Class: HTML_Safe

Source Location: /HTML_Safe-0.10.1/HTML/Safe.php

Class Overview

HTML_Safe Parser

Author(s):

Miguel Vazquez Gocobachi <demrit at mx.gnu.org>
Roman Ivanov <thingol at mail.ru>

Version:

Release: @package_version@

Copyright:

2004-2009 Roman Ivanov, Miguel Vazquez Gocobachi

Variables

Methods

Inherited Variables

Inherited Methods

Class Details

[line 57]
HTML_Safe Parser

This parser strips down all potentially dangerous content within HTML:

opening tag without its closing tag
closing tag without its opening tag
any of these tags: "base", "basefont", "head", "html", "body", "applet", "object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed", "bgsound", "link", "meta", "style", "title", "blink", "xml" etc.
any of these attributes: on*, data*, dynsrc
javascript:/vbscript:/about: etc. protocols
expression/behavior etc. in styles
any other active content

It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.

Example:

 $parser = new HTML_Safe;
 $result = $parser->parse($doc);

Author: Miguel Vazquez Gocobachi <demrit@mx.gnu.org>
Author: Roman Ivanov <thingol@mail.ru>
Version: Release: @package_version@
Copyright: 2004-2009 Roman Ivanov, Miguel Vazquez Gocobachi
Link: http://pear.php.net/package/HTML_Safe
License: BSD License (3 Clause)

[ Top ]

Class Variables

$allowTags = array()

[line 127]

Allowed tags

Access: protected

Type:

array

[ Top ]

$attributes = array('dynsrc', 'id', 'name', )

[line 255]

List of dangerous attributes

Access: public

Type:

array

[ Top ]

$attributesNS = array('xml:lang', )

[line 262]

List of allowed "namespaced" attributes

Access: public

Type:

array

[ Top ]

$blackProtocols = array(
        'about',   'chrome',     'data',       'disk',     'hcp',
        'help',    'javascript', 'livescript', 'lynxcgi',  'lynxexec',
        'ms-help', 'ms-its',     'mhtml',      'mocha',    'opera',
        'res',     'resource',   'shell',      'vbscript', 'view-source',
        'vnd.ms.radio',          'wysiwyg',
    )

[line 169]

List of "dangerous" protocols (used for blacklist-filtering)

Access: public

Type:

array

[ Top ]

$closeParagraph = array(
        'address', 'blockquote', 'center', 'dd',      'dir',       'div',
        'dl',      'dt',         'h1',     'h2',      'h3',        'h4',
        'h5',      'h6',         'hr',     'isindex', 'listing',   'marquee',
        'menu',    'multicol',   'ol',     'p',       'plaintext', 'pre',
        'table',   'ul',         'xmp',
    )

[line 225]

List of block-level tags that terminates paragraph

Paragraph will be closed when this tags opened

Access: public

Type:

array

[ Top ]

$counter = array()

[line 71]

Array of counters for each tag

Access: protected

Type:

array

[ Top ]

$cssKeywords = array(
        'absolute', 'behavior',       'behaviour',   'content', 'expression',
        'fixed',    'include-source', 'moz-binding',
    )

[line 205]

List of dangerous CSS keywords

Whole style="" attribute will be removed, if parser will find one of these keywords

Access: public

Type:

array

[ Top ]

$cssRegexps = array()

[line 120]

Array of prepared regular expressions for CSS matching

Access: protected

Type:

array

[ Top ]

$dcCounter = array()

[line 85]

Array of counters for tags that must be deleted with all content

Access: protected

Type:

array

[ Top ]

$dcStack = array()

[line 92]

Stack of unclosed tags that must be deleted with all content

Access: protected

Type:

array

[ Top ]

$deleteTags = array(
        'applet', 'base',   'basefont', 'bgsound', 'blink',  'body',
        'embed',  'frame',  'frameset', 'head',    'html',   'ilayer',
        'iframe', 'layer',  'link',     'meta',    'object', 'style',
        'title',  'script',
    )

[line 142]

List of dangerous tags (such tags will be deleted)

Access: public

Type:

array

[ Top ]

