aboutsummaryrefslogtreecommitdiffstats
path: root/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php')
-rw-r--r--lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php77
1 files changed, 77 insertions, 0 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
new file mode 100644
index 000000000..c2b684671
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
@@ -0,0 +1,77 @@
+<?php
+
+/**
+ * Validates a URI as defined by RFC 3986.
+ * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
+ */
+class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
+{
+
+ protected $parser;
+ protected $embedsResource;
+
+ /**
+ * @param $embeds_resource_resource Does the URI here result in an extra HTTP request?
+ */
+ public function __construct($embeds_resource = false) {
+ $this->parser = new HTMLPurifier_URIParser();
+ $this->embedsResource = (bool) $embeds_resource;
+ }
+
+ public function make($string) {
+ $embeds = ($string === 'embedded');
+ return new HTMLPurifier_AttrDef_URI($embeds);
+ }
+
+ public function validate($uri, $config, $context) {
+
+ if ($config->get('URI.Disable')) return false;
+
+ $uri = $this->parseCDATA($uri);
+
+ // parse the URI
+ $uri = $this->parser->parse($uri);
+ if ($uri === false) return false;
+
+ // add embedded flag to context for validators
+ $context->register('EmbeddedURI', $this->embedsResource);
+
+ $ok = false;
+ do {
+
+ // generic validation
+ $result = $uri->validate($config, $context);
+ if (!$result) break;
+
+ // chained filtering
+ $uri_def = $config->getDefinition('URI');
+ $result = $uri_def->filter($uri, $config, $context);
+ if (!$result) break;
+
+ // scheme-specific validation
+ $scheme_obj = $uri->getSchemeObj($config, $context);
+ if (!$scheme_obj) break;
+ if ($this->embedsResource && !$scheme_obj->browsable) break;
+ $result = $scheme_obj->validate($uri, $config, $context);
+ if (!$result) break;
+
+ // Post chained filtering
+ $result = $uri_def->postFilter($uri, $config, $context);
+ if (!$result) break;
+
+ // survived gauntlet
+ $ok = true;
+
+ } while (false);
+
+ $context->destroy('EmbeddedURI');
+ if (!$ok) return false;
+
+ // back to string
+ return $uri->toString();
+
+ }
+
+}
+
+// vim: et sw=4 sts=4