aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/AttrTransform
diff options
context:
space:
mode:
Diffstat (limited to 'library/HTMLPurifier/AttrTransform')
-rw-r--r--library/HTMLPurifier/AttrTransform/Background.php21
-rw-r--r--library/HTMLPurifier/AttrTransform/BdoDir.php14
-rw-r--r--library/HTMLPurifier/AttrTransform/BgColor.php21
-rw-r--r--library/HTMLPurifier/AttrTransform/BoolToCSS.php33
-rw-r--r--library/HTMLPurifier/AttrTransform/Border.php18
-rw-r--r--library/HTMLPurifier/AttrTransform/EnumToCSS.php46
-rw-r--r--library/HTMLPurifier/AttrTransform/ImgRequired.php19
-rw-r--r--library/HTMLPurifier/AttrTransform/ImgSpace.php39
-rw-r--r--library/HTMLPurifier/AttrTransform/Input.php34
-rw-r--r--library/HTMLPurifier/AttrTransform/Lang.php15
-rw-r--r--library/HTMLPurifier/AttrTransform/Length.php28
-rw-r--r--library/HTMLPurifier/AttrTransform/Name.php22
-rw-r--r--library/HTMLPurifier/AttrTransform/NameSync.php28
-rw-r--r--library/HTMLPurifier/AttrTransform/Nofollow.php52
-rw-r--r--library/HTMLPurifier/AttrTransform/SafeEmbed.php12
-rw-r--r--library/HTMLPurifier/AttrTransform/SafeObject.php16
-rw-r--r--library/HTMLPurifier/AttrTransform/SafeParam.php29
-rw-r--r--library/HTMLPurifier/AttrTransform/ScriptRequired.php9
-rw-r--r--library/HTMLPurifier/AttrTransform/TargetBlank.php45
-rw-r--r--library/HTMLPurifier/AttrTransform/Textarea.php19
20 files changed, 405 insertions, 115 deletions
diff --git a/library/HTMLPurifier/AttrTransform/Background.php b/library/HTMLPurifier/AttrTransform/Background.php
index 0e1ff24a3..2f72869a5 100644
--- a/library/HTMLPurifier/AttrTransform/Background.php
+++ b/library/HTMLPurifier/AttrTransform/Background.php
@@ -3,21 +3,26 @@
/**
* Pre-transform that changes proprietary background attribute to CSS.
*/
-class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform {
-
- public function transform($attr, $config, $context) {
-
- if (!isset($attr['background'])) return $attr;
+class HTMLPurifier_AttrTransform_Background extends HTMLPurifier_AttrTransform
+{
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['background'])) {
+ return $attr;
+ }
$background = $this->confiscateAttr($attr, 'background');
// some validation should happen here
$this->prependCSS($attr, "background-image:url($background);");
-
return $attr;
-
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/BdoDir.php b/library/HTMLPurifier/AttrTransform/BdoDir.php
index 4d1a05665..d66c04a5b 100644
--- a/library/HTMLPurifier/AttrTransform/BdoDir.php
+++ b/library/HTMLPurifier/AttrTransform/BdoDir.php
@@ -8,12 +8,20 @@
class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
{
- public function transform($attr, $config, $context) {
- if (isset($attr['dir'])) return $attr;
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (isset($attr['dir'])) {
+ return $attr;
+ }
$attr['dir'] = $config->get('Attr.DefaultTextDir');
return $attr;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/BgColor.php b/library/HTMLPurifier/AttrTransform/BgColor.php
index ad3916bb9..0f51fd2ce 100644
--- a/library/HTMLPurifier/AttrTransform/BgColor.php
+++ b/library/HTMLPurifier/AttrTransform/BgColor.php
@@ -3,21 +3,26 @@
/**
* Pre-transform that changes deprecated bgcolor attribute to CSS.
