<?php
require_once dirname(__FILE__) . "/../vendor/autoload.php";
use Inspekt\Cage;
$inputarray['html'] = array('xss' => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', 'bad_nesting' => '<p>This is a malformed fragment of <em>HTML</p></em>', 'arstechnica' => file_get_contents('./htmlpurifier_example_ars.html'), 'google' => file_get_contents('./htmlpurifier_example_google.html'), 'imorecords' => file_get_contents('./htmlpurifier_example_imorecords.html'), 'soup' => file_get_contents('./htmlpurifier_example_soup.html'));
var_dump($inputarray);
/*
* build our cage
*/
$cage = Cage::Factory($inputarray);
/*
* set options to disable caching. This will slow down HTMLPurifer, but for the
* sake of this example, we'll turn it off. You should set the cache path with
* 'Cache.SerializerPath' in a production situation to a server-writable folder
*/
$opts['Cache.DefinitionImpl'] = null;
/**
* HTMLPurifier loading should be handled by your composer autoloader
*/
$cage->loadHTMLPurifier($opts);
$cleanHTML = $cage->getPurifiedHTML('html');
echo "<hr>";
echo "<h2>xss</h2>";
var_dump($cleanHTML['xss']);
echo "<h2>bad_nesting</h2>";
var_dump($cleanHTML['bad_nesting']);
echo "<h2>arstechnica</h2>";
echo "<pre>";
echo htmlspecialchars($cleanHTML['arstechnica'], ENT_QUOTES);
echo "</pre>";
echo "<h2>google</h2>";
/**
*/
public function testGetPurifiedHTML()
{
$inputarray['html'] = array('xss' => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', 'bad_nesting' => '<p>This is a malformed fragment of <em>HTML</p></em>');
$cage = Cage::Factory($inputarray);
$cage->loadHTMLPurifier();
$this->assertSame("\">", $cage->getPurifiedHTML('html/xss'));
$this->assertSame("<p>This is a malformed fragment of <em>HTML</em></p>", $cage->getPurifiedHTML('html/bad_nesting'));
}
protected function inspekt($val)
{
return preg_replace("/\\s+/", '', $val);
}
}
$superCage = Inspekt::makeSuperCage();
$superCage->addAccessor('testUsername');
$superCage->addAccessor('noWhitespace');
$rs = $superCage->server->testUsername('QUERY_STRING');
var_dump($superCage->server->getRaw('QUERY_STRING'));
var_dump($rs);
$rs = $superCage->server->noWhitespace('HTTP_USER_AGENT');
var_dump($superCage->server->getRaw('HTTP_USER_AGENT'));
var_dump($rs);
/**
* Now let's take an arbitrary cage
*/
$d = array();
$d['input'] = '<img id="475">yes</img>';
$d['lowascii'] = ' ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array('booyah' => 'meet at the bar at 7:30 pm', 'ultimate' => '<strong>hi there!</strong>');
$dc = Cage::Factory($d);
/**
* Sad that we have to re-add, but it's done on a cage-by-cage basis
*/
$dc->addAccessor('testUsername');
$dc->addAccessor('noWhitespace');
var_dump($dc->getRaw('x'));
$rs = $dc->noWhitespace('x');
var_dump($rs);
$d['lowascii'] = ' ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array('booyah' => 'meet at the bar at 7:30 pm', 'ultimate' => '<strong>hi there!</strong>');
$d['lemon'][][][][][][][][][][][][][][] = 'far';
?>
<h2>A crazy, crazy array ($d)</h2>
<?php
echo "<pre>";
var_dump($d);
echo "</pre>\n";
?>
<h2>Create a cage for the array</h2>
<?php
$d_cage = Cage::Factory($d);
?>
<h2>$d_cage->getAlpha('/x/woot/ultimate')</h2>
<?php
echo "<pre>";
var_dump($d_cage->getAlpha('/x/woot/ultimate'));
echo "</pre>\n";
?>
<h2>$d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0')</h2>
<?php
echo "<pre>";
var_dump($d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0'));