|
Moodle
2.2.1
http://www.collinsharper.com
|
|
Moodle
2.2.1
http://www.collinsharper.com
|
00001 <?php 00002 00011 class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy 00012 { 00013 00014 public function execute($tokens, $config, $context) { 00015 $definition = $config->getHTMLDefinition(); 00016 $generator = new HTMLPurifier_Generator($config, $context); 00017 $result = array(); 00018 00019 $escape_invalid_tags = $config->get('Core.EscapeInvalidTags'); 00020 $remove_invalid_img = $config->get('Core.RemoveInvalidImg'); 00021 00022 // currently only used to determine if comments should be kept 00023 $trusted = $config->get('HTML.Trusted'); 00024 00025 $remove_script_contents = $config->get('Core.RemoveScriptContents'); 00026 $hidden_elements = $config->get('Core.HiddenElements'); 00027 00028 // remove script contents compatibility 00029 if ($remove_script_contents === true) { 00030 $hidden_elements['script'] = true; 00031 } elseif ($remove_script_contents === false && isset($hidden_elements['script'])) { 00032 unset($hidden_elements['script']); 00033 } 00034 00035 $attr_validator = new HTMLPurifier_AttrValidator(); 00036 00037 // removes tokens until it reaches a closing tag with its value 00038 $remove_until = false; 00039 00040 // converts comments into text tokens when this is equal to a tag name 00041 $textify_comments = false; 00042 00043 $token = false; 00044 $context->register('CurrentToken', $token); 00045 00046 $e = false; 00047 if ($config->get('Core.CollectErrors')) { 00048 $e =& $context->get('ErrorCollector'); 00049 } 00050 00051 foreach($tokens as $token) { 00052 if ($remove_until) { 00053 if (empty($token->is_tag) || $token->name !== $remove_until) { 00054 continue; 00055 } 00056 } 00057 if (!empty( $token->is_tag )) { 00058 // DEFINITION CALL 00059 00060 // before any processing, try to transform the element 00061 if ( 00062 isset($definition->info_tag_transform[$token->name]) 00063 ) { 00064 $original_name = $token->name; 00065 // there is a transformation for this tag 00066 // DEFINITION CALL 00067 $token = $definition-> 00068 info_tag_transform[$token->name]-> 00069 transform($token, $config, $context); 00070 if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name); 00071 } 00072 00073 if (isset($definition->info[$token->name])) { 00074 00075 // mostly everything's good, but 00076 // we need to make sure required attributes are in order 00077 if ( 00078 ($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) && 00079 $definition->info[$token->name]->required_attr && 00080 ($token->name != 'img' || $remove_invalid_img) // ensure config option still works 00081 ) { 00082 $attr_validator->validateToken($token, $config, $context); 00083 $ok = true; 00084 foreach ($definition->info[$token->name]->required_attr as $name) { 00085 if (!isset($token->attr[$name])) { 00086 $ok = false; 00087 break; 00088 } 00089 } 00090 if (!$ok) { 00091 if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Missing required attribute', $name); 00092 continue; 00093 } 00094 $token->armor['ValidateAttributes'] = true; 00095 } 00096 00097 if (isset($hidden_elements[$token->name]) && $token instanceof HTMLPurifier_Token_Start) { 00098 $textify_comments = $token->name; 00099 } elseif ($token->name === $textify_comments && $token instanceof HTMLPurifier_Token_End) { 00100 $textify_comments = false; 00101 } 00102 00103 } elseif ($escape_invalid_tags) { 00104 // invalid tag, generate HTML representation and insert in 00105 if ($e) $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text'); 00106 $token = new HTMLPurifier_Token_Text( 00107 $generator->generateFromToken($token) 00108 ); 00109 } else { 00110 // check if we need to destroy all of the tag's children 00111 // CAN BE GENERICIZED 00112 if (isset($hidden_elements[$token->name])) { 00113 if ($token instanceof HTMLPurifier_Token_Start) { 00114 $remove_until = $token->name; 00115 } elseif ($token instanceof HTMLPurifier_Token_Empty) { 00116 // do nothing: we're still looking 00117 } else { 00118 $remove_until = false; 00119 } 00120 if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed'); 00121 } else { 00122 if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed'); 00123 } 00124 continue; 00125 } 00126 } elseif ($token instanceof HTMLPurifier_Token_Comment) { 00127 // textify comments in script tags when they are allowed 00128 if ($textify_comments !== false) { 00129 $data = $token->data; 00130 $token = new HTMLPurifier_Token_Text($data); 00131 } elseif ($trusted) { 00132 // keep, but perform comment cleaning 00133 if ($e) { 00134 // perform check whether or not there's a trailing hyphen 00135 if (substr($token->data, -1) == '-') { 00136 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed'); 00137 } 00138 } 00139 $token->data = rtrim($token->data, '-'); 00140 $found_double_hyphen = false; 00141 while (strpos($token->data, '--') !== false) { 00142 if ($e && !$found_double_hyphen) { 00143 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Hyphens in comment collapsed'); 00144 } 00145 $found_double_hyphen = true; // prevent double-erroring 00146 $token->data = str_replace('--', '-', $token->data); 00147 } 00148 } else { 00149 // strip comments 00150 if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed'); 00151 continue; 00152 } 00153 } elseif ($token instanceof HTMLPurifier_Token_Text) { 00154 } else { 00155 continue; 00156 } 00157 $result[] = $token; 00158 } 00159 if ($remove_until && $e) { 00160 // we removed tokens until the end, throw error 00161 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until); 00162 } 00163 00164 $context->destroy('CurrentToken'); 00165 00166 return $result; 00167 } 00168 00169 } 00170 00171 // vim: et sw=4 sts=4
1.7.6.1 
