search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Tone down language against documentation, as per Shiflett and Coates.
[htmlpurifier-web.git] / demo.php
blob026b0b7dbc394d21e0383b2ccf64c2c0662816a9
1 <?php
2
3 // major TODO: hook into some sort of templating system that utilizes
4 // XHTML Compiler to process the template (cacheable, of course), before
5 // passing it along to this script
6
7 // using _REQUEST because we accept GET and POST requests
8
9 function getFormMethod() {
10 return (isset($_REQUEST['post'])) ? 'post' : 'get';
11 }
12 function escapeHTML($html) {
13 return htmlspecialchars(
14 HTMLPurifier_Encoder::cleanUTF8($html), ENT_COMPAT, 'UTF-8');
15 }
16 function isLocal() {
17 static $name = false;
18 if (!$name) {
19 if (file_exists($dir = 'xhtml-compiler/conf/name.txt')) {
20 $name = trim(file_get_contents($dir));
21 } elseif (file_exists('xhtml-compiler/local.txt')) {
22 $name = 'EZYANG';
23 }
24 }
25 return $name == 'EZYANG' || $name == 'EZYANG2';
26 }
27
28 if (empty($_REQUEST['experimental'])) {
29 require_once 'live/library/HTMLPurifier.auto.php';
30 } elseif (!isLocal()) {
31 require_once 'dev/library/HTMLPurifier.auto.php';
32 } else {
33 require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
34 }
35 require_once 'HTMLPurifier/Printer/ConfigForm.php';
36
37 $allowed_lite = array(
38 'Core.CollectErrors',
39 'URI.DisableExternalResources',
40 'URI.Munge',
41 'HTML.TidyLevel',
42 'HTML.Doctype',
43 'HTML.Allowed',
44 'CSS',
45 'AutoFormat',
46 '-AutoFormat.Custom',
47 '-AutoFormat.PurifierLinkify',
48 );
49
50 $config = HTMLPurifier_Config::loadArrayFromForm($_REQUEST, 'filter', $allowed_lite);
51 $purifier = new HTMLPurifier($config);
52
53 if (!empty($_REQUEST['strict'])) {
54 // backwards-compatibility
55 $config->set('HTML', 'Strict', true);
56 }
57 if (!empty($_REQUEST['experimental'])) {
58 require_once 'HTMLPurifier/Lexer/PH5P.php';
59 $config->set('Core', 'LexerImpl', 'PH5P');
60 $config->set('HTML', 'SafeObject', true);
61 $config->set('HTML', 'SafeEmbed', true);
62 }
63
64 if (file_exists('demo.custom.php') && isLocal()) include 'demo.custom.php';
65
66 $definition = $config->getHTMLDefinition();
67 $doctype = $definition->doctype;
68
69 if ($doctype->xml && stripos($_SERVER["HTTP_ACCEPT"], 'application/xhtml+xml') !== false && !isset($_REQUEST['debug'])) {
70 $type = 'application/xhtml+xml';
71 } else {
72 $type = 'text/html';
73 }
74 header("Content-type:$type;charset=UTF-8");
75
76 // prevent PHP versions with shorttags from barfing
77 if ($doctype->xml) {
78 echo '<?xml version="1.0" encoding="UTF-8" ?>' . PHP_EOL;
79 }
80
81 if (!empty($doctype->dtdPublic) && !empty($doctype->dtdSystem)) {
82 echo '<!DOCTYPE html PUBLIC "'.$doctype->dtdPublic.'" "'.$doctype->dtdSystem.'">' . PHP_EOL;
83 }
84
85 if ($doctype->xml) {
86 echo '<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">' . PHP_EOL;
87 $END = ' /';
88 } else {
89 echo '<html lang="en">' . PHP_EOL;
90 $END = '';
91 }
92
93 ?><head>
94 <title>HTML Purifier Live Demo</title>
95 <!-- make sure all empty elements that are not generated are
96 appropriately ended -->
97 <meta name="author" content="Edward Z. Yang"<?php echo $END; ?>>
98 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"<?php echo $END; ?>>
99 <link rel="icon" href="favicon.ico" type="image/x-icon"<?php echo $END; ?>>
100 <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"<?php echo $END; ?>>
101 <link rel="stylesheet" href="common.css" type="text/css"<?php echo $END; ?>>
102 <link rel="stylesheet" href="demo.css" type="text/css"<?php echo $END; ?>>
103 <link rel="stylesheet" href="live/library/HTMLPurifier/Printer/ConfigForm.css" type="text/css"<?php echo $END; ?>>
104 <script defer="defer" type="text/javascript" src="live/library/HTMLPurifier/Printer/ConfigForm.js"></script>