*/
-class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform {
-
- public function transform($attr, $config, $context) {
-
- if (!isset($attr['bgcolor'])) return $attr;
+class HTMLPurifier_AttrTransform_BgColor extends HTMLPurifier_AttrTransform
+{
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['bgcolor'])) {
+ return $attr;
+ }
$bgcolor = $this->confiscateAttr($attr, 'bgcolor');
// some validation should happen here
$this->prependCSS($attr, "background-color:$bgcolor;");
-
return $attr;
-
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/BoolToCSS.php b/library/HTMLPurifier/AttrTransform/BoolToCSS.php
index 51159b671..f25cd0195 100644
--- a/library/HTMLPurifier/AttrTransform/BoolToCSS.php
+++ b/library/HTMLPurifier/AttrTransform/BoolToCSS.php
@@ -3,34 +3,45 @@
/**
* Pre-transform that changes converts a boolean attribute to fixed CSS
*/
-class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform {
-
+class HTMLPurifier_AttrTransform_BoolToCSS extends HTMLPurifier_AttrTransform
+{
/**
- * Name of boolean attribute that is trigger
+ * Name of boolean attribute that is trigger.
+ * @type string
*/
protected $attr;
/**
- * CSS declarations to add to style, needs trailing semicolon
+ * CSS declarations to add to style, needs trailing semicolon.
+ * @type string
*/
protected $css;
/**
- * @param $attr string attribute name to convert from
- * @param $css string CSS declarations to add to style (needs semicolon)
+ * @param string $attr attribute name to convert from
+ * @param string $css CSS declarations to add to style (needs semicolon)
*/
- public function __construct($attr, $css) {
+ public function __construct($attr, $css)
+ {
$this->attr = $attr;
- $this->css = $css;
+ $this->css = $css;
}
- public function transform($attr, $config, $context) {
- if (!isset($attr[$this->attr])) return $attr;
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr[$this->attr])) {
+ return $attr;
+ }
unset($attr[$this->attr]);
$this->prependCSS($attr, $this->css);
return $attr;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/Border.php b/library/HTMLPurifier/AttrTransform/Border.php
index 476b0b079..057dc017f 100644
--- a/library/HTMLPurifier/AttrTransform/Border.php
+++ b/library/HTMLPurifier/AttrTransform/Border.php
@@ -3,16 +3,24 @@
/**
* Pre-transform that changes deprecated border attribute to CSS.
*/
-class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform {
-
- public function transform($attr, $config, $context) {
- if (!isset($attr['border'])) return $attr;
+class HTMLPurifier_AttrTransform_Border extends HTMLPurifier_AttrTransform
+{
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['border'])) {
+ return $attr;
+ }
$border_width = $this->confiscateAttr($attr, 'border');
// some validation should happen here
$this->prependCSS($attr, "border:{$border_width}px solid;");
return $attr;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/EnumToCSS.php b/library/HTMLPurifier/AttrTransform/EnumToCSS.php
index 2a5b4514a..7ccd0e3fb 100644
--- a/library/HTMLPurifier/AttrTransform/EnumToCSS.php
+++ b/library/HTMLPurifier/AttrTransform/EnumToCSS.php
@@ -4,55 +4,65 @@
* Generic pre-transform that converts an attribute with a fixed number of
* values (enumerated) to CSS.
*/
-class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform {
-
+class HTMLPurifier_AttrTransform_EnumToCSS extends HTMLPurifier_AttrTransform
+{
/**
- * Name of attribute to transform from
+ * Name of attribute to transform from.
+ * @type string
*/
protected $attr;
/**
- * Lookup array of attribute values to CSS
+ * Lookup array of attribute values to CSS.
+ * @type array
*/
protected $enumToCSS = array();
/**
- * Case sensitivity of the matching
+ * Case sensitivity of the matching.
+ * @type bool
* @warning Currently can only be guaranteed to work with ASCII
* values.
