include/clean.php

Show: inherited
Table of Contents

\HTMLPurifier_Filter_Xmp
jump to top

Package:

Represents a pre or post processing filter on HTML Purifier's output

Sometimes, a little ad-hoc fixing of HTML has to be done before it gets sent through HTML Purifier: you can use filters to acheive this effect. For instance, YouTube videos can be preserved using this manner. You could have used a decorator for this task, but PHP's support for them is not terribly robust, so we're going to just loop through the filters.

Filters should be exited first in, last out. If there are three filters, named 1, 2 and 3, the order of execution should go 1->preFilter, 2->preFilter, 3->preFilter, purify, 3->postFilter, 2->postFilter, 1->postFilter.

Parent(s)
\HTMLPurifier_Filter

Properties

Propertypublic  $name= ''Xmp''

Name of the filter for identification purposes

Default value'Xmp'Details
Type
n/a

Methods

methodpublicpostFilter(  $html,  $config,  $context ) : void
inherited

Post-processor function, handles HTML after HTML Purifier

Inherited from: \HTMLPurifier_Filter::postFilter()
Parameters
Name Type Description
$html
$config
$context
methodpublicpreFilter(  $html,  $config,  $context ) : void

Pre-processor function, handles HTML before HTML Purifier

Parameters
Name Type Description
$html
$config
$context

\HTMLPurifier_URIScheme_cid
jump to top

Package: SugarCRM

cid: scheme implementation

Parent(s)
\HTMLPurifier_URIScheme

Properties

Propertypublic  $browsable= 'true'

Whether or not URIs of this schem are locatable by a browser http and ftp are accessible, while mailto and news are not.

Default valuetrueDetails
Type
n/a
Propertypublic  $default_port= 'null'
inherited

Scheme's default port (integer). If an explicit port number is specified that coincides with the default port, it will be elided.

Inherited from: \HTMLPurifier_URIScheme::$$default_port
Default valuenullDetails
Type
n/a
Inherited_from
\HTMLPurifier_URIScheme::$$default_port  
Propertypublic  $hierarchical= 'false'
inherited

Whether or not the URI always uses <hier_part>, resolves edge cases with making relative URIs absolute

Inherited from: \HTMLPurifier_URIScheme::$$hierarchical
Default valuefalseDetails
Type
n/a
Inherited_from
\HTMLPurifier_URIScheme::$$hierarchical  
Propertypublic  $may_omit_host= 'true'

Whether or not the URI may omit a hostname when the scheme is explicitly specified, ala file:///path/to/file. As of writing, 'file' is the only scheme that browsers support his properly.

Default valuetrueDetails
Type
n/a

Methods

methodpublicdoValidate( \$uri $uri, \$config $config, \$context $context ) : Bool

Validates the components of a URI for a specific scheme.

Parameters
Name Type Description
$uri \$uri

Reference to a HTMLPurifier_URI object
$config \$config

HTMLPurifier_Config object
$context \$context

HTMLPurifier_Context object
Returns
Type Description
Bool success or failure
methodpublicvalidate( \$uri $uri, \$config $config, \$context $context ) : Bool
inherited

Public interface for validating components of a URI. Performs a bunch of default actions. Don't overload this method.

Inherited from: \HTMLPurifier_URIScheme::validate()
Parameters
Name Type Description
$uri \$uri

Reference to a HTMLPurifier_URI object
$config \$config

HTMLPurifier_Config object
$context \$context

HTMLPurifier_Context object
Returns
Type Description
Bool success or failure

\SugarCleaner
jump to top

Package:

Properties

Propertypublic\SugarCleaner  $instance= ''
static

Singleton instance

Details
Type
\SugarCleaner
Propertyprotected\HTMLPurifier  $purifier= ''

HTMLPurifier instance

Details
Type
\HTMLPurifier

Methods

methodpublic__construct( ) : void

methodpubliccleanHtml( string $html, bool $encoded = false ) : string
static

Clean string from potential XSS problems

Parameters
Name Type Description
$html string
$encoded bool

Was it entity-encoded?
Returns
Type Description
string
methodpublicgetInstance( ) : \SugarCleaner
static

Get cleaner instance

Returns
Type Description
\SugarCleaner
methodpublicstripTags(  $string,  $encoded = true ) : void
static

Parameters
Name Type Description
$string
$encoded

\SugarURIFilter
jump to top

Package: SugarCRM

URI filter for HTMLPurifier Approves only resource URIs that are in the list of trusted domains Until we have comprehensive CSRF protection, we need to sanitize URLs in emails, etc.

to avoid CSRF attacks.

Parent(s)
\HTMLPurifier_URIFilter

Properties

Propertyprotected  $allowed= 'array()'
Default valuearray()Details
Type
n/a
Propertypublic  $name= ''SugarURIFilter''

Unique identifier of filter

Default value'SugarURIFilter'Details
Type
n/a
Propertypublic  $post= 'false'
inherited

True if this filter should be run after scheme validation.

Inherited from: \HTMLPurifier_URIFilter::$$post
Default valuefalseDetails
Type
n/a
Inherited_from
\HTMLPurifier_URIFilter::$$post  

Methods

methodpublicfilter( \$uri $uri, \$config $config, \$context $context ) : bool

Filter a URI object

Parameters
Name Type Description
$uri \$uri

Reference to URI object variable
$config \$config

Instance of HTMLPurifier_Config
$context \$context

Instance of HTMLPurifier_Context
Returns
Type Description
bool Whether or not to continue processing: false indicates URL is no good, true indicates continue processing. Note that all changes are committed directly on the URI object
methodpublicprepare(  $config ) : void

Performs initialization for the filter

Parameters
Name Type Description
$config
Documentation was generated by DocBlox 0.18.1.