105 </head>
106 <body>
107 <div id="logo"></div>
108 <div id="header"><a href=".">HTML Purifier</a></div>
109 <?php
110 if (file_exists('navigation.frag')) {
111 readfile('navigation.frag');
112 } else { ?>
113 <div><strong>Please navigate to <a href="navigation.html">navigation.html</a> to regenerate menu</strong></div>
114 <?php }
115 ?>
116 <h1 id="title">Live Demo</h1>
117 <div id="alt-content">
118 <?php
119
120 if (!empty($_REQUEST['html'])) { // start result
121
122 if (strlen($_REQUEST['html']) > 50000) {
123 ?>
124 <p>Request exceeds maximum allowed text size of 50kb.</p>
125 <?php
126 } else { // start main processing
127
128 $html = get_magic_quotes_gpc() ? stripslashes($_REQUEST['html']) : $_REQUEST['html'];
129 $pure_html = $purifier->purify($html);
130
131 ?>
132 <p>Here is your purified HTML:</p>
133 <div id="output">
134 <?php if(getFormMethod() == 'get') {
135 // calculate image
136 $img = false;
137 if ($doctype->name == 'HTML 4.01 Transitional' || $doctype->name == 'HTML 4.01 Strict') {
138 $img = 'http://www.w3.org/Icons/valid-html401';
139 } elseif ($doctype->name == 'XHTML 1.0 Transitional' || $doctype->name == 'XHTML 1.0 Strict') {
140 $img = 'http://www.w3.org/Icons/valid-xhtml10';
141 } elseif ($doctype->name == 'XHTML 1.1') {
142 $img = 'http://www.w3.org/Icons/valid-xhtml11';
143 }
144 ?>
145 <div id="w3c-validator">
146 <a href="http://validator.w3.org/check?uri=referer" title="Valid <?php echo escapeHTML($doctype->name); ?>">
147 <?php if ($img) { ?>
148 <img
149 src="<?php echo escapeHTML($img); ?>" height="31" width="88"
150 alt="Valid <?php echo escapeHTML($doctype->name); ?>"<?php echo $END; ?>>
151 <?php } else { ?>
152 Valid <?php echo escapeHTML($doctype->name); ?>
153 <?php } ?>
154 </a>
155 </div>
156 <?php } ?>
157 <?php
158
159 echo $pure_html;
160
161 ?>
162 <div class="clear"></div>
163 </div>
164 <?php if ($config->get('Core', 'CollectErrors')) {
165 $e = $purifier->context->get('ErrorCollector');
166 $class = $e->getRaw() ? 'fail' : 'pass';
167 ?>
168 <p>Here are errors that occurred during purification:</p>
169 <div id="errors" class="<?php echo $class ?>">
170 <?php
171 echo $e->getHTMLFormatted($config);
172 ?>
173 </div>
174 <?php } ?>
175 <p>Here is the source code of the purified HTML:</p>
176 <pre id="source"><?php echo escapeHTML($pure_html); ?></pre>
177 <?php
178 if (getFormMethod() == 'post') { // start POST validation notice
179 ?>
180 <p>If you would like to validate the code with
181 <a href="http://validator.w3.org/#validate-by-input">W3C's
182 validator</a>, copy and paste the <em>entire</em> demo page's source.</p>
183 <?php
184 } // end POST validation notice
185
186 } // end main processing
187
188 // end result
189 } else {
190
191 ?>
192 <p>Welcome to the live demo. Enter some HTML and see how HTML Purifier
193 will filter it.</p>
194 <?php
195
196 }
197
198 ?>
199 <form id="filter" action="demo.php<?php
200 echo '?' . getFormMethod();
201 if (isset($_REQUEST['profile']) || isset($_REQUEST['XDEBUG_PROFILE'])) {
202 echo '&amp;XDEBUG_PROFILE=1';
203 } ?>" method="<?php echo getFormMethod(); ?>">
204 <fieldset>
205 <legend>HTML Purifier Input (<?php echo getFormMethod(); ?>)</legend>
206
207 <?php
208 $form_printer = new HTMLPurifier_Printer_ConfigForm('filter', 'http://htmlpurifier.org/live/configdoc/plain.html#%s', 14);
209 echo $form_printer->render($config, $allowed_lite, false);
210 ?>
211
212 <div id="textarea">
213 <textarea name="html" cols="60" rows="15"><?php
214 if (isset($html)) echo escapeHTML($html);
215 ?></textarea>
216 </div>
217
218 <p>
219 By default, HTML Purifier may remove some of your spacing or
220 indentation. Turn on CollectErrors or experimental features in
221 order to fully preserve whitespace.