*/
protected $caseSensitive = false;
/**
- * @param $attr String attribute name to transform from
- * @param $enumToCSS Lookup array of attribute values to CSS
- * @param $case_sensitive Boolean case sensitivity indicator, default false
+ * @param string $attr Attribute name to transform from
+ * @param array $enum_to_css Lookup array of attribute values to CSS
+ * @param bool $case_sensitive Case sensitivity indicator, default false
*/
- public function __construct($attr, $enum_to_css, $case_sensitive = false) {
+ public function __construct($attr, $enum_to_css, $case_sensitive = false)
+ {
$this->attr = $attr;
$this->enumToCSS = $enum_to_css;
- $this->caseSensitive = (bool) $case_sensitive;
+ $this->caseSensitive = (bool)$case_sensitive;
}
- public function transform($attr, $config, $context) {
-
- if (!isset($attr[$this->attr])) return $attr;
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr[$this->attr])) {
+ return $attr;
+ }
$value = trim($attr[$this->attr]);
unset($attr[$this->attr]);
- if (!$this->caseSensitive) $value = strtolower($value);
+ if (!$this->caseSensitive) {
+ $value = strtolower($value);
+ }
if (!isset($this->enumToCSS[$value])) {
return $attr;
}
-
$this->prependCSS($attr, $this->enumToCSS[$value]);
-
return $attr;
-
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/ImgRequired.php b/library/HTMLPurifier/AttrTransform/ImgRequired.php
index 7f0e4b7a5..7df6cb3e1 100644
--- a/library/HTMLPurifier/AttrTransform/ImgRequired.php
+++ b/library/HTMLPurifier/AttrTransform/ImgRequired.php
@@ -11,11 +11,19 @@
class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
{
- public function transform($attr, $config, $context) {
-
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
$src = true;
if (!isset($attr['src'])) {
- if ($config->get('Core.RemoveInvalidImg')) return $attr;
+ if ($config->get('Core.RemoveInvalidImg')) {
+ return $attr;
+ }
$attr['src'] = $config->get('Attr.DefaultInvalidImage');
$src = false;
}
@@ -25,7 +33,7 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
$alt = $config->get('Attr.DefaultImageAlt');
if ($alt === null) {
// truncate if the alt is too long
- $attr['alt'] = substr(basename($attr['src']),0,40);
+ $attr['alt'] = substr(basename($attr['src']), 0, 40);
} else {
$attr['alt'] = $alt;
}
@@ -33,11 +41,8 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
$attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
}
}
-
return $attr;
-
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/ImgSpace.php b/library/HTMLPurifier/AttrTransform/ImgSpace.php
index fd84c10c3..350b3358f 100644
--- a/library/HTMLPurifier/AttrTransform/ImgSpace.php
+++ b/library/HTMLPurifier/AttrTransform/ImgSpace.php
@@ -3,42 +3,59 @@
/**
* Pre-transform that changes deprecated hspace and vspace attributes to CSS
*/
-class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform {
-
+class HTMLPurifier_AttrTransform_ImgSpace extends HTMLPurifier_AttrTransform
+{
+ /**
+ * @type string
+ */
protected $attr;
+
+ /**
+ * @type array
+ */
protected $css = array(
'hspace' => array('left', 'right'),
'vspace' => array('top', 'bottom')
);
- public function __construct($attr) {
+ /**
+ * @param string $attr
+ */
+ public function __construct($attr)
+ {
$this->attr = $attr;
if (!isset($this->css[$attr])) {
trigger_error(htmlspecialchars($attr) . ' is not valid space attribute');
}
}
- public function transform($attr, $config, $context) {
-
- if (!isset($attr[$this->attr])) return $attr;
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr[$this->attr])) {
+ return $attr;
+ }
$width = $this->confiscateAttr($attr, $this->attr);
// some validation could happen here
- if (!isset($this->css[$this->attr])) return $attr;
+ if (!isset($this->css[$this->attr])) {
+ return $attr;
+ }
$style = '';
foreach ($this->css[$this->attr] as $suffix) {
$property = "margin-$suffix";
$style .= "$property:{$width}px;";
}
-
$this->prependCSS($attr, $style);
-
return $attr;
-
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/Input.php b/library/HTMLPurifier/AttrTransform/Input.php
index 16829552d..3ab47ed8c 100644
--- a/library/HTMLPurifier/AttrTransform/Input.php
+++ b/library/HTMLPurifier/AttrTransform/Input.php
@@ -4,17 +4,31 @@
* Performs miscellaneous cross attribute validation and filtering for
* input elements. This is meant to be a post-transform.
