aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/HTMLModule/Forms.php
blob: 44c22f6f8b53283d5bc2a28608d5b997d9cb2fb1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php

/**
 * XHTML 1.1 Forms module, defines all form-related elements found in HTML 4.
 */
class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
{
    public $name = 'Forms';
    public $safe = false;

    public $content_sets = array(
        'Block' => 'Form',
        'Inline' => 'Formctrl',
    );

    public function setup($config) {
        $form = $this->addElement('form', 'Form',
          'Required: Heading | List | Block | fieldset', 'Common', array(
            'accept' => 'ContentTypes',
            'accept-charset' => 'Charsets',
            'action*' => 'URI',
            'method' => 'Enum#get,post',
            // really ContentType, but these two are the only ones used today
            'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data',
        ));
        $form->excludes = array('form' => true);

        $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array(
            'accept' => 'ContentTypes',
            'accesskey' => 'Character',
            'alt' => 'Text',
            'checked' => 'Bool#checked',
            'disabled' => 'Bool#disabled',
            'maxlength' => 'Number',
            'name' => 'CDATA',
            'readonly' => 'Bool#readonly',
            'size' => 'Number',
            'src' => 'URI#embeds',
            'tabindex' => 'Number',
            'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
            'value' => 'CDATA',
        ));
        $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input();

        $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array(
            'disabled' => 'Bool#disabled',
            'multiple' => 'Bool#multiple',
            'name' => 'CDATA',
            'size' => 'Number',
            'tabindex' => 'Number',
        ));

        $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array(
            'disabled' => 'Bool#disabled',
            'label' => 'Text',
            'selected' => 'Bool#selected',
            'value' => 'CDATA',
        ));
        // It's illegal for there to be more than one selected, but not
        // be multiple. Also, no selected means undefined behavior. This might
        // be difficult to implement; perhaps an injector, or a context variable.

        $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array(
            'accesskey' => 'Character',
            'cols*' => 'Number',
            'disabled' => 'Bool#disabled',
            'name' => 'CDATA',
            'readonly' => 'Bool#readonly',
            'rows*' => 'Number',
            'tabindex' => 'Number',
        ));
        $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea();

        $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array(
            'accesskey' => 'Character',
            'disabled' => 'Bool#disabled',
            'name' => 'CDATA',
            'tabindex' => 'Number',
            'type' => 'Enum#button,submit,reset',
            'value' => 'CDATA',
        ));

        // For exclusions, ideally we'd specify content sets, not literal elements
        $button->excludes = $this->makeLookup(
            'form', 'fieldset', // Form
            'input', 'select', 'textarea', 'label', 'button', // Formctrl
            'a' // as per HTML 4.01 spec, this is omitted by modularization
        );

        // Extra exclusion: img usemap="" is not permitted within this element.
        // We'll omit this for now, since we don't have any good way of
        // indicating it yet.

        // This is HIGHLY user-unfriendly; we need a custom child-def for this
        $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common');

        $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array(
            'accesskey' => 'Character',
            // 'for' => 'IDREF', // IDREF not implemented, cannot allow
        ));
        $label->excludes = array('label' => true);

        $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array(
            'accesskey' => 'Character',
        ));

        $this->addElement('optgroup', false, 'Required: option', 'Common', array(
            'disabled' => 'Bool#disabled',
            'label*' => 'Text',
        ));

        // Don't forget an injector for <isindex>. This one's a little complex
        // because it maps to multiple elements.

    }
}

// vim: et sw=4 sts=4