MDL-22537 new html purifier backported to stable, unfortunately PHP5 only

This commit is contained in:
Petr Skoda
2010-05-21 11:39:22 +00:00
parent f8502768a2
commit db359e6369
330 changed files with 13930 additions and 10061 deletions
+65 -53
View File
@@ -12,42 +12,40 @@
* correspond to the variables in HTMLPurifier_HTMLDefinition.
* However, the prefix info carries no special meaning in these
* objects (include it anyway if that's the correspondence though).
* @todo Consider making some member functions protected
*/
class HTMLPurifier_HTMLModule
{
// -- Overloadable ----------------------------------------------------
/**
* Short unique string identifier of the module
*/
var $name;
public $name;
/**
* Informally, a list of elements this module changes. Not used in
* any significant way.
* @protected
*/
var $elements = array();
public $elements = array();
/**
* Associative array of element names to element definitions.
* Some definitions may be incomplete, to be merged in later
* with the full definition.
* @public
*/
var $info = array();
public $info = array();
/**
* Associative array of content set names to content set additions.
* This is commonly used to, say, add an A element to the Inline
* content set. This corresponds to an internal variable $content_sets
* and NOT info_content_sets member variable of HTMLDefinition.
* @public
*/
var $content_sets = array();
public $content_sets = array();
/**
* Associative array of attribute collection names to attribute
* collection additions. More rarely used for adding attributes to
@@ -55,54 +53,69 @@ class HTMLPurifier_HTMLModule
* the style attribute to the Core. Corresponds to HTMLDefinition's
* attr_collections->info, since the object's data is only info,
* with extra behavior associated with it.
* @public
*/
var $attr_collections = array();
public $attr_collections = array();
/**
* Associative array of deprecated tag name to HTMLPurifier_TagTransform
* @public
*/
var $info_tag_transform = array();
public $info_tag_transform = array();
/**
* List of HTMLPurifier_AttrTransform to be performed before validation.
* @public
*/
var $info_attr_transform_pre = array();
public $info_attr_transform_pre = array();
/**
* List of HTMLPurifier_AttrTransform to be performed after validation.
* @public
*/
var $info_attr_transform_post = array();
public $info_attr_transform_post = array();
/**
* List of HTMLPurifier_Injector to be performed during well-formedness fixing.
* An injector will only be invoked if all of it's pre-requisites are met;
* if an injector fails setup, there will be no error; it will simply be
* silently disabled.
*/
public $info_injector = array();
/**
* Boolean flag that indicates whether or not getChildDef is implemented.
* For optimization reasons: may save a call to a function. Be sure
* to set it if you do implement getChildDef(), otherwise it will have
* no effect!
* @public
*/
var $defines_child_def = false;
public $defines_child_def = false;
/**
* Retrieves a proper HTMLPurifier_ChildDef subclass based on
* Boolean flag whether or not this module is safe. If it is not safe, all
* of its members are unsafe. Modules are safe by default (this might be
* slightly dangerous, but it doesn't make much sense to force HTML Purifier,
* which is based off of safe HTML, to explicitly say, "This is safe," even
* though there are modules which are "unsafe")
*
* @note Previously, safety could be applied at an element level granularity.
* We've removed this ability, so in order to add "unsafe" elements
* or attributes, a dedicated module with this property set to false
* must be used.
*/
public $safe = true;
/**
* Retrieves a proper HTMLPurifier_ChildDef subclass based on
* content_model and content_model_type member variables of
* the HTMLPurifier_ElementDef class. There is a similar function
* in HTMLPurifier_HTMLDefinition.
* @param $def HTMLPurifier_ElementDef instance
* @return HTMLPurifier_ChildDef subclass
* @public
*/
function getChildDef($def) {return false;}
public function getChildDef($def) {return false;}
// -- Convenience -----------------------------------------------------
/**
* Convenience function that sets up a new element
* @param $element Name of element to add
* @param $safe Is element safe for untrusted users to use?