*/
-class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform {
-
+class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform
+{
+ /**
+ * @type HTMLPurifier_AttrDef_HTML_Pixels
+ */
protected $pixels;
- public function __construct() {
+ public function __construct()
+ {
$this->pixels = new HTMLPurifier_AttrDef_HTML_Pixels();
}
- public function transform($attr, $config, $context) {
- if (!isset($attr['type'])) $t = 'text';
- else $t = strtolower($attr['type']);
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['type'])) {
+ $t = 'text';
+ } else {
+ $t = strtolower($attr['type']);
+ }
if (isset($attr['checked']) && $t !== 'radio' && $t !== 'checkbox') {
unset($attr['checked']);
}
@@ -23,8 +37,11 @@ class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform {
}
if (isset($attr['size']) && $t !== 'text' && $t !== 'password') {
$result = $this->pixels->validate($attr['size'], $config, $context);
- if ($result === false) unset($attr['size']);
- else $attr['size'] = $result;
+ if ($result === false) {
+ unset($attr['size']);
+ } else {
+ $attr['size'] = $result;
+ }
}
if (isset($attr['src']) && $t !== 'image') {
unset($attr['src']);
@@ -34,7 +51,6 @@ class HTMLPurifier_AttrTransform_Input extends HTMLPurifier_AttrTransform {
}
return $attr;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/Lang.php b/library/HTMLPurifier/AttrTransform/Lang.php
index 5869e7f82..5b0aff0e4 100644
--- a/library/HTMLPurifier/AttrTransform/Lang.php
+++ b/library/HTMLPurifier/AttrTransform/Lang.php
@@ -8,9 +8,15 @@
class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
{
- public function transform($attr, $config, $context) {
-
- $lang = isset($attr['lang']) ? $attr['lang'] : false;
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ $lang = isset($attr['lang']) ? $attr['lang'] : false;
$xml_lang = isset($attr['xml:lang']) ? $attr['xml:lang'] : false;
if ($lang !== false && $xml_lang === false) {
@@ -18,11 +24,8 @@ class HTMLPurifier_AttrTransform_Lang extends HTMLPurifier_AttrTransform
} elseif ($xml_lang !== false) {
$attr['lang'] = $xml_lang;
}
-
return $attr;
-
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/Length.php b/library/HTMLPurifier/AttrTransform/Length.php
index ea2f30473..853f33549 100644
--- a/library/HTMLPurifier/AttrTransform/Length.php
+++ b/library/HTMLPurifier/AttrTransform/Length.php
@@ -6,22 +6,40 @@
class HTMLPurifier_AttrTransform_Length extends HTMLPurifier_AttrTransform
{
+ /**
+ * @type string
+ */
protected $name;
+
+ /**
+ * @type string
+ */
protected $cssName;
- public function __construct($name, $css_name = null) {
+ public function __construct($name, $css_name = null)
+ {
$this->name = $name;
$this->cssName = $css_name ? $css_name : $name;
}
- public function transform($attr, $config, $context) {
- if (!isset($attr[$this->name])) return $attr;
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr[$this->name])) {
+ return $attr;
+ }
$length = $this->confiscateAttr($attr, $this->name);
- if(ctype_digit($length)) $length .= 'px';
+ if (ctype_digit($length)) {
+ $length .= 'px';
+ }
$this->prependCSS($attr, $this->cssName . ":$length;");
return $attr;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/Name.php b/library/HTMLPurifier/AttrTransform/Name.php
index 15315bc73..63cce6837 100644
--- a/library/HTMLPurifier/AttrTransform/Name.php
+++ b/library/HTMLPurifier/AttrTransform/Name.php
@@ -6,16 +6,28 @@
class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
{
- public function transform($attr, $config, $context) {
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
// Abort early if we're using relaxed definition of name
- if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr;
- if (!isset($attr['name'])) return $attr;
+ if ($config->get('HTML.Attr.Name.UseCDATA')) {
+ return $attr;
+ }
+ if (!isset($attr['name'])) {
+ return $attr;
+ }
$id = $this->confiscateAttr($attr, 'name');
- if ( isset($attr['id'])) return $attr;
+ if (isset($attr['id'])) {
+ return $attr;
+ }
$attr['id'] = $id;
return $attr;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/NameSync.php b/library/HTMLPurifier/AttrTransform/NameSync.php
index a95638c14..36079b786 100644
