4 * Implements safety checks for safe iframes.
6 * @warning This filter is *critical* for ensuring that %HTML.SafeIframe
9 class HTMLPurifier_URIFilter_SafeIframe
extends HTMLPurifier_URIFilter
14 public $name = 'SafeIframe';
19 public $always_load = true;
24 protected $regexp = null;
26 // XXX: The not so good bit about how this is all set up now is we
27 // can't check HTML.SafeIframe in the 'prepare' step: we have to
28 // defer till the actual filtering.
30 * @param HTMLPurifier_Config $config
33 public function prepare($config)
35 $this->regexp
= $config->get('URI.SafeIframeRegexp');
40 * @param HTMLPurifier_URI $uri
41 * @param HTMLPurifier_Config $config
42 * @param HTMLPurifier_Context $context
45 public function filter(&$uri, $config, $context)
47 // check if filter not applicable
48 if (!$config->get('HTML.SafeIframe')) {
51 // check if the filter should actually trigger
52 if (!$context->get('EmbeddedURI', true)) {
55 $token = $context->get('CurrentToken', true);
56 if (!($token && $token->name
== 'iframe')) {
59 // check if we actually have some whitelists enabled
60 if ($this->regexp
=== null) {
63 // actually check the whitelists
64 return preg_match($this->regexp
, $uri->toString());