--- /dev/null
+<?php\r
+\r
+/*! @mainpage\r
+ *\r
+ * HTML Purifier is an HTML filter that will take an arbitrary snippet of\r
+ * HTML and rigorously test, validate and filter it into a version that\r
+ * is safe for output onto webpages. It achieves this by:\r
+ *\r
+ * -# Lexing (parsing into tokens) the document,\r
+ * -# Executing various strategies on the tokens:\r
+ * -# Removing all elements not in the whitelist,\r
+ * -# Making the tokens well-formed,\r
+ * -# Fixing the nesting of the nodes, and\r
+ * -# Validating attributes of the nodes; and\r
+ * -# Generating HTML from the purified tokens.\r
+ *\r
+ * However, most users will only need to interface with the HTMLPurifier\r
+ * and HTMLPurifier_Config.\r
+ */\r
+\r
+/*\r
+ HTML Purifier 4.6.0 - Standards Compliant HTML Filtering\r
+ Copyright (C) 2006-2008 Edward Z. Yang\r
+\r
+ This library is free software; you can redistribute it and/or\r
+ modify it under the terms of the GNU Lesser General Public\r
+ License as published by the Free Software Foundation; either\r
+ version 2.1 of the License, or (at your option) any later version.\r
+\r
+ This library is distributed in the hope that it will be useful,\r
+ but WITHOUT ANY WARRANTY; without even the implied warranty of\r
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\r
+ Lesser General Public License for more details.\r
+\r
+ You should have received a copy of the GNU Lesser General Public\r
+ License along with this library; if not, write to the Free Software\r
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\r
+ */\r
+\r
+/**\r
+ * Facade that coordinates HTML Purifier's subsystems in order to purify HTML.\r
+ *\r
+ * @note There are several points in which configuration can be specified\r
+ * for HTML Purifier. The precedence of these (from lowest to\r
+ * highest) is as follows:\r
+ * -# Instance: new HTMLPurifier($config)\r
+ * -# Invocation: purify($html, $config)\r
+ * These configurations are entirely independent of each other and\r
+ * are *not* merged (this behavior may change in the future).\r
+ *\r
+ * @todo We need an easier way to inject strategies using the configuration\r
+ * object.\r
+ */\r
+class HTMLPurifier\r
+{\r
+\r
+ /**\r
+ * Version of HTML Purifier.\r
+ * @type string\r
+ */\r
+ public $version = '4.6.0';\r
+\r
+ /**\r
+ * Constant with version of HTML Purifier.\r
+ */\r
+ const VERSION = '4.6.0';\r
+\r
+ /**\r
+ * Global configuration object.\r
+ * @type HTMLPurifier_Config\r
+ */\r
+ public $config;\r
+\r
+ /**\r
+ * Array of extra filter objects to run on HTML,\r
+ * for backwards compatibility.\r
+ * @type HTMLPurifier_Filter[]\r
+ */\r
+ private $filters = array();\r
+\r
+ /**\r
+ * Single instance of HTML Purifier.\r
+ * @type HTMLPurifier\r
+ */\r
+ private static $instance;\r
+\r
+ /**\r
+ * @type HTMLPurifier_Strategy_Core\r
+ */\r
+ protected $strategy;\r
+\r
+ /**\r
+ * @type HTMLPurifier_Generator\r
+ */\r
+ protected $generator;\r
+\r
+ /**\r
+ * Resultant context of last run purification.\r
+ * Is an array of contexts if the last called method was purifyArray().\r
+ * @type HTMLPurifier_Context\r
+ */\r
+ public $context;\r
+\r
+ /**\r
+ * Initializes the purifier.\r
+ *\r
+ * @param HTMLPurifier_Config $config Optional HTMLPurifier_Config object\r
+ * for all instances of the purifier, if omitted, a default\r
+ * configuration is supplied (which can be overridden on a\r
+ * per-use basis).\r
+ * The parameter can also be any type that\r
+ * HTMLPurifier_Config::create() supports.\r
+ */\r
+ public function __construct($config = null)\r
+ {\r
+ $this->config = HTMLPurifier_Config::create($config);\r
+ $this->strategy = new HTMLPurifier_Strategy_Core();\r
+ }\r
+\r
+ /**\r
+ * Adds a filter to process the output. First come first serve\r
+ *\r
+ * @param HTMLPurifier_Filter $filter HTMLPurifier_Filter object\r
+ */\r
+ public function addFilter($filter)\r
+ {\r
+ trigger_error(\r
+ 'HTMLPurifier->addFilter() is deprecated, use configuration directives' .\r
+ ' in the Filter namespace or Filter.Custom',\r
+ E_USER_WARNING\r
+ );\r
+ $this->filters[] = $filter;\r
+ }\r
+\r
+ /**\r
+ * Filters an HTML snippet/document to be XSS-free and standards-compliant.\r
+ *\r
+ * @param string $html String of HTML to purify\r
+ * @param HTMLPurifier_Config $config Config object for this operation,\r
+ * if omitted, defaults to the config object specified during this\r
+ * object's construction. The parameter can also be any type\r
+ * that HTMLPurifier_Config::create() supports.\r
+ *\r
