From cad2910ee9f2554570d16aab283bd6c18b5c1d0b Mon Sep 17 00:00:00 2001
From: xue <>
Date: Sun, 26 Feb 2006 03:54:55 +0000
Subject: Fixed #72.
---
framework/3rdParty/SafeHtml/TSafeHtmlParser.php | 123 ++++++++++++------------
1 file changed, 62 insertions(+), 61 deletions(-)
(limited to 'framework')
diff --git a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php
index 2cedb36e..a51e203c 100644
--- a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php
+++ b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php
@@ -21,7 +21,7 @@
*/
Prado::using('System.3rdParty.SafeHtml.HTMLSax3');
-
+
/**
*
* SafeHTML Parser
@@ -30,15 +30,15 @@ Prado::using('System.3rdParty.SafeHtml.HTMLSax3');
*
* - opening tag without its closing tag
* - closing tag without its opening tag
- * - any of these tags: "base", "basefont", "head", "html", "body", "applet",
- * "object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed",
+ *
- any of these tags: "base", "basefont", "head", "html", "body", "applet",
+ * "object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed",
* "bgsound", "link", "meta", "style", "title", "blink", "xml" etc.
* - any of these attributes: on*, data*, dynsrc
* - javascript:/vbscript:/about: etc. protocols
* - expression/behavior etc. in styles
* - any other active content
*
- * It also tries to convert code to XHTML valid, but htmltidy is far better
+ * It also tries to convert code to XHTML valid, but htmltidy is far better
* solution for this task.
*
* Example:
@@ -64,7 +64,7 @@ class TSafeHtmlParser
* @access private
*/
private $_xhtml = '';
-
+
/**
* Array of counters for each tag
*
@@ -72,7 +72,7 @@ class TSafeHtmlParser
* @access private
*/
private $_counter = array();
-
+
/**
* Stack of unclosed tags
*
@@ -80,7 +80,7 @@ class TSafeHtmlParser
* @access private
*/
private $_stack = array();
-
+
/**
* Array of counters for tags that must be deleted with all content
*
@@ -88,7 +88,7 @@ class TSafeHtmlParser
* @access private
*/
private $_dcCounter = array();
-
+
/**
* Stack of unclosed tags that must be deleted with all content
*
@@ -96,17 +96,17 @@ class TSafeHtmlParser
* @access private
*/
private $_dcStack = array();
-
+
/**
* Stores level of list (ol/ul) nesting
*
* @var int
* @access private
*/
- private $_listScope = 0;
-
+ private $_listScope = 0;
+
/**
- * Stack of unclosed list tags
+ * Stack of unclosed list tags
*
* @var array
* @access private
@@ -120,7 +120,7 @@ class TSafeHtmlParser
* @access private
*/
private $_protoRegexps = array();
-
+
/**
* Array of prepared regular expressions for CSS matching
*
@@ -144,14 +144,14 @@ class TSafeHtmlParser
* @access public
*/
public $deleteTags = array(
- 'applet', 'base', 'basefont', 'bgsound', 'blink', 'body',
- 'embed', 'frame', 'frameset', 'head', 'html', 'ilayer',
- 'iframe', 'layer', 'link', 'meta', 'object', 'style',
- 'title', 'script',
+ 'applet', 'base', 'basefont', 'bgsound', 'blink', 'body',
+ 'embed', 'frame', 'frameset', 'head', 'html', 'ilayer',
+ 'iframe', 'layer', 'link', 'meta', 'object', 'style',
+ 'title', 'script',
);
/**
- * List of dangerous tags (such tags will be deleted, and all content
+ * List of dangerous tags (such tags will be deleted, and all content
* inside this tags will be also removed)
*
* @var array
@@ -174,11 +174,11 @@ class TSafeHtmlParser
* @access public
*/
public $blackProtocols = array(
- 'about', 'chrome', 'data', 'disk', 'hcp',
- 'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec',
- 'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera',
