demo.php

   1 <?php
   2
   3 // using _REQUEST because we accept GET and POST requests
   4
   5 $content = empty($_REQUEST['xml']) ? 'text/html' : 'application/xhtml+xml';
   6 header("Content-type:$content;charset=UTF-8");
   7
   8 // prevent PHP versions with shorttags from barfing
   9 echo '<?xml version="1.0" encoding="UTF-8" ?>
  10 ';
  11
  12 function getFormMethod() {
  13     return (isset($_REQUEST['post'])) ? 'post' : 'get';
  14 }
  15
  16 if (empty($_REQUEST['strict'])) {
  17 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  18      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  19 <?php
  20 } else {
  21 ?>
  22 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  23     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  24 <?php
  25 }
  26 ?>
  27 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
  28 <head>
  29     <title>HTML Purifier Live Demo</title>
  30     <meta name="author" content="Edward Z. Yang" />
  31     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  32     <link rel="icon" href="favicon.ico" type="image/x-icon" />
  33     <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
  34     <link rel="stylesheet" href="common.css" type="text/css" />
  35 </head>
  36 <body>
  37 <img src="logo.png" id="logo" alt="HTML Purifier" />
  38 <div id="header"><a href="./"><span class="html">HTML</span>
  39 <span class="purifier">Purifier</span></a></div>
  40 <h1 id="title">Live Demo</h1>
  41 <div id="content">
  42 <?php
  43
  44 require_once 'live/library/HTMLPurifier.auto.php';
  45
  46 if (!empty($_REQUEST['html'])) { // start result
  47
  48     if (strlen($_REQUEST['html']) > 50000) {
  49         ?>
  50         <p>Request exceeds maximum allowed text size of 50kb.</p>
  51         <?php
  52     } else { // start main processing
  53
  54     $html = get_magic_quotes_gpc() ? stripslashes($_REQUEST['html']) : $_REQUEST['html'];
  55
  56     $config = HTMLPurifier_Config::createDefault();
  57     $config->set('Core', 'TidyFormat', !empty($_REQUEST['tidy']));
  58     $config->set('HTML', 'Strict',     !empty($_REQUEST['strict']));
  59     $purifier = new HTMLPurifier($config);
  60     $pure_html = $purifier->purify($html);
  61
  62 ?>
  63 <p>Here is your purified HTML:</p>
  64 <div style="border:5px solid #BCC8D8; margin:1em 10%; padding:1em;">
  65 <?php if(getFormMethod() == 'get') { ?>
  66 <div style="float:right;">
  67     <a href="http://validator.w3.org/check?uri=referer"><img
  68         src="http://www.w3.org/Icons/valid-xhtml10"
  69         alt="Valid XHTML 1.0 Transitional" height="31" width="88" style="border:0;" /></a>
  70 </div>
  71 <?php } ?>
  72 <?php
  73
  74 echo $pure_html;
  75
  76 ?>
  77 <div style="clear:both;"></div>
  78 </div>
  79 <p>Here is the source code of the purified HTML:</p>
  80 <pre><?php
  81
  82 echo htmlspecialchars($pure_html, ENT_COMPAT, 'UTF-8');
  83
  84 ?></pre>
  85 <?php
  86 if (getFormMethod() == 'post') { // start POST validation notice
  87 ?>
  88 <p>If you would like to validate the code with
  89 <a href="http://validator.w3.org/#validate-by-input">W3C's
  90 validator</a>, copy and paste the <em>entire</em> demo page's source.</p>
  91 <?php
  92 } // end POST validation notice
  93
  94 } // end main processing
  95
  96 // end result
  97 } else {
  98
  99 ?>
 100 <p>Welcome to the live demo.  Enter some HTML and see how HTML Purifier
 101 will filter it.</p>
 102 <?php
 103
 104 }
 105
 106 ?>
 107 <form id="filter" action="demo.php<?php
 108 echo '?' . getFormMethod();
 109 if (isset($_REQUEST['profile']) || isset($_REQUEST['XDEBUG_PROFILE'])) {
 110     echo '&amp;XDEBUG_PROFILE=1';
 111 } ?>" method="<?php echo getFormMethod();  ?>">
 112     <fieldset>
 113         <legend>HTML Purifier Input (<?php echo getFormMethod(); ?>)</legend>
 114         <textarea name="html" cols="60" rows="15"><?php
 115
 116 if (isset($html)) {
 117     echo htmlspecialchars(
 118             HTMLPurifier_Encoder::cleanUTF8($html), ENT_COMPAT, 'UTF-8');
 119 }
 120         ?></textarea>
 121         <?php if (getFormMethod() == 'get') { ?>
 122             <p><strong>Warning:</strong> GET request method can only hold
 123                 8129 characters (probably less depending on your browser).
 124                 If you need to test anything
 125                 larger than that, try the <a href="?post">POST form</a>.</p>
 126         <?php } ?>
 127         <?php if (extension_loaded('tidy')) { ?>
 128             <div>Nicely format output with Tidy? <input type="checkbox" value="1"
 129             name="tidy"<?php if (!empty($_REQUEST['tidy'])) echo ' checked="checked"'; ?> /></div>
 130         <?php } ?>
 131         <div>XHTML 1.0 Strict output? <input type="checkbox" value="1"
 132         name="strict"<?php if (!empty($_REQUEST['strict'])) echo ' checked="checked"'; ?> /></div>
 133         <div>Serve as application/xhtml+xml? (not for IE) <input type="checkbox" value="1"
 134         name="xml"<?php if (!empty($_REQUEST['xml'])) echo ' checked="checked"'; ?> /></div>
 135         <div>
 136             <input type="submit" value="Submit" name="submit" class="button" />
 137         </div>
 138     </fieldset>
 139 </form>
 140 <p>Try the form in <a href="?get">GET</a> and <a href="?post">POST</a> request
 141 flavors (GET is easy to validate with W3C, but POST allows larger inputs).</p>
 142 </div>
 143 </body>
 144 </html>