From 903ae8a581fac1e6917fc3e31d2ad8fb91df80c3 Mon Sep 17 00:00:00 2001 From: ctrlaltca <> Date: Thu, 12 Jul 2012 11:21:01 +0000 Subject: standardize the use of unix eol; use svn properties to enforce native eol --- framework/Web/UI/WebControls/TSafeHtml.php | 170 ++++++++++++++--------------- 1 file changed, 85 insertions(+), 85 deletions(-) (limited to 'framework/Web/UI/WebControls/TSafeHtml.php') diff --git a/framework/Web/UI/WebControls/TSafeHtml.php b/framework/Web/UI/WebControls/TSafeHtml.php index e88277d4..1cd0a597 100644 --- a/framework/Web/UI/WebControls/TSafeHtml.php +++ b/framework/Web/UI/WebControls/TSafeHtml.php @@ -1,85 +1,85 @@ - - * @link http://www.pradosoft.com/ - * @copyright Copyright © 2005-2012 PradoSoft - * @license http://www.pradosoft.com/license/ - * @version $Id$ - * @package System.Web.UI.WebControls - */ - -/** - * TSafeHtml class - * - * TSafeHtml is a control that strips down all potentially dangerous - * HTML content. It is mainly a wrapper of {@link http://pear.php.net/package/SafeHTML SafeHTML} - * project. According to the SafeHTML project, it tries to safeguard - * the following situations when the string is to be displayed to end-users, - * - Opening tag without its closing tag - * - closing tag without its opening tag - * - any of these tags: base, basefont, head, html, body, applet, object, - * iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link, - * meta, style, title, blink, xml, etc. - * - any of these attributes: on*, data*, dynsrc - * - javascript:/vbscript:/about: etc. protocols - * - expression/behavior etc. in styles - * - any other active content. - * - * To use TSafeHtml, simply enclose the content to be secured within - * the body of TSafeHtml in a template. - * - * If the content is encoded in UTF-7, you'll need to enable the {@link setRepackUTF7 RepackUTF7} property - * to ensure the contents gets parsed correctly. - * - * @author Wei Zhuo - * @version $Id$ - * @package System.Web.UI.WebControls - * @since 3.0 - */ -class TSafeHtml extends TControl -{ - /** - * Sets whether to parse the contents as UTF-7. This property enables a routine - * that repacks the content as UTF-7 before parsing it. Defaults to false. - * @param boolean whether to parse the contents as UTF-7 - */ - public function setRepackUTF7($value) - { - $this->setViewState('RepackUTF7',TPropertyValue::ensureBoolean($value),false); - } - - /** - * @return boolean whether to parse the contents as UTF-7. Defaults to false. - */ - public function getRepackUTF7() - { - return $this->getViewState('RepackUTF7',false); - } - - /** - * Renders body content. - * This method overrides parent implementation by removing - * malicious javascript code from the body content - * @param THtmlWriter writer - */ - public function render($writer) - { - $htmlWriter = Prado::createComponent($this->GetResponse()->getHtmlWriterType(), new TTextWriter()); - parent::render($htmlWriter); - $writer->write($this->parseSafeHtml($htmlWriter->flush())); - } - - /** - * Use SafeHTML to remove malicous javascript from the HTML content. - * @param string HTML content - * @return string safer HTML content - */ - protected function parseSafeHtml($text) - { - $renderer = Prado::createComponent('System.3rdParty.SafeHtml.TSafeHtmlParser'); - return $renderer->parse($text, $this->getRepackUTF7()); - } -} - + + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2012 PradoSoft + * @license http://www.pradosoft.com/license/ + * @version $Id$ + * @package System.Web.UI.WebControls + */ + +/** + * TSafeHtml class + * + * TSafeHtml is a control that strips down all potentially dangerous + * HTML content. It is mainly a wrapper of {@link http://pear.php.net/package/SafeHTML SafeHTML} + * project. According to the SafeHTML project, it tries to safeguard + * the following situations when the string is to be displayed to end-users, + * - Opening tag without its closing tag + * - closing tag without its opening tag + * - any of these tags: base, basefont, head, html, body, applet, object, + * iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link, + * meta, style, title, blink, xml, etc. + * - any of these attributes: on*, data*, dynsrc + * - javascript:/vbscript:/about: etc. protocols + * - expression/behavior etc. in styles + * - any other active content. + * + * To use TSafeHtml, simply enclose the content to be secured within + * the body of TSafeHtml in a template. + * + * If the content is encoded in UTF-7, you'll need to enable the {@link setRepackUTF7 RepackUTF7} property + * to ensure the contents gets parsed correctly. + * + * @author Wei Zhuo + * @version $Id$ + * @package System.Web.UI.WebControls + * @since 3.0 + */ +class TSafeHtml extends TControl +{ + /** + * Sets whether to parse the contents as UTF-7. This property enables a routine + * that repacks the content as UTF-7 before parsing it. Defaults to false. + * @param boolean whether to parse the contents as UTF-7 + */ + public function setRepackUTF7($value) + { + $this->setViewState('RepackUTF7',TPropertyValue::ensureBoolean($value),false); + } + + /** + * @return boolean whether to parse the contents as UTF-7. Defaults to false. + */ + public function getRepackUTF7() + { + return $this->getViewState('RepackUTF7',false); + } + + /** + * Renders body content. + * This method overrides parent implementation by removing + * malicious javascript code from the body content + * @param THtmlWriter writer + */ + public function render($writer) + { + $htmlWriter = Prado::createComponent($this->GetResponse()->getHtmlWriterType(), new TTextWriter()); + parent::render($htmlWriter); + $writer->write($this->parseSafeHtml($htmlWriter->flush())); + } + + /** + * Use SafeHTML to remove malicous javascript from the HTML content. + * @param string HTML content + * @return string safer HTML content + */ + protected function parseSafeHtml($text) + { + $renderer = Prado::createComponent('System.3rdParty.SafeHtml.TSafeHtmlParser'); + return $renderer->parse($text, $this->getRepackUTF7()); + } +} + -- cgit v1.2.3