diff options
Diffstat (limited to 'framework/Web/UI/WebControls/TSafeHtml.php')
-rw-r--r-- | framework/Web/UI/WebControls/TSafeHtml.php | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/framework/Web/UI/WebControls/TSafeHtml.php b/framework/Web/UI/WebControls/TSafeHtml.php new file mode 100644 index 00000000..b9f1156c --- /dev/null +++ b/framework/Web/UI/WebControls/TSafeHtml.php @@ -0,0 +1,42 @@ +<?php
+
+Prado::using('System.3rdParty.SafeHtml.TSafeHtmlParser');
+Prado::using('System.IO.TTextWriter');
+
+/**
+ * ${classname}
+ *
+ * ${description}
+ *
+ * @author Wei Zhuo<weizhuo[at]gmail[dot]com>
+ * @version $Revision: 1.66 $ $Date: ${DATE} ${TIME} $
+ * @package ${package}
+ */
+class TSafeHtml extends TControl
+{
+ /**
+ * Renders body content.
+ * This method overrides parent implementation by removing
+ * malicious javascript code from the body content
+ * @param THtmlWriter writer
+ */
+ protected function renderContents($writer)
+ {
+ $textWriter=new TTextWriter;
+ parent::renderContents(new THtmlWriter($textWriter));
+ $writer->write($this->parseSafeHtml($textWriter->flush()));
+ }
+
+ /**
+ * Use SafeHTML to remove malicous javascript from the HTML content.
+ * @param string HTML content
+ * @return string safer HTML content
+ */
+ protected function parseSafeHtml($text)
+ {
+ $renderer = new TSafeHtmlParser();
+ return $renderer->parse($content);
+ }
+}
+
+?>
\ No newline at end of file |