222 </p>
223 <?php if (getFormMethod() == 'get') { ?>
224 <p><strong>Warning:</strong> GET request method can only hold
225 8129 characters (probably less depending on your browser).
226 If you need to test anything
227 larger than that, try the <a href="?post">POST form</a>.</p>
228 <?php } ?>
229 <div>
230 <input type="submit" value="Submit" name="submit" class="button"<?php echo $END; ?>>
231 Use experimental features: <input type="checkbox" value="1" <?php if(!empty($_REQUEST['experimental'])) {echo 'checked="checked" ';} ?>name="experimental"<?php echo $END; ?>>
232 </div>
233 </fieldset>
234 </form>
235 <p>Try the form in <a href="?get">GET</a> and <a href="?post">POST</a> request
236 flavors (GET is easy to validate with W3C, but POST allows larger inputs).
237 Don't know what to test? Try out these sample filterings:</p>
238 <ul>
239 <li><a href="demo.php?html=%3Cimg+src%3D%22javascript%3Aevil%28%29%3B%22+onload%3D%22evil%28%29%3B%22+%2F%3E">Malicious code removed</a></li>
240 <li><a href="demo.php?html=%3Cb%3EBold&amp;submit=Submit">Missing end tags fixed</a></li>
241 <li><a href="demo.php?html=%3Cb%3EInline+%3Cdel%3Econtext+%3Cdiv%3ENo+block+allowed%3C%2Fdiv%3E%3C%2Fdel%3E%3C%2Fb%3E&amp;submit=Submit">Illegal nesting fixed</a></li>
242 <li><a href="demo.php?html=%3Ccenter%3ECentered%3C%2Fcenter%3E&amp;filter%5BHTML.Doctype%5D=XHTML+1.0+Strict&amp;submit=Submit">Deprecated tags converted</a></li>
243 <li><a href="demo.php?html=%3Cspan+style%3D%22color%3A%23COW%3Bfloat%3Aaround%3Btext-decoration%3Ablink%3B%22%3EText%3C%2Fspan%3E&amp;submit=Submit"><abbr>CSS</abbr> validated</a></li>
244 <li><a href="demo.php?html=%3Ctable%3E%0D%0A++%3Ccaption%3E%0D%0A++++Cool+table%0D%0A++%3C%2Fcaption%3E%0D%0A++%3Ctfoot%3E%0D%0A++++%3Ctr%3E%0D%0A++++++%3Cth%3EI+can+do+so+much%21%3C%2Fth%3E%0D%0A++++%3C%2Ftr%3E%0D%0A++%3C%2Ftfoot%3E%0D%0A++%3Ctr%3E%0D%0A++++%3Ctd+style%3D%22font-size%3A16pt%3B%0D%0A++++++color%3A%23F00%3Bfont-family%3Asans-serif%3B%0D%0A++++++text-align%3Acenter%3B%22%3EWow%3C%2Ftd%3E%0D%0A++%3C%2Ftr%3E%0D%0A%3C%2Ftable%3E&amp;experimental=1&amp;submit=Submit">Rich formatting preserved</a></li>
245 </ul>
246 </div>
247 </body>
248 </html>
Website for HTML Purifier found at htmlpurifier.org