- 'res', 'resource', 'shell', 'vbscript', 'view-source',
- 'vnd.ms.radio', 'wysiwyg',
+ 'about', 'chrome', 'data', 'disk', 'hcp',
+ 'help', 'javascript', 'livescript', 'lynxcgi', 'lynxexec',
+ 'ms-help', 'ms-its', 'mhtml', 'mocha', 'opera',
+ 'res', 'resource', 'shell', 'vbscript', 'view-source',
+ 'vnd.ms.radio', 'wysiwyg',
);
/**
@@ -188,8 +188,8 @@ class TSafeHtmlParser
* @access public
*/
public $whiteProtocols = array(
- 'ed2k', 'file', 'ftp', 'gopher', 'http', 'https',
- 'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal',
+ 'ed2k', 'file', 'ftp', 'gopher', 'http', 'https',
+ 'irc', 'mailto', 'news', 'nntp', 'telnet', 'webcal',
'xmpp', 'callto',
);
@@ -200,20 +200,20 @@ class TSafeHtmlParser
* @access public
*/
public $protocolAttributes = array(
- 'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src',
+ 'action', 'background', 'codebase', 'dynsrc', 'href', 'lowsrc', 'src',
);
/**
* List of dangerous CSS keywords
*
- * Whole style="" attribute will be removed, if parser will find one of
+ * Whole style="" attribute will be removed, if parser will find one of
* these keywords
*
* @var array
* @access public
*/
public $cssKeywords = array(
- 'absolute', 'behavior', 'behaviour', 'content', 'expression',
+ 'absolute', 'behavior', 'behaviour', 'content', 'expression',
'fixed', 'include-source', 'moz-binding',
);
@@ -235,11 +235,11 @@ class TSafeHtmlParser
* @access public
*/
public $closeParagraph = array(
- 'address', 'blockquote', 'center', 'dd', 'dir', 'div',
- 'dl', 'dt', 'h1', 'h2', 'h3', 'h4',
- 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee',
- 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre',
- 'table', 'ul', 'xmp',
+ 'address', 'blockquote', 'center', 'dd', 'dir', 'div',
+ 'dl', 'dt', 'h1', 'h2', 'h3', 'h4',
+ 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee',
+ 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre',
+ 'table', 'ul', 'xmp',
);
/**
@@ -249,8 +249,8 @@ class TSafeHtmlParser
* @access public
*/
public $tableTags = array(
- 'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th',
- 'thead', 'tr',
+ 'caption', 'col', 'colgroup', 'tbody', 'td', 'tfoot', 'th',
+ 'thead', 'tr',
);
/**
@@ -282,7 +282,7 @@ class TSafeHtmlParser
*
* @access public
*/
- public function __construct()
+ public function __construct()
{
//making regular expressions based on Proto & CSS arrays
foreach ($this->blackProtocols as $proto) {
@@ -307,7 +307,7 @@ class TSafeHtmlParser
* @return boolean
* @access private
*/
- private function _writeAttrs ($attrs)
+ private function _writeAttrs ($attrs)
{
if (is_array($attrs)) {
foreach ($attrs as $name => $value) {
@@ -335,7 +335,7 @@ class TSafeHtmlParser
}
if ($name == 'style') {
-
+
// removes insignificant backslahes
$value = str_replace("\\", '', $value);
@@ -346,13 +346,13 @@ class TSafeHtmlParser
if ($_value == $value) break;
$value = $_value;
}
-
+
// replace all & to &
$value = str_replace('&', '&', $value);
$value = str_replace('&', '&', $value);
foreach ($this->_cssRegexps as $css) {
- if (preg_match($css, $value)) {
+ if (preg_match($css, $value)) {
continue 2;
}
}
@@ -366,8 +366,8 @@ class TSafeHtmlParser
$tempval = preg_replace('/(\d+);?/me', "chr('\\1')", $value); //"'
$tempval = preg_replace('/([0-9a-f]+);?/mei', "chr(hexdec('\\1'))", $tempval);
- if ((in_array($name, $this->protocolAttributes)) &&
- (strpos($tempval, ':') !== false))
+ if ((in_array($name, $this->protocolAttributes)) &&
+ (strpos($tempval, ':') !== false))
{
if ($this->protocolFiltering == 'black') {
foreach ($this->_protoRegexps as $proto) {
