Class: HTML_Safe

[line 58]
HTML_Safe Parser

This parser strips down all potentially dangerous content within HTML:

• opening tag without its closing tag
• closing tag without its opening tag
• any of these tags: "base", "basefont", "head", "html", "body", "applet", "object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed", "bgsound", "link", "meta", "style", "title", "blink", "xml" etc.
• any of these attributes: on*, data*, dynsrc
• javascript:/vbscript:/about: etc. protocols
• expression/behavior etc. in styles
• any other active content

It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.

Example:

 $parser =& new HTML_Safe();
 $result = $parser->parse($doc);
 

$attributes = array('dynsrc', 'id', 'name', )

[line 270]

List of dangerous attributes

$blackProtocols = array(
        'about',   'chrome',     'data',       'disk',     'hcp',     
        'help',    'javascript', 'livescript', 'lynxcgi',  'lynxexec', 
        'ms-help', 'ms-its',     'mhtml',      'mocha',    'opera',   
        'res',     'resource',   'shell',      'vbscript', 'view-source', 
        'vnd.ms.radio',          'wysiwyg', 
        )

[line 176]

List of "dangerous" protocols (used for blacklist-filtering)

$closeParagraph = array(
        'address', 'blockquote', 'center', 'dd',      'dir',       'div', 
        'dl',      'dt',         'h1',     'h2',      'h3',        'h4', 
        'h5',      'h6',         'hr',     'isindex', 'listing',   'marquee', 
        'menu',    'multicol',   'ol',     'p',       'plaintext', 'pre', 
        'table',   'ul',         'xmp', 
        )

[line 237]

List of block-level tags that terminates paragraph

Paragraph will be closed when this tags opened

$cssKeywords = array(
        'absolute', 'behavior',       'behaviour',   'content', 'expression', 
        'fixed',    'include-source', 'moz-binding',
        )

[line 215]

List of dangerous CSS keywords

Whole style="" attribute will be removed, if parser will find one of these keywords

$deleteTags = array(
        'applet', 'base',   'basefont', 'bgsound', 'blink',  'body', 
        'embed',  'frame',  'frameset', 'head',    'html',   'ilayer', 
        'iframe', 'layer',  'link',     'meta',    'object', 'style', 
        'title',  'script', 
        )

[line 146]

List of dangerous tags (such tags will be deleted)

$deleteTagsContent = array('script', 'style', 'title', 'xml', )

[line 160]

List of dangerous tags (such tags will be deleted, and all content inside this tags will be also removed)

$listTags = array('dir', 'menu', 'ol', 'ul', )

[line 262]

List of list tags

$noClose = array()

[line 227]

List of tags that can have no "closing tag"

$protocolAttributes = array(
        'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src', 
        )

[line 202]

List of attributes that can contain protocols

$protocolFiltering =  'white'

[line 168]

Type of protocols filtering ('white' or 'black')

$singleTags = array('area', 'br', 'img', 'input', 'hr', 'wbr', )

[line 138]

List of single tags ("<tag />")

$tableTags = array(
        'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', 
        'thead',   'tr', 
        )

[line 251]

List of table tags, all table tags outside a table will be removed

$whiteProtocols = array(
        'ed2k',   'file', 'ftp',  'gopher', 'http',  'https', 
        'irc',    'mailto', 'news', 'nntp', 'telnet', 'webcal', 
        'xmpp', 
        )

[line 190]

List of "safe" protocols (used for whitelist-filtering)

HTML_Safe (Constructor)   [line 277]

---

clear   [line 567]

---

getXHTML   [line 552]

---

parse   [line 580]

---