From cad2910ee9f2554570d16aab283bd6c18b5c1d0b Mon Sep 17 00:00:00 2001 From: xue <> Date: Sun, 26 Feb 2006 03:54:55 +0000 Subject: Fixed #72. --- framework/3rdParty/SafeHtml/TSafeHtmlParser.php | 123 ++++++++++++------------ 1 file changed, 62 insertions(+), 61 deletions(-) (limited to 'framework') diff --git a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php index 2cedb36e..a51e203c 100644 --- a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php +++ b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php @@ -21,7 +21,7 @@ */ Prado::using('System.3rdParty.SafeHtml.HTMLSax3'); - + /** * * SafeHTML Parser @@ -30,15 +30,15 @@ Prado::using('System.3rdParty.SafeHtml.HTMLSax3'); * - * It also tries to convert code to XHTML valid, but htmltidy is far better + * It also tries to convert code to XHTML valid, but htmltidy is far better * solution for this task. * * Example: @@ -64,7 +64,7 @@ class TSafeHtmlParser * @access private */ private $_xhtml = ''; - + /** * Array of counters for each tag * @@ -72,7 +72,7 @@ class TSafeHtmlParser * @access private */ private $_counter = array(); - + /** * Stack of unclosed tags * @@ -80,7 +80,7 @@ class TSafeHtmlParser * @access private */ private $_stack = array(); - + /** * Array of counters for tags that must be deleted with all content * @@ -88,7 +88,7 @@ class TSafeHtmlParser * @access private */ private $_dcCounter = array(); - + /** * Stack of unclosed tags that must be deleted with all content * @@ -96,17 +96,17 @@ class TSafeHtmlParser * @access private */ private $_dcStack = array(); - + /** * Stores level of list (ol/ul) nesting * * @var int * @access private */ - private $_listScope = 0; - + private $_listScope = 0; + /** - * Stack of unclosed list tags + * Stack of unclosed list tags * * @var array * @access private @@ -120,7 +120,7 @@ class TSafeHtmlParser * @access private */ private $_protoRegexps = array(); - + /** * Array of prepared regular expressions for CSS matching * @@ -144,14 +144,14 @@ class TSafeHtmlParser * @access public */ public $deleteTags = array( - 'applet', 'base', 'basefont', 'bgsound', 'blink', 'body', - 'embed', 'frame', 'frameset', 'head', 'html', 'ilayer', - 'iframe', 'layer', 'link', 'meta', 'object', 'style', - 'title', 'script', + 'applet', 'base', 'basefont', 'bgsound', 'blink', 'body', + 'embed', 'frame', 'frameset', 'head', 'html', 'ilayer', + 'iframe', 'layer', 'link', 'meta', 'object', 'style', + 'title', 'script', ); /** - * List of dangerous tags (such tags will be deleted, and all content + * List of dangerous tags (such tags will be deleted, and all content * inside this tags will be also removed) * * @var array @@ -174,11 +174,11 @@ class TSafeHtmlParser * @access public */ public $blackProtocols = array( - 'about', 'chrome', 'data', 'disk', 'hcp', - 'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec', - 'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera', - 'res', 'resource', 'shell', 'vbscript', 'view-source', - 'vnd.ms.radio', 'wysiwyg', + 'about', 'chrome', 'data', 'disk', 'hcp', + 'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec', + 'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera', + 'res', 'resource', 'shell', 'vbscript', 'view-source', + 'vnd.ms.radio', 'wysiwyg', ); /** @@ -188,8 +188,8 @@ class TSafeHtmlParser * @access public */ public $whiteProtocols = array( - 'ed2k', 'file', 'ftp', 'gopher', 'http', 'https', - 'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal', + 'ed2k', 'file', 'ftp', 'gopher', 'http', 'https', + 'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal', 'xmpp', 'callto', ); @@ -200,20 +200,20 @@ class TSafeHtmlParser * @access public */ public $protocolAttributes = array( - 'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src', + 'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src', ); /** * List of dangerous CSS keywords * - * Whole style="" attribute will be removed, if parser will find one of + * Whole style="" attribute will be removed, if parser will find one of * these keywords * * @var array * @access public */ public $cssKeywords = array( - 'absolute', 'behavior', 'behaviour', 'content', 'expression', + 'absolute', 'behavior', 'behaviour', 'content', 'expression', 'fixed', 'include-source', 'moz-binding', ); @@ -235,11 +235,11 @@ class TSafeHtmlParser * @access public */ public $closeParagraph = array( - 'address', 'blockquote', 'center', 'dd', 'dir', 'div', - 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', - 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee', - 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre', - 'table', 'ul', 'xmp', + 'address', 'blockquote', 'center', 'dd', 'dir', 'div', + 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', + 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee', + 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre', + 'table', 'ul', 'xmp', ); /** @@ -249,8 +249,8 @@ class TSafeHtmlParser * @access public */ public $tableTags = array( - 'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', - 