$deleteTagsContent = array('script', 'style', 'title', 'xml', )

[line 155]

List of dangerous tags (such tags will be deleted, and all content inside this tags will be also removed)

Access: public

Type:

array

[ Top ]

$liStack = array()

[line 106]

Stack of unclosed list tags

Access: protected

Type:

array

[ Top ]

$listScope = 0

[line 99]

Stores level of list (ol/ul) nesting

Access: protected

Type:

int

[ Top ]

$listTags = array('dir', 'menu', 'ol', 'ul', 'dl', )

[line 248]

List of list tags

Access: public

Type:

array

[ Top ]

$noClose = array()

[line 216]

List of tags that can have no "closing tag"

Deprecated: XHTML does not allow such tags
Access: public

Type:

array

[ Top ]

$protocolAttributes = array(
'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src',
)

[line 193]

List of attributes that can contain protocols

Access: public

Type:

array

[ Top ]

$protocolFiltering = 'white'

[line 162]

Type of protocols filtering ('white' or 'black')

Access: public

Type:

string

[ Top ]

$protoRegexps = array()

[line 113]

Array of prepared regular expressions for protocols (schemas) matching

Access: protected

Type:

array

[ Top ]

$singleTags = array('area', 'br', 'img', 'input', 'hr', 'wbr', )

[line 135]

List of single tags ("<tag />")

Access: public

Type:

array

[ Top ]

$stack = array()

[line 78]

Stack of unclosed tags

Access: protected

Type:

array

[ Top ]

$tableTags = array(
        'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th',
        'thead',   'tr',
    )

[line 238]

List of table tags, all table tags outside a table will be removed

Access: public

Type:

array

[ Top ]

$whiteProtocols = array(
        'ed2k',   'file', 'ftp',  'gopher', 'http',  'https',
        'irc',    'mailto', 'news', 'nntp', 'telnet', 'webcal',
        'xmpp',   'callto',
    )

[line 182]

List of "safe" protocols (used for whitelist-filtering)

Access: public

Type:

array

[ Top ]

$xhtml = ''

[line 64]

Storage for resulting HTML output

Access: protected

Type:

string

[ Top ]

Method Detail

__construct (Constructor) [line 269]

HTML_Safe __construct(
)

Constructs class

Access: public

[ Top ]

clear [line 623]

boolean clear(
)

Clears current document data

Access: public

[ Top ]

closeHandler [line 479]

boolean closeHandler(
object
&$parser, string
$name)

Closing tag handler - called from HTMLSax

Access: public

Parameters:

object	`&$parser`	—	HTML parser
string	`$name`	—	tag name

[ Top ]

closeTag [line 515]

boolean closeTag(
string
$tag)

Closes tag

Access: protected

Parameters:

string $tag — tag name

[ Top ]

dataHandler [line 542]

boolean dataHandler(
object
&$parser, string
$data)

Character data handler - called from HTMLSax

Access: public

Parameters:

object	`&$parser`	—	HTML parser
string	`$data`	—	textual data

[ Top ]

escapeHandler [line 559]

boolean escapeHandler(
object
&$parser, string
$data)

Escape handler - called from HTMLSax

Access: public

Parameters:

object	`&$parser`	—	HTML parser
string	`$data`	—	comments or other type of data

[ Top ]

getAllowTags [line 589]

array getAllowTags(
)

Returns the allowed tags

Access: public

[ Top ]

getXHTML [line 609]

string getXHTML(
)

Returns the XHTML document

Return: Processed (X)HTML document
Access: public

[ Top ]

openHandler [line 397]

boolean openHandler(
object
&$parser, string
$name, array
$attrs)

Opening tag handler - called from HTMLSax

Access: public

Parameters:

object	`&$parser`	—	HTML Parser
string	`$name`	—	tag name
array	`$attrs`	—	tag attributes

[ Top ]

parse [line 636]

string parse(
string
$doc)

Main parsing fuction

Return: Processed (X)HTML document
Access: public

Parameters:

string $doc — HTML document for processing

[ Top ]

resetAllowTags [line 599]

void resetAllowTags(
)

