mirror of
https://github.com/moodle/moodle.git
synced 2025-08-09 10:56:56 +02:00
MDL-9151 HTML Purifier cleaning support - enable switch is in experimental section
MDL-9435 Reviewved url cleaning in redirect()
This commit is contained in:
skodak
parent
c85607f0be
commit
e0ac8448c7
129 changed files with 10389 additions and 20 deletions
168
lib/htmlpurifier/HTMLPurifier/Token.php
Normal file
168
lib/htmlpurifier/HTMLPurifier/Token.php
Normal file
|
|
@ -0,0 +1,168 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Defines a set of immutable value object tokens for HTML representation.
|
||||
*
|
||||
* @file
|
||||
*/
|
||||
|
||||
/**
|
||||
* Abstract base token class that all others inherit from.
|
||||
*/
|
||||
class HTMLPurifier_Token {
|
||||
var $type; /**< Type of node to bypass <tt>is_a()</tt>. @public */
|
||||
|
||||
/**
|
||||
* Copies the tag into a new one (clone substitute).
|
||||
* @return Copied token
|
||||
*/
|
||||
function copy() {
|
||||
trigger_error('Cannot copy abstract class', E_USER_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Abstract class of a tag token (start, end or empty), and its behavior.
|
||||
*/
|
||||
class HTMLPurifier_Token_Tag extends HTMLPurifier_Token // abstract
|
||||
{
|
||||
/**
|
||||
* Static bool marker that indicates the class is a tag.
|
||||
*
|
||||
* This allows us to check objects with <tt>!empty($obj->is_tag)</tt>
|
||||
* without having to use a function call <tt>is_a()</tt>.
|
||||
*
|
||||
* @public
|
||||
*/
|
||||
var $is_tag = true;
|
||||
|
||||
/**
|
||||
* The lower-case name of the tag, like 'a', 'b' or 'blockquote'.
|
||||
*
|
||||
* @note Strictly speaking, XML tags are case sensitive, so we shouldn't
|
||||
* be lower-casing them, but these tokens cater to HTML tags, which are
|
||||
* insensitive.
|
||||
*
|
||||
* @public
|
||||
*/
|
||||
var $name;
|
||||
|
||||
/**
|
||||
* Associative array of the tag's attributes.
|
||||
*/
|
||||
var $attr = array();
|
||||
|
||||
/**
|
||||
* Non-overloaded constructor, which lower-cases passed tag name.
|
||||
*
|
||||
* @param $name String name.
|
||||
* @param $attr Associative array of attributes.
|
||||
*/
|
||||
function HTMLPurifier_Token_Tag($name, $attr = array()) {
|
||||
$this->name = ctype_lower($name) ? $name : strtolower($name);
|
||||
foreach ($attr as $key => $value) {
|
||||
// normalization only necessary when key is not lowercase
|
||||
if (!ctype_lower($key)) {
|
||||
$new_key = strtolower($key);
|
||||
if (!isset($attr[$new_key])) {
|
||||
$attr[$new_key] = $attr[$key];
|
||||
}
|
||||
if ($new_key !== $key) {
|
||||
unset($attr[$key]);
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->attr = $attr;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Concrete start token class.
|
||||
*/
|
||||
class HTMLPurifier_Token_Start extends HTMLPurifier_Token_Tag
|
||||
{
|
||||
var $type = 'start';
|
||||
function copy() {
|
||||
return new HTMLPurifier_Token_Start($this->name, $this->attr);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Concrete empty token class.
|
||||
*/
|
||||
class HTMLPurifier_Token_Empty extends HTMLPurifier_Token_Tag
|
||||
{
|
||||
var $type = 'empty';
|
||||
function copy() {
|
||||
return new HTMLPurifier_Token_Empty($this->name, $this->attr);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Concrete end token class.
|
||||
*
|
||||
* @warning This class accepts attributes even though end tags cannot. This
|
||||
* is for optimization reasons, as under normal circumstances, the Lexers
|
||||
* do not pass attributes.
|
||||
*/
|
||||
class HTMLPurifier_Token_End extends HTMLPurifier_Token_Tag
|
||||
{
|
||||
var $type = 'end';
|
||||
function copy() {
|
||||
return new HTMLPurifier_Token_End($this->name);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Concrete text token class.
|
||||
*
|
||||
* Text tokens comprise of regular parsed character data (PCDATA) and raw
|
||||
* character data (from the CDATA sections). Internally, their
|
||||
* data is parsed with all entities expanded. Surprisingly, the text token
|
||||
* does have a "tag name" called #PCDATA, which is how the DTD represents it
|
||||
* in permissible child nodes.
|
||||
*/
|
||||
class HTMLPurifier_Token_Text extends HTMLPurifier_Token
|
||||
{
|
||||
|
||||
var $name = '#PCDATA'; /**< PCDATA tag name compatible with DTD. @public */
|
||||
var $type = 'text';
|
||||
var $data; /**< Parsed character data of text. @public */
|
||||
var $is_whitespace; /**< Bool indicating if node is whitespace. @public */
|
||||
|
||||
/**
|
||||
* Constructor, accepts data and determines if it is whitespace.
|
||||
*
|
||||
* @param $data String parsed character data.
|
||||
*/
|
||||
function HTMLPurifier_Token_Text($data) {
|
||||
$this->data = $data;
|
||||
$this->is_whitespace = ctype_space($data);
|
||||
}
|
||||
function copy() {
|
||||
return new HTMLPurifier_Token_Text($this->data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Concrete comment token class. Generally will be ignored.
|
||||
*/
|
||||
class HTMLPurifier_Token_Comment extends HTMLPurifier_Token
|
||||
{
|
||||
var $data; /**< Character data within comment. @public */
|
||||
var $type = 'comment';
|
||||
/**
|
||||
* Transparent constructor.
|
||||
*
|
||||
* @param $data String comment data.
|
||||
*/
|
||||
function HTMLPurifier_Token_Comment($data) {
|
||||
$this->data = $data;
|
||||
}
|
||||
function copy() {
|
||||
return new HTMLPurifier_Token_Comment($this->data);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
Loading…
Add table
Add a link
Reference in a new issue