]> git.immae.eu Git - github/wallabag/wallabag.git/blame - inc/3rdparty/htmlpurifier/HTMLPurifier/URIFilter/SafeIframe.php
remove autoload section in composer.json
[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / URIFilter / SafeIframe.php
CommitLineData
d4949327
NL
1<?php\r
2\r
3/**\r
4 * Implements safety checks for safe iframes.\r
5 *\r
6 * @warning This filter is *critical* for ensuring that %HTML.SafeIframe\r
7 * works safely.\r
8 */\r
9class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter\r
10{\r
11 /**\r
12 * @type string\r
13 */\r
14 public $name = 'SafeIframe';\r
15\r
16 /**\r
17 * @type bool\r
18 */\r
19 public $always_load = true;\r
20\r
21 /**\r
22 * @type string\r
23 */\r
24 protected $regexp = null;\r
25\r
26 // XXX: The not so good bit about how this is all set up now is we\r
27 // can't check HTML.SafeIframe in the 'prepare' step: we have to\r
28 // defer till the actual filtering.\r
29 /**\r
30 * @param HTMLPurifier_Config $config\r
31 * @return bool\r
32 */\r
33 public function prepare($config)\r
34 {\r
35 $this->regexp = $config->get('URI.SafeIframeRegexp');\r
36 return true;\r
37 }\r
38\r
39 /**\r
40 * @param HTMLPurifier_URI $uri\r
41 * @param HTMLPurifier_Config $config\r
42 * @param HTMLPurifier_Context $context\r
43 * @return bool\r
44 */\r
45 public function filter(&$uri, $config, $context)\r
46 {\r
47 // check if filter not applicable\r
48 if (!$config->get('HTML.SafeIframe')) {\r
49 return true;\r
50 }\r
51 // check if the filter should actually trigger\r
52 if (!$context->get('EmbeddedURI', true)) {\r
53 return true;\r
54 }\r
55 $token = $context->get('CurrentToken', true);\r
56 if (!($token && $token->name == 'iframe')) {\r
57 return true;\r
58 }\r
59 // check if we actually have some whitelists enabled\r
60 if ($this->regexp === null) {\r
61 return false;\r
62 }\r
63 // actually check the whitelists\r
64 return preg_match($this->regexp, $uri->toString());\r
65 }\r
66}\r
67\r
68// vim: et sw=4 sts=4\r