@@ -398,7 +398,7 @@ class TSafeHtmlParser
* @return boolean
* @access private
*/
- public function _openHandler(&$parser, $name, $attrs)
+ public function _openHandler(&$parser, $name, $attrs)
{
$name = strtolower($name);
@@ -413,7 +413,7 @@ class TSafeHtmlParser
if (in_array($name, $this->deleteTags)) {
return true;
}
-
+
if (!preg_match("/^[a-z0-9]+$/i", $name)) {
if (preg_match("!(?:\@|://)!i", $name)) {
$this->_xhtml .= '<' . $name . '>';
@@ -429,8 +429,8 @@ class TSafeHtmlParser
}
// TABLES: cannot open table elements when we are not inside table
- if ((isset($this->_counter['table'])) && ($this->_counter['table'] <= 0)
- && (in_array($name, $this->tableTags)))
+ if ((isset($this->_counter['table'])) && ($this->_counter['table'] <= 0)
+ && (in_array($name, $this->tableTags)))
{
return true;
}
@@ -441,8 +441,8 @@ class TSafeHtmlParser
}
// LISTS: we should close if of the same level opening
- if ($name == 'li' && count($this->_liStack) &&
- $this->_listScope == $this->_liStack[count($this->_liStack)-1])
+ if ($name == 'li' && count($this->_liStack) &&
+ $this->_listScope == $this->_liStack[count($this->_liStack)-1])
{
$this->_closeHandler($parser, 'li');
}
@@ -454,7 +454,7 @@ class TSafeHtmlParser
if ($name == 'li') {
array_push($this->_liStack, $this->_listScope);
}
-
+
$this->_xhtml .= '<' . $name;
$this->_writeAttrs($attrs);
$this->_xhtml .= '>';
@@ -471,13 +471,13 @@ class TSafeHtmlParser
* @return boolean
* @access private
*/
- public function _closeHandler(&$parser, $name)
+ public function _closeHandler(&$parser, $name)
{
$name = strtolower($name);
- if (isset($this->_dcCounter[$name]) && ($this->_dcCounter[$name] > 0) &&
- (in_array($name, $this->deleteTagsContent)))
+ if (isset($this->_dcCounter[$name]) && ($this->_dcCounter[$name] > 0) &&
+ (in_array($name, $this->deleteTagsContent)))
{
while ($name != ($tag = array_pop($this->_dcStack))) {
$this->_dcCounter[$tag]--;
@@ -501,13 +501,13 @@ class TSafeHtmlParser
}
/**
- * Closes tag
+ * Closes tag
*
* @param string $tag tag name
* @return boolean
* @access private
*/
- public function _closeTag($tag)
+ public function _closeTag($tag)
{
if (!in_array($tag, $this->noClose)) {
$this->_xhtml .= '' . $tag . '>';
@@ -533,7 +533,7 @@ class TSafeHtmlParser
* @return boolean
* @access private
*/
- public function _dataHandler(&$parser, $data)
+ public function _dataHandler(&$parser, $data)
{
if (count($this->_dcStack) == 0) {
$this->_xhtml .= $data;
@@ -549,7 +549,7 @@ class TSafeHtmlParser
* @return boolean
* @access private
*/
- public function _escapeHandler(&$parser, $data)
+ public function _escapeHandler(&$parser, $data)
{
return true;
}
@@ -560,12 +560,12 @@ class TSafeHtmlParser
* @return string Processed (X)HTML document
* @access public
*/
- public function getXHTML ()
+ public function getXHTML ()
{
while ($tag = array_pop($this->_stack)) {
$this->_closeTag($tag);
}
-
+
return $this->_xhtml;
}
@@ -575,7 +575,7 @@ class TSafeHtmlParser
* @return boolean
* @access public
*/
- public function clear()
+ public function clear()
{
$this->_xhtml = '';
return true;
@@ -588,8 +588,9 @@ class TSafeHtmlParser
* @return string Processed (X)HTML document
* @access public
*/
- public function parse($doc)
+ public function parse($doc)
{
+ $this->clear();
// Save all '<' symbols
$doc = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", '<', (string)$doc);
@@ -599,7 +600,7 @@ class TSafeHtmlParser
// Opera6 bug workaround
$doc = str_replace("\xC0\xBC", '<', $doc);
-
+
// UTF-7 encoding ASCII decode
$doc = $this->repackUTF7($doc);
--
cgit v1.2.3