aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/Injector/SafeObject.php
diff options
context:
space:
mode:
Diffstat (limited to 'library/HTMLPurifier/Injector/SafeObject.php')
-rw-r--r--library/HTMLPurifier/Injector/SafeObject.php53
1 files changed, 42 insertions, 11 deletions
diff --git a/library/HTMLPurifier/Injector/SafeObject.php b/library/HTMLPurifier/Injector/SafeObject.php
index 9e178ce01..3d17e07af 100644
--- a/library/HTMLPurifier/Injector/SafeObject.php
+++ b/library/HTMLPurifier/Injector/SafeObject.php
@@ -6,29 +6,61 @@
*/
class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
{
+ /**
+ * @type string
+ */
public $name = 'SafeObject';
+
+ /**
+ * @type array
+ */
public $needed = array('object', 'param');
+ /**
+ * @type array
+ */
protected $objectStack = array();
- protected $paramStack = array();
- // Keep this synchronized with AttrTransform/SafeParam.php
+ /**
+ * @type array
+ */
+ protected $paramStack = array();
+
+ /**
+ * Keep this synchronized with AttrTransform/SafeParam.php.
+ * @type array
+ */
protected $addParam = array(
'allowScriptAccess' => 'never',
'allowNetworking' => 'internal',
);
+
+ /**
+ * @type array
+ */
protected $allowedParam = array(
'wmode' => true,
'movie' => true,
'flashvars' => true,
'src' => true,
+ 'allowFullScreen' => true, // if omitted, assume to be 'false'
);
- public function prepare($config, $context) {
+ /**
+ * @param HTMLPurifier_Config $config
+ * @param HTMLPurifier_Context $context
+ * @return void
+ */
+ public function prepare($config, $context)
+ {
parent::prepare($config, $context);
}
- public function handleElement(&$token) {
+ /**
+ * @param HTMLPurifier_Token $token
+ */
+ public function handleElement(&$token)
+ {
if ($token->name == 'object') {
$this->objectStack[] = $token;
$this->paramStack[] = array();
@@ -50,16 +82,15 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
// attribute, which we need if a type is specified. This is
// *very* Flash specific.
if (!isset($this->objectStack[$i]->attr['data']) &&
- ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')) {
+ ($token->attr['name'] == 'movie' || $token->attr['name'] == 'src')
+ ) {
$this->objectStack[$i]->attr['data'] = $token->attr['value'];
}
// Check if the parameter is the correct value but has not
// already been added
- if (
- !isset($this->paramStack[$i][$n]) &&
+ if (!isset($this->paramStack[$i][$n]) &&
isset($this->addParam[$n]) &&
- $token->attr['name'] === $this->addParam[$n]
- ) {
+ $token->attr['name'] === $this->addParam[$n]) {
// keep token, and add to param stack
$this->paramStack[$i][$n] = true;
} elseif (isset($this->allowedParam[$n])) {
@@ -75,7 +106,8 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
}
}
- public function handleEnd(&$token) {
+ public function handleEnd(&$token)
+ {
// This is the WRONG way of handling the object and param stacks;
// we should be inserting them directly on the relevant object tokens
// so that the global stack handling handles it.
@@ -84,7 +116,6 @@ class HTMLPurifier_Injector_SafeObject extends HTMLPurifier_Injector
array_pop($this->paramStack);
}
}
-
}
// vim: et sw=4 sts=4