diff options
author | zotlabs <mike@macgirvin.com> | 2017-03-27 14:11:25 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-03-27 14:11:25 -0700 |
commit | 8292553a2087a412e0b10f5593d461d371169adb (patch) | |
tree | 2648714d80a19154ec19defa92aaa3229cae23c6 /vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php | |
parent | 5cbf60320355845e2abdec0422055d3fe321e84e (diff) | |
parent | 6375401e0af6c52d151dd2b944aa6a054b8ddc05 (diff) | |
download | volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.tar.gz volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.tar.bz2 volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.zip |
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_merge
Diffstat (limited to 'vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php')
-rw-r--r-- | vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php new file mode 100644 index 000000000..f609c47a3 --- /dev/null +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php @@ -0,0 +1,68 @@ +<?php + +/** + * Implements safety checks for safe iframes. + * + * @warning This filter is *critical* for ensuring that %HTML.SafeIframe + * works safely. + */ +class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter +{ + /** + * @type string + */ + public $name = 'SafeIframe'; + + /** + * @type bool + */ + public $always_load = true; + + /** + * @type string + */ + protected $regexp = null; + + // XXX: The not so good bit about how this is all set up now is we + // can't check HTML.SafeIframe in the 'prepare' step: we have to + // defer till the actual filtering. + /** + * @param HTMLPurifier_Config $config + * @return bool + */ + public function prepare($config) + { + $this->regexp = $config->get('URI.SafeIframeRegexp'); + return true; + } + + /** + * @param HTMLPurifier_URI $uri + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return bool + */ + public function filter(&$uri, $config, $context) + { + // check if filter not applicable + if (!$config->get('HTML.SafeIframe')) { + return true; + } + // check if the filter should actually trigger + if (!$context->get('EmbeddedURI', true)) { + return true; + } + $token = $context->get('CurrentToken', true); + if (!($token && $token->name == 'iframe')) { + return true; + } + // check if we actually have some whitelists enabled + if ($this->regexp === null) { + return false; + } + // actually check the whitelists + return preg_match($this->regexp, $uri->toString()); + } +} + +// vim: et sw=4 sts=4 |