* @param $type What content set should element be registered to?
* Set as false to skip this step.
* @param $contents Allowed children in form of:
@@ -111,11 +124,10 @@ class HTMLPurifier_HTMLModule
* element?
* @param $attr What unique attributes does the element define?
* @note See ElementDef for in-depth descriptions of these parameters.
* @return Reference to created element definition object, so you
* @return Created element definition object, so you
* can set advanced parameters
* @protected
*/
function &addElement($element, $safe, $type, $contents, $attr_includes = array(), $attr = array()) {
public function addElement($element, $type, $contents, $attr_includes = array(), $attr = array()) {
$this->elements[] = $element;
// parse content_model
list($content_model_type, $content_model) = $this->parseContents($contents);
@@ -125,20 +137,20 @@ class HTMLPurifier_HTMLModule
if ($type) $this->addElementToContentSet($element, $type);
// create element
$this->info[$element] = HTMLPurifier_ElementDef::create(
$safe, $content_model, $content_model_type, $attr
$content_model, $content_model_type, $attr
);
// literal object $contents means direct child manipulation
if (!is_string($contents)) $this->info[$element]->child = $contents;
return $this->info[$element];
}
/**
* Convenience function that creates a totally blank, non-standalone
* element.
* @param $element Name of element to create
* @return Reference to created element
* @return Created element
*/
function &addBlankElement($element) {
public function addBlankElement($element) {
if (!isset($this->info[$element])) {
$this->elements[] = $element;
$this->info[$element] = new HTMLPurifier_ElementDef();
@@ -148,20 +160,19 @@ class HTMLPurifier_HTMLModule
}
return $this->info[$element];
}
/**
* Convenience function that registers an element to a content set
* @param Element to register
* @param Name content set (warning: case sensitive, usually upper-case
* first letter)
* @protected
*/
function addElementToContentSet($element, $type) {
public function addElementToContentSet($element, $type) {
if (!isset($this->content_sets[$type])) $this->content_sets[$type] = '';
else $this->content_sets[$type] .= ' | ';
$this->content_sets[$type] .= $element;
}
/**
* Convenience function that transforms single-string contents
* into separate content model and content model type
@@ -171,7 +182,7 @@ class HTMLPurifier_HTMLModule
* returned, and the callee needs to take the original $contents
* and use it directly.
*/
function parseContents($contents) {
public function parseContents($contents) {
if (!is_string($contents)) return array(null, null); // defer
switch ($contents) {
// check for shorthand content model forms
@@ -187,21 +198,21 @@ class HTMLPurifier_HTMLModule
$content_model = trim($content_model);
return array($content_model_type, $content_model);
}
/**
* Convenience function that merges a list of attribute includes into
* an attribute array.
* @param $attr Reference to attr array to modify
* @param $attr_includes Array of includes / string include to merge in
*/
function mergeInAttrIncludes(&$attr, $attr_includes) {
public function mergeInAttrIncludes(&$attr, $attr_includes) {
if (!is_array($attr_includes)) {
if (empty($attr_includes)) $attr_includes = array();
else $attr_includes = array($attr_includes);
}
$attr[0] = $attr_includes;
}
/**
* Convenience function that generates a lookup table with boolean
* true as value.
@@ -210,7 +221,7 @@ class HTMLPurifier_HTMLModule
* place of the regular argument
* @return Lookup array equivalent of list
*/
function makeLookup($list) {
public function makeLookup($list) {
if (is_string($list)) $list = func_get_args();
$ret = array();
foreach ($list as $value) {
@@ -219,14 +230,15 @@ class HTMLPurifier_HTMLModule
}
return $ret;
}
/**
* Lazy load construction of the module after determining whether
* or not it's needed, and also when a finalized configuration object
* is available.
* @param $config Instance of HTMLPurifier_Config
*/
function setup($config) {}
public function setup($config) {}
}
// vim: et sw=4 sts=4