'thead', 'tr', + 'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th', + 'thead', 'tr', ); /** @@ -282,7 +282,7 @@ class TSafeHtmlParser * * @access public */ - public function __construct() + public function __construct() { //making regular expressions based on Proto & CSS arrays foreach ($this->blackProtocols as $proto) { @@ -307,7 +307,7 @@ class TSafeHtmlParser * @return boolean * @access private */ - private function _writeAttrs ($attrs) + private function _writeAttrs ($attrs) { if (is_array($attrs)) { foreach ($attrs as $name => $value) { @@ -335,7 +335,7 @@ class TSafeHtmlParser } if ($name == 'style') { - + // removes insignificant backslahes $value = str_replace("\\", '', $value); @@ -346,13 +346,13 @@ class TSafeHtmlParser if ($_value == $value) break; $value = $_value; } - + // replace all & to & $value = str_replace('&', '&', $value); $value = str_replace('&', '&', $value); foreach ($this->_cssRegexps as $css) { - if (preg_match($css, $value)) { + if (preg_match($css, $value)) { continue 2; } } @@ -366,8 +366,8 @@ class TSafeHtmlParser $tempval = preg_replace('/&#(\d+);?/me', "chr('\\1')", $value); //"' $tempval = preg_replace('/&#x([0-9a-f]+);?/mei', "chr(hexdec('\\1'))", $tempval); - if ((in_array($name, $this->protocolAttributes)) && - (strpos($tempval, ':') !== false)) + if ((in_array($name, $this->protocolAttributes)) && + (strpos($tempval, ':') !== false)) { if ($this->protocolFiltering == 'black') { foreach ($this->_protoRegexps as $proto) { @@ -398,7 +398,7 @@ class TSafeHtmlParser * @return boolean * @access private */ - public function _openHandler(&$parser, $name, $attrs) + public function _openHandler(&$parser, $name, $attrs) { $name = strtolower($name); @@ -413,7 +413,7 @@ class TSafeHtmlParser if (in_array($name, $this->deleteTags)) { return true; } - + if (!preg_match("/^[a-z0-9]+$/i", $name)) { if (preg_match("!(?:\@|://)!i", $name)) { $this->_xhtml .= '<' . $name . '>'; @@ -429,8 +429,8 @@ class TSafeHtmlParser } // TABLES: cannot open table elements when we are not inside table - if ((isset($this->_counter['table'])) && ($this->_counter['table'] <= 0) - && (in_array($name, $this->tableTags))) + if ((isset($this->_counter['table'])) && ($this->_counter['table'] <= 0) + && (in_array($name, $this->tableTags))) { return true; } @@ -441,8 +441,8 @@ class TSafeHtmlParser } // LISTS: we should close
  • if
  • of the same level opening - if ($name == 'li' && count($this->_liStack) && - $this->_listScope == $this->_liStack[count($this->_liStack)-1]) + if ($name == 'li' && count($this->_liStack) && + $this->_listScope == $this->_liStack[count($this->_liStack)-1]) { $this->_closeHandler($parser, 'li'); } @@ -454,7 +454,7 @@ class TSafeHtmlParser if ($name == 'li') { array_push($this->_liStack, $this->_listScope); } - + $this->_xhtml .= '<' . $name; $this->_writeAttrs($attrs); $this->_xhtml .= '>'; @@ -471,13 +471,13 @@ class TSafeHtmlParser * @return boolean * @access private */ - public function _closeHandler(&$parser, $name) + public function _closeHandler(&$parser, $name) { $name = strtolower($name); - if (isset($this->_dcCounter[$name]) && ($this->_dcCounter[$name] > 0) && - (in_array($name, $this->deleteTagsContent))) + if (isset($this->_dcCounter[$name]) && ($this->_dcCounter[$name] > 0) && + (in_array($name, $this->deleteTagsContent))) { while ($name != ($tag = array_pop($this->_dcStack))) { $this->_dcCounter[$tag]--; @@ -501,13 +501,13 @@ class TSafeHtmlParser } /** - * Closes tag + * Closes tag * * @param string $tag tag name * @return boolean * @access private */ - public function _closeTag($tag) + public function _closeTag($tag) { if (!in_array($tag, $this->noClose)) { $this->_xhtml .= ''; @@ -533,7 +533,7 @@ class TSafeHtmlParser * @return boolean * @access private */ - public function _dataHandler(&$parser, $data) + public function _dataHandler(&$parser, $data) { if (count($this->_dcStack) == 0) { $this->_xhtml .= $data; @@ -549,7 +549,7 @@ class TSafeHtmlParser * @return boolean * @access private */ - public function _escapeHandler(&$parser, $data) + public function _escapeHandler(&$parser, $data) { return true; } @@ -560,12 +560,12 @@ class TSafeHtmlParser * @return string Processed (X)HTML document * @access public */ - public function getXHTML () + public function getXHTML () { while ($tag = array_pop($this->_stack)) { $this->_closeTag($tag); } - + return $this->_xhtml; } @@ -575,7 +575,7 @@ class TSafeHtmlParser * @return boolean * @access public */ - public function clear() + public function clear() { $this->_xhtml = ''; return true; @@ -588,8 +588,9 @@ class TSafeHtmlParser * @return string Processed (X)HTML document * @access public */ - public function parse($doc) + public function parse($doc) { + $this->clear(); // Save all '<' symbols $doc = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", '<', (string)$doc); @@ -599,7 +600,7 @@ class TSafeHtmlParser // Opera6 bug workaround $doc = str_replace("\xC0\xBC", '<', $doc); - + // UTF-7 encoding ASCII decode $doc = $this->repackUTF7($doc); -- cgit v1.2.3