3 // major TODO: hook into some sort of templating system that utilizes
4 // XHTML Compiler to process the template (cacheable, of course), before
5 // passing it along to this script
7 // using _REQUEST because we accept GET and POST requests
9 $content = empty($_REQUEST['xml']) ?
'text/html' : 'application/xhtml+xml';
10 header("Content-type:$content;charset=UTF-8");
12 // prevent PHP versions with shorttags from barfing
13 echo '<?xml version="1.0" encoding="UTF-8" ?>
16 function getFormMethod() {
17 return (isset($_REQUEST['post'])) ?
'post' : 'get';
20 function escapeHTML($html) {
21 return htmlspecialchars(
22 HTMLPurifier_Encoder
::cleanUTF8($html), ENT_COMPAT
, 'UTF-8');
27 * - Dangerous, but workable
28 ! - Needs special processing by demo
30 Core.EscapeInvalidChildren
32 Core.EscapeNonASCIICharacters
33 Core.AcceptFullDocuments
34 Core.EscapeInvalidTags
36 (missing: Core.Encoding!)
41 Attr.IDBlacklistRegexp*
45 Attr.DefaultInvalidImage
46 Attr.DefaultInvalidImageAlt
47 Attr.AllowedFrameTargets!
54 URI.DisableExternalResources
59 (missing: OverrideAllowedSchemes)
70 HTML.AllowedAttributes
71 (missing: Strict, XHTML, CoreModules)
73 Output.CommentScriptContents
78 if (empty($_REQUEST['strict'])) {
79 ?
><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
80 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
84 <!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
85 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
89 <html xmlns
="http://www.w3.org/1999/xhtml" lang
="en" xml
:lang
="en">
91 <title
>HTML Purifier Live Demo
</title
>
92 <meta name
="author" content
="Edward Z. Yang" />
93 <meta http
-equiv
="Content-Type" content
="text/html; charset=UTF-8" />
94 <link rel
="icon" href
="favicon.ico" type
="image/x-icon" />
95 <link rel
="shortcut icon" href
="favicon.ico" type
="image/x-icon" />
96 <link rel
="stylesheet" href
="common.css" type
="text/css" />
100 <div id
="header"><a href
=".">HTML Purifier
</a
></div
>
101 <!-- add navigation soon
! -->
102 <h1 id
="title">Live Demo
</h1
>
106 if (!file_exists('xhtml-compiler/local.txt')) {
107 require_once 'live/library/HTMLPurifier.auto.php';
109 require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
112 if (!empty($_REQUEST['html'])) { // start result
114 if (strlen($_REQUEST['html']) > 50000) {
116 <p
>Request exceeds maximum allowed text size of
50kb
.</p
>
118 } else { // start main processing
120 $html = get_magic_quotes_gpc() ?
stripslashes($_REQUEST['html']) : $_REQUEST['html'];
122 $config = HTMLPurifier_Config
::createDefault();
123 $config->set('Core', 'TidyFormat', !empty($_REQUEST['tidy']));
124 $config->set('HTML', 'Strict', !empty($_REQUEST['strict']));
125 $purifier = new HTMLPurifier($config);
126 $pure_html = $purifier->purify($html);
129 <p
>Here is your purified HTML
:</p
>
130 <div style
="border:5px solid #BCC8D8; margin:1em 10%; padding:1em;">
131 <?php
if(getFormMethod() == 'get') { ?
>
132 <div style
="float:right;">
133 <a href
="http://validator.w3.org/check?uri=referer"><img
134 src
="http://www.w3.org/Icons/valid-xhtml10"
135 alt
="Valid XHTML 1.0 Transitional" height
="31" width
="88" style
="border:0;" /></a
>
143 <div style
="clear:both;"></div
>
145 <p
>Here is the source code of the purified HTML
:</p
>
148 echo escapeHTML($pure_html);
152 if (getFormMethod() == 'post') { // start POST validation notice
154 <p
>If you would like to validate the code with
155 <a href
="http://validator.w3.org/#validate-by-input">W3C
's
156 validator</a>, copy and paste the <em>entire</em> demo page's source
.</p
>
158 } // end POST validation notice
160 } // end main processing
166 <p
>Welcome to the live demo
. Enter some HTML
and see how HTML Purifier
173 <form id
="filter" action
="demo.php<?php
174 echo '?' . getFormMethod();
175 if (isset($_REQUEST['profile']) || isset($_REQUEST['XDEBUG_PROFILE'])) {
176 echo '&XDEBUG_PROFILE=1';
177 } ?>" method
="<?php echo getFormMethod(); ?>">
179 <legend
>HTML Purifier
Input (<?php
echo getFormMethod(); ?
>)</legend
>
180 <textarea name
="html" cols
="60" rows
="15"><?php
183 echo escapeHTML($html);
186 <?php
if (getFormMethod() == 'get') { ?
>
187 <p
><strong
>Warning
:</strong
> GET request method can only hold
188 8129 characters (probably less depending on your browser
).
189 If you need to test anything
190 larger than that
, try the
<a href
="?post">POST form
</a
>.</p
>
192 <?php
if (extension_loaded('tidy')) { ?
>
193 <div
>Nicely format output with Tidy?
<input type
="checkbox" value
="1"
194 name
="tidy"<?php
if (!empty($_REQUEST['tidy'])) echo ' checked="checked"'; ?
> /></div
>
196 <div
>XHTML
1.0 Strict output?
<input type
="checkbox" value
="1"
197 name
="strict"<?php
if (!empty($_REQUEST['strict'])) echo ' checked="checked"'; ?
> /></div
>
198 <div
>Serve
as application
/xhtml+xml?
(not
for IE
) <input type
="checkbox" value
="1"
199 name
="xml"<?php
if (!empty($_REQUEST['xml'])) echo ' checked="checked"'; ?
> /></div
>
201 <input type
="submit" value
="Submit" name
="submit" class="button" />
205 <p
>Try the form in
<a href
="?get">GET
</a
> and <a href
="?post">POST
</a
> request
206 flavors (GET is easy to validate with W3C
, but POST allows larger inputs
).</p
>