library/HTMLPurifier/URIScheme/file.php

   1 <?php
   2
   3 /**
   4  * Validates file as defined by RFC 1630 and RFC 1738.
   5  */
   6 class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme
   7 {
   8     /**
   9      * Generally file:// URLs are not accessible from most
  10      * machines, so placing them as an img src is incorrect.
  11      * @type bool
  12      */
  13     public $browsable = false;
  14
  15     /**
  16      * Basically the *only* URI scheme for which this is true, since
  17      * accessing files on the local machine is very common.  In fact,
  18      * browsers on some operating systems don't understand the
  19      * authority, though I hear it is used on Windows to refer to
  20      * network shares.
  21      * @type bool
  22      */
  23     public $may_omit_host = true;
  24
  25     /**
  26      * @param HTMLPurifier_URI $uri
  27      * @param HTMLPurifier_Config $config
  28      * @param HTMLPurifier_Context $context
  29      * @return bool
  30      */
  31     public function doValidate(&$uri, $config, $context)
  32     {
  33         // Authentication method is not supported
  34         $uri->userinfo = null;
  35         // file:// makes no provisions for accessing the resource
  36         $uri->port = null;
  37         // While it seems to work on Firefox, the querystring has
  38         // no possible effect and is thus stripped.
  39         $uri->query = null;
  40         return true;
  41     }
  42 }
  43
  44 // vim: et sw=4 sts=4