diff options
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php')
-rw-r--r-- | lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php b/lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php new file mode 100644 index 000000000..55fde3bf4 --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php @@ -0,0 +1,25 @@ +<?php + +// It's not clear to me whether or not Punycode means that hostnames +// do not have canonical forms anymore. As far as I can tell, it's +// not a problem (punycoding should be identity when no Unicode +// points are involved), but I'm not 100% sure +class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter +{ + public $name = 'HostBlacklist'; + protected $blacklist = array(); + public function prepare($config) { + $this->blacklist = $config->get('URI.HostBlacklist'); + return true; + } + public function filter(&$uri, $config, $context) { + foreach($this->blacklist as $blacklisted_host_fragment) { + if (strpos($uri->host, $blacklisted_host_fragment) !== false) { + return false; + } + } + return true; + } +} + +// vim: et sw=4 sts=4 |