Namespaces

Classes

Interfaces

Exceptions

Functions

1: <?php
2:
3: /**
4: * Implements safety checks for safe iframes.
5: *
6: * @warning This filter is *critical* for ensuring that %HTML.SafeIframe
7: * works safely.
8: */
9: class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter
10: {
11: /**
12: * @type string
13: */
14: public $name = 'SafeIframe';
15:
16: /**
17: * @type bool
18: */
19: public $always_load = true;
20:
21: /**
22: * @type string
23: */
24: protected $regexp = null;
25:
26: // XXX: The not so good bit about how this is all set up now is we
27: // can't check HTML.SafeIframe in the 'prepare' step: we have to
28: // defer till the actual filtering.
29: /**
30: * @param HTMLPurifier_Config $config
31: * @return bool
32: */
33: public function prepare($config)
34: {
35: $this->regexp = $config->get('URI.SafeIframeRegexp');
36: return true;
37: }
38:
39: /**
40: * @param HTMLPurifier_URI $uri
41: * @param HTMLPurifier_Config $config
42: * @param HTMLPurifier_Context $context
43: * @return bool
44: */
45: public function filter(&$uri, $config, $context)
46: {
47: // check if filter not applicable
48: if (!$config->get('HTML.SafeIframe')) {
49: return true;
50: }
51: // check if the filter should actually trigger
52: if (!$context->get('EmbeddedURI', true)) {
53: return true;
54: }
55: $token = $context->get('CurrentToken', true);
56: if (!($token && $token->name == 'iframe')) {
57: return true;
58: }
59: // check if we actually have some whitelists enabled
60: if ($this->regexp === null) {
61: return false;
62: }
63: // actually check the whitelists
64: return preg_match($this->regexp, $uri->toString());
65: }
66: }
67:
68: // vim: et sw=4 sts=4
69:
API documentation generated by ApiGen v7.0.0-alpha.6