Reset the allowed tags

Access: public

[ Top ]

setAllowTags [line 577]

void setAllowTags(
[array
$tags = array()])

Allow tags

Example:

 $safe = new HTML_Safe;
 $safe->setAllowTags(array('body'));

Access: public

Parameters:

array $tags — Tags to allow

[ Top ]

writeAttrs [line 294]

boolean writeAttrs(
array
$attrs)

Handles the writing of attributes - called from $this->openHandler()

Access: protected

Parameters:

array $attrs — array of attributes $name => $value

[ Top ]

Class: HTML_Safe

Class Overview

Author(s):

Version:

Copyright:

Variables

Methods

Inherited Variables

Inherited Methods

Class Details

Class Variables

$allowTags = array()

$attributes = array('dynsrc', 'id', 'name', )

$attributesNS = array('xml:lang', )

$blackProtocols = array( 'about', 'chrome', 'data', 'disk', 'hcp', 'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec', 'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera', 'res', 'resource', 'shell', 'vbscript', 'view-source', 'vnd.ms.radio', 'wysiwyg', )

$closeParagraph = array( 'address', 'blockquote', 'center', 'dd', 'dir', 'div', 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee', 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre', 'table', 'ul', 'xmp', )

$counter = array()

$cssKeywords = array( 'absolute', 'behavior', 'behaviour', 'content', 'expression', 'fixed', 'include-source', 'moz-binding', )

$cssRegexps = array()

$dcCounter = array()

$dcStack = array()

$deleteTags = array( 'applet', 'base', 'basefont', 'bgsound', 'blink', 'body', 'embed', 'frame', 'frameset', 'head', 'html', 'ilayer', 'iframe', 'layer', 'link', 'meta', 'object', 'style', 'title', 'script', )

$deleteTagsContent = array('script', 'style', 'title', 'xml', )

$liStack = array()

$listScope = 0

$listTags = array('dir', 'menu', 'ol', 'ul', 'dl', )

$noClose = array()

$protocolAttributes = array( 'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src', )

$protocolFiltering = 'white'

$protoRegexps = array()

$singleTags = array('area', 'br', 'img', 'input', 'hr', 'wbr', )

$stack = array()

$tableTags = array( 'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', )

$whiteProtocols = array( 'ed2k', 'file', 'ftp', 'gopher', 'http', 'https', 'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal', 'xmpp', 'callto', )

$xhtml = ''

Method Detail

__construct (Constructor) [line 269]

clear [line 623]

closeHandler [line 479]

Parameters:

closeTag [line 515]

Parameters:

dataHandler [line 542]

Parameters:

escapeHandler [line 559]

Parameters:

getAllowTags [line 589]

getXHTML [line 609]

openHandler [line 397]

Parameters:

parse [line 636]

Parameters:

resetAllowTags [line 599]

setAllowTags [line 577]

Parameters:

writeAttrs [line 294]

Parameters:

$blackProtocols = array(
'about', 'chrome', 'data', 'disk', 'hcp',
'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec',
'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera',
'res', 'resource', 'shell', 'vbscript', 'view-source',
'vnd.ms.radio', 'wysiwyg',
)

$closeParagraph = array(
'address', 'blockquote', 'center', 'dd', 'dir', 'div',
'dl', 'dt', 'h1', 'h2', 'h3', 'h4',
'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee',
'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre',
'table', 'ul', 'xmp',
)

$cssKeywords = array(
'absolute', 'behavior', 'behaviour', 'content', 'expression',
'fixed', 'include-source', 'moz-binding',
)

$deleteTags = array(
'applet', 'base', 'basefont', 'bgsound', 'blink', 'body',
'embed', 'frame', 'frameset', 'head', 'html', 'ilayer',
'iframe', 'layer', 'link', 'meta', 'object', 'style',
'title', 'script',
)

$protocolAttributes = array(
'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src',
)

$tableTags = array(
'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th',
'thead', 'tr',
)

$whiteProtocols = array(
'ed2k', 'file', 'ftp', 'gopher', 'http', 'https',
'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal',
'xmpp', 'callto',
)