowedHtmlAttributes = explode(',', get_option('html_purifier_allowed_html_attributes')); } // Filter the allowed html attributes of any attributes that are // missing elements. // For example, if there is no 'a' element then filter out the // attribute 'a.href' and any other attribute associated with the 'a' // element $allowedHtmlAttributes = self::filterAttributesWithMissingElements($allowedHtmlAttributes, $allowedHtmlElements); $purifierConfig = HTMLPurifier_Config::createDefault(); foreach (self::$_purifierConfig as $key => $value) { $purifierConfig->set($key, $value); } $purifierConfig->set('HTML.AllowedElements', $allowedHtmlElements); $purifierConfig->set('HTML.AllowedAttributes', $allowedHtmlAttributes); $purifier = HTMLPurifier::instance($purifierConfig); return $purifier; }
public static function purify($html) { return HTMLPurifier::instance()->purify($html); }
public function purify($html) { $purifier = HTMLPurifier::instance(); $purifying = $purifier->purify($html); //AutoFormat.AutoParagraph doesn't provide <br /> $purified = nl2br($purifying); return $purified; }
/** * Marks up a string with paragraphs and automatically links any urls. * * This function marks up the output with paragraph tags and auto-links any URLs that are found. * The resulting output is suitable for display in any web-browser, but must have * paragraph and extra html tags removed before it's ready for editing. * * Content is XSS cleaned and stripped of all but a few tags (specified by implementation.) * * @param string $string The HTML string to format * @param string $allowedTags (optional) A comma-separated list of allowed tags. * * @return string A nicely-formatted version of the input text, with automatic paragraphs and urls in place * * @see unAutoParagraph() */ public function autoParagraph($string, $allowedTags = null, $linkUrls = true) { if (is_null($allowedTags)) { $allowedTags = $this->defaultAllowedTags; } if (is_null($this->purifier)) { require_once PATH_SYSTEM . '/vendors/HTMLPurifier.php'; $this->purifier = HTMLPurifier::instance(); FileSystemUtils::recursiveMkdir($this->vendorCacheDirectory . '/purifier/'); } if ($this->injectors == null && $linkUrls) { $this->injectors = array(new CF_HTMLPurifier_Injector_Linkify()); } $purifierConfig = array('Core.Encoding' => $this->charset, 'AutoFormat.AutoParagraph' => true, 'HTML.TidyLevel' => 'none', 'HTML.Allowed' => $allowedTags, 'Cache.SerializerPath' => $this->vendorCacheDirectory); if (!is_null($this->injectors)) { $purifierConfig['AutoFormat.Custom'] = $this->injectors; } $string = $this->purifier->purify($string, $purifierConfig); $string = str_replace("\n\n", '[DBLBR]', $string); $string = str_replace("\n", '<br/>', $string); $string = str_replace('[DBLBR]', "\n\n", $string); // trim links $string = preg_replace_callback("/\\<a\\s+href\\=\"(" . URLUtils::URL_MATCH . ")\"\\>\\1<\\/a\\>/Uix", array($this, 'trimCallback'), $string); // trim all words longer than 60 chars that aren't URLs, ignoring tags if (preg_match_all("/\\S60/", strip_tags(preg_replace('/(\\<(\\/?[^\\>]+)\\>)/', ' $1', $string)), $m)) { foreach ($m[0] as $n) { if (!preg_match("/" . URLUtils::URL_MATCH . "/", $n)) { $string = str_replace($n, trim(substr($n, 0, 60 - 3), '.') . '...', $string); } } } return $string; }
public function AddComment($comment_title, $comment_content, $comment_parent = null, $comment_author = null) { // check to see if author exists if ($comment_author == null) { $comment_author = User::GetCurrent(); } if ($comment_author == null) { return false; } // HTMLPurify the parameters $comment_title = HTMLPurifier::instance()->purify($comment_title); $comment_content = HTMLPurifier::instance()->purify($comment_content); global $MySQL; $query = "INSERT INTO " . System::$Configuration["Database.TablePrefix"] . "journal_entry_comments (journal_entry_id, author_id, comment_parent_id, comment_title, comment_content, comment_timestamp_created) VALUES (" . $this->ID . ", " . $comment_author->ID . ", " . ($comment_parent == null ? "NULL" : $comment_parent->ID) . ", " . "'" . $MySQL->real_escape_string($comment_title) . "', " . "'" . $MySQL->real_escape_string($comment_content) . "', " . "NOW()" . ")"; $result = $MySQL->query($query); $success = $MySQL->errno == 0; if ($success) { // notify the user that we commented on their journal Notification::Create($this->Journal->Creator, "I commented on <a href=\"" . $this->Journal->GetURL() . "/entries/" . $this->Name . "\">" . $this->Title . "</a>!", "\"" . $comment_content . "\"", User::GetCurrent()); } return $success; }
public static function Create($sender, $receiver, $content) { $content = HTMLPurifier::instance()->purify($content); $query = "INSERT INTO phpmmo_shoutout_messages (message_sender_id, message_receiver_id, message_content, message_timestamp) VALUES (" . $sender->ID . ", " . $receiver->ID . ", " . "'" . mysql_real_escape_string($content) . "', " . "NOW()" . ");"; $result = mysql_query($query); $success = mysql_errno() == 0; if ($success) { // notify the user that we sent them a shoutout Notification::Create($receiver, "I wrote you a Shoutout message!", "\"" . $content . "\"", $sender); } return $success; }
public function AddComment($title, $content, $author = null, $reply_comment_id = null) { if ($author == null) { $author = User::GetCurrent(); } $title = HTMLPurifier::instance()->purify($title); $content = HTMLPurifier::instance()->purify($content); global $MySQL; $query = "INSERT INTO " . System::$Configuration["Database.TablePrefix"] . "GroupTopicComments (grouptopiccomment_TopicID, grouptopiccomment_CreationUserID, grouptopiccomment_Title, grouptopiccomment_Content, grouptopiccomment_ReplyCommentID, grouptopiccomment_CreationTimestamp) VALUES (" . $topic->ID . ", " . $author->ID . ", " . "'" . $MySQL->real_escape_string($title) . "', " . "'" . $MySQL->real_escape_string($content) . "', " . ($reply_to == null ? "NULL" : $reply_comment_id) . ", " . "NOW()" . ");"; $result = $MySQL->query($query); return $MySQL->errno == 0; }