--- a/library/HTMLPurifier/AttrTransform/NameSync.php
+++ b/library/HTMLPurifier/AttrTransform/NameSync.php
@@ -8,20 +8,34 @@
class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
{
- public function __construct() {
+ public function __construct()
+ {
$this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
}
- public function transform($attr, $config, $context) {
- if (!isset($attr['name'])) return $attr;
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['name'])) {
+ return $attr;
+ }
$name = $attr['name'];
- if (isset($attr['id']) && $attr['id'] === $name) return $attr;
+ if (isset($attr['id']) && $attr['id'] === $name) {
+ return $attr;
+ }
$result = $this->idDef->validate($name, $config, $context);
- if ($result === false) unset($attr['name']);
- else $attr['name'] = $result;
+ if ($result === false) {
+ unset($attr['name']);
+ } else {
+ $attr['name'] = $result;
+ }
return $attr;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/Nofollow.php b/library/HTMLPurifier/AttrTransform/Nofollow.php
new file mode 100644
index 000000000..1057ebee1
--- /dev/null
+++ b/library/HTMLPurifier/AttrTransform/Nofollow.php
@@ -0,0 +1,52 @@
+<?php
+
+// must be called POST validation
+
+/**
+ * Adds rel="nofollow" to all outbound links. This transform is
+ * only attached if Attr.Nofollow is TRUE.
+ */
+class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
+{
+ /**
+ * @type HTMLPurifier_URIParser
+ */
+ private $parser;
+
+ public function __construct()
+ {
+ $this->parser = new HTMLPurifier_URIParser();
+ }
+
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['href'])) {
+ return $attr;
+ }
+
+ // XXX Kind of inefficient
+ $url = $this->parser->parse($attr['href']);
+ $scheme = $url->getSchemeObj($config, $context);
+
+ if ($scheme->browsable && !$url->isLocal($config, $context)) {
+ if (isset($attr['rel'])) {
+ $rels = explode(' ', $attr['rel']);
+ if (!in_array('nofollow', $rels)) {
+ $rels[] = 'nofollow';
+ }
+ $attr['rel'] = implode(' ', $rels);
+ } else {
+ $attr['rel'] = 'nofollow';
+ }
+ }
+ return $attr;
+ }
+}
+
+// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/SafeEmbed.php b/library/HTMLPurifier/AttrTransform/SafeEmbed.php
index 4da449981..231c81a3f 100644
--- a/library/HTMLPurifier/AttrTransform/SafeEmbed.php
+++ b/library/HTMLPurifier/AttrTransform/SafeEmbed.php
@@ -2,9 +2,19 @@
class HTMLPurifier_AttrTransform_SafeEmbed extends HTMLPurifier_AttrTransform
{
+ /**
+ * @type string
+ */
public $name = "SafeEmbed";
- public function transform($attr, $config, $context) {
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
$attr['allowscriptaccess'] = 'never';
$attr['allownetworking'] = 'internal';
$attr['type'] = 'application/x-shockwave-flash';
diff --git a/library/HTMLPurifier/AttrTransform/SafeObject.php b/library/HTMLPurifier/AttrTransform/SafeObject.php
index 1ed74898b..d1f3a4d2e 100644
--- a/library/HTMLPurifier/AttrTransform/SafeObject.php
+++ b/library/HTMLPurifier/AttrTransform/SafeObject.php
@@ -5,10 +5,22 @@
*/
class HTMLPurifier_AttrTransform_SafeObject extends HTMLPurifier_AttrTransform
{
+ /**
+ * @type string
+ */
public $name = "SafeObject";
- function transform($attr, $config, $context) {
- if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash';
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['type'])) {
+ $attr['type'] = 'application/x-shockwave-flash';
+ }
return $attr;
}
}
diff --git a/library/HTMLPurifier/AttrTransform/SafeParam.php b/library/HTMLPurifier/AttrTransform/SafeParam.php
index 3f992ec31..1143b4b49 100644
--- a/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/library/HTMLPurifier/AttrTransform/SafeParam.php
@@ -14,14 +14,30 @@
*/
class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
{
+ /**
+ * @type string
+ */
public $name = "SafeParam";
+
+ /**
+ * @type HTMLPurifier_AttrDef_URI
+ */
private $uri;
- public function __construct() {
+ public function __construct()
+ {
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+ $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
}
- public function transform($attr, $config, $context) {
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
// If we add support for other objects, we'll need to alter the
// transforms.
