]>
Commit | Line | Data |
---|---|---|
d4949327 NL |
1 | <?php\r |
2 | \r | |
3 | /**\r | |
4 | * Implements safety checks for safe iframes.\r | |
5 | *\r | |
6 | * @warning This filter is *critical* for ensuring that %HTML.SafeIframe\r | |
7 | * works safely.\r | |
8 | */\r | |
9 | class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter\r | |
10 | {\r | |
11 | /**\r | |
12 | * @type string\r | |
13 | */\r | |
14 | public $name = 'SafeIframe';\r | |
15 | \r | |
16 | /**\r | |
17 | * @type bool\r | |
18 | */\r | |
19 | public $always_load = true;\r | |
20 | \r | |
21 | /**\r | |
22 | * @type string\r | |
23 | */\r | |
24 | protected $regexp = null;\r | |
25 | \r | |
26 | // XXX: The not so good bit about how this is all set up now is we\r | |
27 | // can't check HTML.SafeIframe in the 'prepare' step: we have to\r | |
28 | // defer till the actual filtering.\r | |
29 | /**\r | |
30 | * @param HTMLPurifier_Config $config\r | |
31 | * @return bool\r | |
32 | */\r | |
33 | public function prepare($config)\r | |
34 | {\r | |
35 | $this->regexp = $config->get('URI.SafeIframeRegexp');\r | |
36 | return true;\r | |
37 | }\r | |
38 | \r | |
39 | /**\r | |
40 | * @param HTMLPurifier_URI $uri\r | |
41 | * @param HTMLPurifier_Config $config\r | |
42 | * @param HTMLPurifier_Context $context\r | |
43 | * @return bool\r | |
44 | */\r | |
45 | public function filter(&$uri, $config, $context)\r | |
46 | {\r | |
47 | // check if filter not applicable\r | |
48 | if (!$config->get('HTML.SafeIframe')) {\r | |
49 | return true;\r | |
50 | }\r | |
51 | // check if the filter should actually trigger\r | |
52 | if (!$context->get('EmbeddedURI', true)) {\r | |
53 | return true;\r | |
54 | }\r | |
55 | $token = $context->get('CurrentToken', true);\r | |
56 | if (!($token && $token->name == 'iframe')) {\r | |
57 | return true;\r | |
58 | }\r | |
59 | // check if we actually have some whitelists enabled\r | |
60 | if ($this->regexp === null) {\r | |
61 | return false;\r | |
62 | }\r | |
63 | // actually check the whitelists\r | |
64 | return preg_match($this->regexp, $uri->toString());\r | |
65 | }\r | |
66 | }\r | |
67 | \r | |
68 | // vim: et sw=4 sts=4\r |