library/HTMLPurifier.php

   1 <?php
   2
   3 /*!
   4  * @mainpage
   5  *
   6  * HTML Purifier is an HTML filter that will take an arbitrary snippet of
   7  * HTML and rigorously test, validate and filter it into a version that
   8  * is safe for output onto webpages. It achieves this by:
   9  *
  10  *  -# Lexing (parsing into tokens) the document,
  11  *  -# Executing various strategies on the tokens:
  12  *      -# Removing all elements not in the whitelist,
  13  *      -# Making the tokens well-formed,
  14  *      -# Fixing the nesting of the nodes, and
  15  *      -# Validating attributes of the nodes; and
  16  *  -# Generating HTML from the purified tokens.
  17  *
  18  * However, most users will only need to interface with the HTMLPurifier
  19  * class, so this massive amount of infrastructure is usually concealed.
  20  * If you plan on working with the internals, be sure to include
  21  * HTMLPurifier_ConfigSchema and HTMLPurifier_Config.
  22  */
  23
  24 /*
  25     HTML Purifier 1.2.0 - Standards Compliant HTML Filtering
  26     Copyright (C) 2006 Edward Z. Yang
  27
  28     This library is free software; you can redistribute it and/or
  29     modify it under the terms of the GNU Lesser General Public
  30     License as published by the Free Software Foundation; either
  31     version 2.1 of the License, or (at your option) any later version.
  32
  33     This library is distributed in the hope that it will be useful,
  34     but WITHOUT ANY WARRANTY; without even the implied warranty of
  35     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  36     Lesser General Public License for more details.
  37
  38     You should have received a copy of the GNU Lesser General Public
  39     License along with this library; if not, write to the Free Software
  40     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  41  */
  42
  43 // almost every class has an undocumented dependency to these, so make sure
  44 // they get included
  45 require_once 'HTMLPurifier/ConfigSchema.php';
  46 require_once 'HTMLPurifier/Config.php';
  47 require_once 'HTMLPurifier/Context.php';
  48
  49 require_once 'HTMLPurifier/Lexer.php';
  50 require_once 'HTMLPurifier/Generator.php';
  51 require_once 'HTMLPurifier/Strategy/Core.php';
  52 require_once 'HTMLPurifier/Encoder.php';
  53
  54 /**
  55  * Main library execution class.
  56  *
  57  * Facade that performs calls to the HTMLPurifier_Lexer,
  58  * HTMLPurifier_Strategy and HTMLPurifier_Generator subsystems in order to
  59  * purify HTML.
  60  *
  61  * @todo We need an easier way to inject strategies, it'll probably end
  62  *       up getting done through config though.
  63  */
  64 class HTMLPurifier
  65 {
  66
  67     var $config;
  68
  69     var $lexer, $strategy, $generator;
  70
  71     /**
  72      * Initializes the purifier.
  73      * @param $config Optional HTMLPurifier_Config object for all instances of
  74      *                the purifier, if omitted, a default configuration is
  75      *                supplied (which can be overridden on a per-use basis).
  76      */
  77     function HTMLPurifier($config = null) {
  78
  79         $this->config = $config ? $config : HTMLPurifier_Config::createDefault();
  80
  81         $this->lexer        = HTMLPurifier_Lexer::create();
  82         $this->strategy     = new HTMLPurifier_Strategy_Core();
  83         $this->generator    = new HTMLPurifier_Generator();
  84         $this->encoder      = new HTMLPurifier_Encoder();
  85
  86     }
  87
  88     /**
  89      * Filters an HTML snippet/document to be XSS-free and standards-compliant.
  90      *
  91      * @param $html String of HTML to purify
  92      * @param $config HTMLPurifier_Config object for this operation, if omitted,
  93      *                defaults to the config object specified during this
  94      *                object's construction.
  95      * @return Purified HTML
  96      */
  97     function purify($html, $config = null) {
  98         $config = $config ? $config : $this->config;
  99         $context =& new HTMLPurifier_Context();
 100         $html = $this->encoder->convertToUTF8($html, $config, $context);
 101         $html =
 102             $this->generator->generateFromTokens(
 103                 $this->strategy->execute(
 104                     $this->lexer->tokenizeHTML($html, $config, $context),
 105                     $config, $context
 106                 ),
 107                 $config, $context
 108             );
 109         $html = $this->encoder->convertFromUTF8($html, $config, $context);
 110         return $html;
 111     }
 112
 113 }
 114
 115 ?>