Revamp error log handling
[htmlpurifier-web.git] / demo.custom.php
blob07fdca2ff01a18e1ef254b2e3b38d6e36390c0b2
1 <?php
3 class HTMLPurifier_AttrTransform_ParamValidator extends HTMLPurifier_AttrTransform
5 var $name = "ParamValidator";
6 var $uri;
8 function HTMLPurifier_AttrTransform_ParamValidator() {
9 $this->uri = new HTMLPurifier_AttrDef_URI();
12 function transform($attr, $config, $context) {
13 switch ($attr['name']) {
14 case 'allowscriptaccess':
15 $attr['value'] = 'never';
16 break;
17 case 'wmode':
18 $attr['value'] = 'window';
19 break;
20 case 'enablejsurls':
21 $attr['value'] = 'false';
22 break;
23 case 'movie':
24 $attr['value'] = $this->uri->validate($attr['movie'], $config, $context);
25 break;
26 // probably more
27 default:
28 $attr['name'] = $attr['value'] = null;
30 return $attr;
34 class HTMLPurifier_AttrTransform_ObjectValidator extends HTMLPurifier_AttrTransform
36 var $name = "ObjectValidator";
38 function transform($attr, $config, $context) {
39 if (!isset($attr['type'])) $attr['type'] = 'application/x-shockwave-flash';
40 return $attr;
44 $config->set('AutoFormat', 'Custom', array('AddParam'));
45 $config->set('HTML', 'DefinitionID', 'allow flash movies');
46 $config->set('HTML', 'DefinitionRev', 1);
47 $config->set('Cache', 'DefinitionImpl', null); //remove this later
48 $def =& $config->getHTMLDefinition(true);
50 $param =& $def->addElement(
51 'param',
52 false, //only appears in object tags, remove elsewhere
53 'Empty',
54 false,
55 array(
56 // this by default is insecure, and must have a validator
57 'name' => 'Text',
58 'value' => 'Text'
62 $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_ParamValidator();
64 $object =& $def->addElement(
65 'object',
66 'Inline',
67 'Optional: param | #PCDATA',
68 false,
69 array(
70 'type*' => 'Enum#application/x-shockwave-flash',
71 'width*' => 'Pixels',
72 'height*' => 'Pixels',
73 'data' => 'Text'
76 $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_ObjectValidator();
80 $embed =& $def->addElement(
81 'embed',
82 'Block',
83 'Empty',
84 false,
85 array(
86 'type*' => 'Enum#application/x-shockwave-flash',
87 'width*' => 'Pixels',
88 'height*' => 'Pixels',
89 'src*' => 'URI',
90 'flashvars' => 'Text',
91 'allowscriptaccess' => 'Enum#never',
92 'enablejsurls' => 'Enum#false',
93 'enablehref' => 'Enum#false',
94 'bgcolor' => 'Text',
95 //these will all be ignored by the injector
96 'wmode' => 'Text',
97 'pluginspage' => 'URI',
98 'saveembedtags' => 'Text',
99 'salign' => 'Text',
100 'scale' => 'Text',
101 'name' => 'Text'
105 class HTMLPurifier_AttrTransform_EmbedValidator extends HTMLPurifier_AttrTransform
107 var $name = "EmbedValidator";
109 function transform($attr, $config, $context) {
110 $attr['allowscriptaccess'] = 'never';
111 $attr['enablejsurls'] = 'false';
112 $attr['enablehref'] = 'false';
113 return $attr;
116 $embed->attr_transform_post[] = new HTMLPurifier_AttrTransform_EmbedValidator();
118 class HTMLPurifier_Injector_AddParam extends HTMLPurifier_Injector
120 var $name = 'AddParam';
121 var $needed = array('object', 'param');
122 function handleElement(&$token) {
123 if ($token->name == 'object') {
124 $token = array(
125 $token,
126 new HTMLPurifier_Token_Start('param', array('name' => 'enablejsurls', 'value' => 'false'))