| [ Index ] |
PHP Cross Reference of vtigercrm-6.1.0 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Removes all unrecognized tags from the list of tokens. 5 * 6 * This strategy iterates through all the tokens and removes unrecognized 7 * tokens. If a token is not recognized but a TagTransform is defined for 8 * that element, the element will be transformed accordingly. 9 */ 10 11 class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy 12 { 13 14 public function execute($tokens, $config, $context) { 15 $definition = $config->getHTMLDefinition(); 16 $generator = new HTMLPurifier_Generator($config, $context); 17 $result = array(); 18 19 $escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags'); 20 $remove_invalid_img = $config->get('Core', 'RemoveInvalidImg'); 21 22 // currently only used to determine if comments should be kept 23 $trusted = $config->get('HTML', 'Trusted'); 24 25 $remove_script_contents = $config->get('Core', 'RemoveScriptContents'); 26 $hidden_elements = $config->get('Core', 'HiddenElements'); 27 28 // remove script contents compatibility 29 if ($remove_script_contents === true) { 30 $hidden_elements['script'] = true; 31 } elseif ($remove_script_contents === false && isset($hidden_elements['script'])) { 32 unset($hidden_elements['script']); 33 } 34 35 $attr_validator = new HTMLPurifier_AttrValidator(); 36 37 // removes tokens until it reaches a closing tag with its value 38 $remove_until = false; 39 40 // converts comments into text tokens when this is equal to a tag name 41 $textify_comments = false; 42 43 $token = false; 44 $context->register('CurrentToken', $token); 45 46 $e = false; 47 if ($config->get('Core', 'CollectErrors')) { 48 $e =& $context->get('ErrorCollector'); 49 } 50 51 foreach($tokens as $token) { 52 if ($remove_until) { 53 if (empty($token->is_tag) || $token->name !== $remove_until) { 54 continue; 55 } 56 } 57 if (!empty( $token->is_tag )) { 58 // DEFINITION CALL 59 60 // before any processing, try to transform the element 61 if ( 62 isset($definition->info_tag_transform[$token->name]) 63 ) { 64 $original_name = $token->name; 65 // there is a transformation for this tag 66 // DEFINITION CALL 67 $token = $definition-> 68 info_tag_transform[$token->name]-> 69 transform($token, $config, $context); 70 if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name); 71 } 72 73 if (isset($definition->info[$token->name])) { 74 75 // mostly everything's good, but 76 // we need to make sure required attributes are in order 77 if ( 78 ($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) && 79 $definition->info[$token->name]->required_attr && 80 ($token->name != 'img' || $remove_invalid_img) // ensure config option still works 81 ) { 82 $attr_validator->validateToken($token, $config, $context); 83 $ok = true; 84 foreach ($definition->info[$token->name]->required_attr as $name) { 85 if (!isset($token->attr[$name])) { 86 $ok = false; 87 break; 88 } 89 } 90 if (!$ok) { 91 if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Missing required attribute', $name); 92 continue; 93 } 94 $token->armor['ValidateAttributes'] = true; 95 } 96 97 if (isset($hidden_elements[$token->name]) && $token instanceof HTMLPurifier_Token_Start) { 98 $textify_comments = $token->name; 99 } elseif ($token->name === $textify_comments && $token instanceof HTMLPurifier_Token_End) { 100 $textify_comments = false; 101 } 102 103 } elseif ($escape_invalid_tags) { 104 // invalid tag, generate HTML representation and insert in 105 if ($e) $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text'); 106 $token = new HTMLPurifier_Token_Text( 107 $generator->generateFromToken($token) 108 ); 109 } else { 110 // check if we need to destroy all of the tag's children 111 // CAN BE GENERICIZED 112 if (isset($hidden_elements[$token->name])) { 113 if ($token instanceof HTMLPurifier_Token_Start) { 114 $remove_until = $token->name; 115 } elseif ($token instanceof HTMLPurifier_Token_Empty) { 116 // do nothing: we're still looking 117 } else { 118 $remove_until = false; 119 } 120 if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed'); 121 } else { 122 if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed'); 123 } 124 continue; 125 } 126 } elseif ($token instanceof HTMLPurifier_Token_Comment) { 127 // textify comments in script tags when they are allowed 128 if ($textify_comments !== false) { 129 $data = $token->data; 130 $token = new HTMLPurifier_Token_Text($data); 131 } elseif ($trusted) { 132 // keep, but perform comment cleaning 133 if ($e) { 134 // perform check whether or not there's a trailing hyphen 135 if (substr($token->data, -1) == '-') { 136 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed'); 137 } 138 } 139 $token->data = rtrim($token->data, '-'); 140 $found_double_hyphen = false; 141 while (strpos($token->data, '--') !== false) { 142 if ($e && !$found_double_hyphen) { 143 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Hyphens in comment collapsed'); 144 } 145 $found_double_hyphen = true; // prevent double-erroring 146 $token->data = str_replace('--', '-', $token->data); 147 } 148 } else { 149 // strip comments 150 if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed'); 151 continue; 152 } 153 } elseif ($token instanceof HTMLPurifier_Token_Text) { 154 } else { 155 continue; 156 } 157 $result[] = $token; 158 } 159 if ($remove_until && $e) { 160 // we removed tokens until the end, throw error 161 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until); 162 } 163 164 $context->destroy('CurrentToken'); 165 166 return $result; 167 } 168 169 } 170 171 // vim: et sw=4 sts=4
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 28 20:08:37 2014 | Cross-referenced by PHPXref 0.7.1 |