lib/htmlpurifier/HTMLPurifier/Strategy/RemoveForeignElements.php

   1 <?php
   2
   3 require_once 'HTMLPurifier/Strategy.php';
   4 require_once 'HTMLPurifier/HTMLDefinition.php';
   5 require_once 'HTMLPurifier/Generator.php';
   6 require_once 'HTMLPurifier/TagTransform.php';
   7
   8 HTMLPurifier_ConfigSchema::define(
   9     'Core', 'RemoveInvalidImg', true, 'bool',
  10     'This directive enables pre-emptive URI checking in <code>img</code> '.
  11     'tags, as the attribute validation strategy is not authorized to '.
  12     'remove elements from the document.  This directive has been available '.
  13     'since 1.3.0, revert to pre-1.3.0 behavior by setting to false.'
  14 );
  15
  16 /**
  17  * Removes all unrecognized tags from the list of tokens.
  18  *
  19  * This strategy iterates through all the tokens and removes unrecognized
  20  * tokens. If a token is not recognized but a TagTransform is defined for
  21  * that element, the element will be transformed accordingly.
  22  */
  23
  24 class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
  25 {
  26
  27     function execute($tokens, $config, &$context) {
  28         $definition = $config->getHTMLDefinition();
  29         $generator = new HTMLPurifier_Generator();
  30         $result = array();
  31         $escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags');
  32         $remove_invalid_img  = $config->get('Core', 'RemoveInvalidImg');
  33         foreach($tokens as $token) {
  34             if (!empty( $token->is_tag )) {
  35                 // DEFINITION CALL
  36                 if (isset($definition->info[$token->name])) {
  37                     // leave untouched, except for a few special cases:
  38
  39                     // hard-coded image special case, pre-emptively drop
  40                     // if not available. Probably not abstract-able
  41                     if ( $token->name == 'img' && $remove_invalid_img ) {
  42                         if (!isset($token->attr['src'])) {
  43                             continue;
  44                         }
  45                         if (!isset($definition->info['img']->attr['src'])) {
  46                             continue;
  47                         }
  48                         $token->attr['src'] =
  49                             $definition->
  50                                 info['img']->
  51                                     attr['src']->
  52                                         validate($token->attr['src'],
  53                                             $config, $context);
  54                         if ($token->attr['src'] === false) continue;
  55                     }
  56
  57                 } elseif (
  58                     isset($definition->info_tag_transform[$token->name])
  59                 ) {
  60                     // there is a transformation for this tag
  61                     // DEFINITION CALL
  62                     $token = $definition->
  63                                 info_tag_transform[$token->name]->
  64                                     transform($token, $config, $context);
  65                 } elseif ($escape_invalid_tags) {
  66                     // invalid tag, generate HTML and insert in
  67                     $token = new HTMLPurifier_Token_Text(
  68                         $generator->generateFromToken($token, $config, $context)
  69                     );
  70                 } else {
  71                     continue;
  72                 }
  73             } elseif ($token->type == 'comment') {
  74                 // strip comments
  75                 continue;
  76             } elseif ($token->type == 'text') {
  77             } else {
  78                 continue;
  79             }
  80             $result[] = $token;
  81         }
  82         return $result;
  83     }
  84
  85 }
  86
  87 ?>