+ * @return string Purified HTML\r
+ */\r
+ public function purify($html, $config = null)\r
+ {\r
+ // :TODO: make the config merge in, instead of replace\r
+ $config = $config ? HTMLPurifier_Config::create($config) : $this->config;\r
+\r
+ // implementation is partially environment dependant, partially\r
+ // configuration dependant\r
+ $lexer = HTMLPurifier_Lexer::create($config);\r
+\r
+ $context = new HTMLPurifier_Context();\r
+\r
+ // setup HTML generator\r
+ $this->generator = new HTMLPurifier_Generator($config, $context);\r
+ $context->register('Generator', $this->generator);\r
+\r
+ // set up global context variables\r
+ if ($config->get('Core.CollectErrors')) {\r
+ // may get moved out if other facilities use it\r
+ $language_factory = HTMLPurifier_LanguageFactory::instance();\r
+ $language = $language_factory->create($config, $context);\r
+ $context->register('Locale', $language);\r
+\r
+ $error_collector = new HTMLPurifier_ErrorCollector($context);\r
+ $context->register('ErrorCollector', $error_collector);\r
+ }\r
+\r
+ // setup id_accumulator context, necessary due to the fact that\r
+ // AttrValidator can be called from many places\r
+ $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);\r
+ $context->register('IDAccumulator', $id_accumulator);\r
+\r
+ $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);\r
+\r
+ // setup filters\r
+ $filter_flags = $config->getBatch('Filter');\r
+ $custom_filters = $filter_flags['Custom'];\r
+ unset($filter_flags['Custom']);\r
+ $filters = array();\r
+ foreach ($filter_flags as $filter => $flag) {\r
+ if (!$flag) {\r
+ continue;\r
+ }\r
+ if (strpos($filter, '.') !== false) {\r
+ continue;\r
+ }\r
+ $class = "HTMLPurifier_Filter_$filter";\r
+ $filters[] = new $class;\r
+ }\r
+ foreach ($custom_filters as $filter) {\r
+ // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat\r
+ $filters[] = $filter;\r
+ }\r
+ $filters = array_merge($filters, $this->filters);\r
+ // maybe prepare(), but later\r
+\r
+ for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {\r
+ $html = $filters[$i]->preFilter($html, $config, $context);\r
+ }\r
+\r
+ // purified HTML\r
+ $html =\r
+ $this->generator->generateFromTokens(\r
+ // list of tokens\r
+ $this->strategy->execute(\r
+ // list of un-purified tokens\r
+ $lexer->tokenizeHTML(\r
+ // un-purified HTML\r
+ $html,\r
+ $config,\r
+ $context\r
+ ),\r
+ $config,\r
+ $context\r
+ )\r
+ );\r
+\r
+ for ($i = $filter_size - 1; $i >= 0; $i--) {\r
+ $html = $filters[$i]->postFilter($html, $config, $context);\r
+ }\r
+\r
+ $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);\r
+ $this->context =& $context;\r
+ return $html;\r
+ }\r
+\r
+ /**\r
+ * Filters an array of HTML snippets\r
+ *\r
+ * @param string[] $array_of_html Array of html snippets\r
+ * @param HTMLPurifier_Config $config Optional config object for this operation.\r
+ * See HTMLPurifier::purify() for more details.\r
+ *\r
+ * @return string[] Array of purified HTML\r
+ */\r
+ public function purifyArray($array_of_html, $config = null)\r
+ {\r
+ $context_array = array();\r
+ foreach ($array_of_html as $key => $html) {\r
+ $array_of_html[$key] = $this->purify($html, $config);\r
+ $context_array[$key] = $this->context;\r
+ }\r
+ $this->context = $context_array;\r
+ return $array_of_html;\r
+ }\r
+\r
+ /**\r
+ * Singleton for enforcing just one HTML Purifier in your system\r
+ *\r
+ * @param HTMLPurifier|HTMLPurifier_Config $prototype Optional prototype\r
+ * HTMLPurifier instance to overload singleton with,\r
+ * or HTMLPurifier_Config instance to configure the\r
+ * generated version with.\r
+ *\r
+ * @return HTMLPurifier\r
+ */\r
+ public static function instance($prototype = null)\r
+ {\r
+ if (!self::$instance || $prototype) {\r
+ if ($prototype instanceof HTMLPurifier) {\r
+ self::$instance = $prototype;\r
+ } elseif ($prototype) {\r
+ self::$instance = new HTMLPurifier($prototype);\r
+ } else {\r
+ self::$instance = new HTMLPurifier();\r
+ }\r
+ }\r
+ return self::$instance;\r
+ }\r
+\r
+ /**\r
+ * Singleton for enforcing just one HTML Purifier in your system\r
+ *\r
+ * @param HTMLPurifier|HTMLPurifier_Config $prototype Optional prototype\r
+ * HTMLPurifier instance to overload singleton with,\r
+ * or HTMLPurifier_Config instance to configure the\r
+ * generated version with.\r
+ *\r
+ * @return HTMLPurifier\r
+ * @note Backwards compatibility, see instance()\r
+ */\r
+ public static function getInstance($prototype = null)\r
+ {\r
+ return HTMLPurifier::instance($prototype);\r
+ }\r
+}\r
+\r
+// vim: et sw=4 sts=4\r