switch ($attr['name']) {
@@ -33,8 +49,15 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
case 'allowNetworking':
$attr['value'] = 'internal';
break;
+ case 'allowFullScreen':
+ if ($config->get('HTML.FlashAllowFullScreen')) {
+ $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
+ } else {
+ $attr['value'] = 'false';
+ }
+ break;
case 'wmode':
- $attr['value'] = 'window';
+ $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
break;
case 'movie':
case 'src':
diff --git a/library/HTMLPurifier/AttrTransform/ScriptRequired.php b/library/HTMLPurifier/AttrTransform/ScriptRequired.php
index 4499050a2..b7057bbf8 100644
--- a/library/HTMLPurifier/AttrTransform/ScriptRequired.php
+++ b/library/HTMLPurifier/AttrTransform/ScriptRequired.php
@@ -5,7 +5,14 @@
*/
class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
{
- public function transform($attr, $config, $context) {
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
if (!isset($attr['type'])) {
$attr['type'] = 'text/javascript';
}
diff --git a/library/HTMLPurifier/AttrTransform/TargetBlank.php b/library/HTMLPurifier/AttrTransform/TargetBlank.php
new file mode 100644
index 000000000..dd63ea89c
--- /dev/null
+++ b/library/HTMLPurifier/AttrTransform/TargetBlank.php
@@ -0,0 +1,45 @@
+<?php
+
+// must be called POST validation
+
+/**
+ * Adds target="blank" to all outbound links. This transform is
+ * only attached if Attr.TargetBlank is TRUE. This works regardless
+ * of whether or not Attr.AllowedFrameTargets
+ */
+class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
+{
+ /**
+ * @type HTMLPurifier_URIParser
+ */
+ private $parser;
+
+ public function __construct()
+ {
+ $this->parser = new HTMLPurifier_URIParser();
+ }
+
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
+ if (!isset($attr['href'])) {
+ return $attr;
+ }
+
+ // XXX Kind of inefficient
+ $url = $this->parser->parse($attr['href']);
+ $scheme = $url->getSchemeObj($config, $context);
+
+ if ($scheme->browsable && !$url->isBenign($config, $context)) {
+ $attr['target'] = '_blank';
+ }
+ return $attr;
+ }
+}
+
+// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/AttrTransform/Textarea.php b/library/HTMLPurifier/AttrTransform/Textarea.php
index 81ac3488b..6a9f33a0c 100644
--- a/library/HTMLPurifier/AttrTransform/Textarea.php
+++ b/library/HTMLPurifier/AttrTransform/Textarea.php
@@ -5,14 +5,23 @@
*/
class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform
{
-
- public function transform($attr, $config, $context) {
+ /**
+ * @param array $attr
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return array
+ */
+ public function transform($attr, $config, $context)
+ {
// Calculated from Firefox
- if (!isset($attr['cols'])) $attr['cols'] = '22';
- if (!isset($attr['rows'])) $attr['rows'] = '3';
+ if (!isset($attr['cols'])) {
+ $attr['cols'] = '22';
+ }
+ if (!isset($attr['rows'])) {
+ $attr['rows'] = '3';
+ }
return $attr;
}
-
}
// vim: et sw=4 sts=4
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 11:36:06 +0000