diff options
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/AttrTransform')
19 files changed, 92 insertions, 7 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php index 0e1ff24a3..0e1ff24a3 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php index 40310b914..4d1a05665 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php @@ -10,7 +10,7 @@ class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform public function transform($attr, $config, $context) { if (isset($attr['dir'])) return $attr; - $attr['dir'] = $config->get('Attr', 'DefaultTextDir'); + $attr['dir'] = $config->get('Attr.DefaultTextDir'); return $attr; } diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php index ad3916bb9..ad3916bb9 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php index 51159b671..51159b671 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php index 476b0b079..476b0b079 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php index 2a5b4514a..2a5b4514a 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php index 25c9403c2..7f0e4b7a5 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php @@ -15,21 +15,22 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform $src = true; if (!isset($attr['src'])) { - if ($config->get('Core', 'RemoveInvalidImg')) return $attr; - $attr['src'] = $config->get('Attr', 'DefaultInvalidImage'); + if ($config->get('Core.RemoveInvalidImg')) return $attr; + $attr['src'] = $config->get('Attr.DefaultInvalidImage'); $src = false; } if (!isset($attr['alt'])) { if ($src) { - $alt = $config->get('Attr', 'DefaultImageAlt'); + $alt = $config->get('Attr.DefaultImageAlt'); if ($alt === null) { - $attr['alt'] = basename($attr['src']); + // truncate if the alt is too long + $attr['alt'] = substr(basename($attr['src']),0,40); } else { $attr['alt'] = $alt; } } else { - $attr['alt'] = $config->get('Attr', 'DefaultInvalidImageAlt'); + $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt'); } } diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php index fd84c10c3..fd84c10c3 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php index 16829552d..16829552d 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php index 5869e7f82..5869e7f82 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php index ea2f30473..ea2f30473 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php index e6f93aee3..15315bc73 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php @@ -7,6 +7,8 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform { public function transform($attr, $config, $context) { + // Abort early if we're using relaxed definition of name + if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr; if (!isset($attr['name'])) return $attr; $id = $this->confiscateAttr($attr, 'name'); if ( isset($attr['id'])) return $attr; diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php new file mode 100644 index 000000000..a95638c14 --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php @@ -0,0 +1,27 @@ +<?php + +/** + * Post-transform that performs validation to the name attribute; if + * it is present with an equivalent id attribute, it is passed through; + * otherwise validation is performed. + */ +class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform +{ + + public function __construct() { + $this->idDef = new HTMLPurifier_AttrDef_HTML_ID(); + } + + public function transform($attr, $config, $context) { + if (!isset($attr['name'])) return $attr; + $name = $attr['name']; + if (isset($attr['id']) && $attr['id'] === $name) return $attr; + $result = $this->idDef->validate($name, $config, $context); + if ($result === false) unset($attr['name']); + else $attr['name'] = $result; + return $attr; + } + +} + +// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php new file mode 100644 index 000000000..573b42c9c --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php @@ -0,0 +1,41 @@ +<?php + +// must be called POST validation + +/** + * Adds rel="nofollow" to all outbound links. This transform is + * only attached if Attr.Nofollow is TRUE. + */ +class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform +{ + private $parser; + + public function __construct() { + $this->parser = new HTMLPurifier_URIParser(); + } + + public function transform($attr, $config, $context) { + + if (!isset($attr['href'])) { + return $attr; + } + + // XXX Kind of inefficient + $url = $this->parser->parse($attr['href']); + $scheme = $url->getSchemeObj($config, $context); + + if (!is_null($url->host) && $scheme !== false && $scheme->browsable) { + if (isset($attr['rel'])) { + $attr['rel'] .= ' nofollow'; + } else { + $attr['rel'] = 'nofollow'; + } + } + + return $attr; + + } + +} + +// vim: et sw=4 sts=4 diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php index 4da449981..4da449981 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php index 1ed74898b..1ed74898b 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php index 94e8052a9..bd86a7455 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php @@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform public function __construct() { $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded + $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent')); } public function transform($attr, $config, $context) { @@ -33,12 +34,25 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform case 'allowNetworking': $attr['value'] = 'internal'; break; + case 'allowFullScreen': + if ($config->get('HTML.FlashAllowFullScreen')) { + $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false'; + } else { + $attr['value'] = 'false'; + } + break; case 'wmode': - $attr['value'] = 'window'; + $attr['value'] = $this->wmode->validate($attr['value'], $config, $context); break; case 'movie': + case 'src': + $attr['name'] = "movie"; $attr['value'] = $this->uri->validate($attr['value'], $config, $context); break; + case 'flashvars': + // we're going to allow arbitrary inputs to the SWF, on + // the reasoning that it could only hack the SWF, not us. + break; // add other cases to support other param name/value pairs default: $attr['name'] = $attr['value'] = null; diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php index 4499050a2..4499050a2 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php index 81ac3488b..81ac3488b 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php |