4 * Validates a URI as defined by RFC 3986.
5 * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme
7 class HTMLPurifier_AttrDef_URI
extends HTMLPurifier_AttrDef
11 protected $embedsResource;
14 * @param $embeds_resource_resource Does the URI here result in an extra HTTP request?
16 public function __construct($embeds_resource = false) {
17 $this->parser
= new HTMLPurifier_URIParser();
18 $this->embedsResource
= (bool) $embeds_resource;
21 public function validate($uri, $config, $context) {
23 if ($config->get('URI', 'Disable')) return false;
25 $uri = $this->parseCDATA($uri);
28 $uri = $this->parser
->parse($uri);
29 if ($uri === false) return false;
31 // add embedded flag to context for validators
32 $context->register('EmbeddedURI', $this->embedsResource
);
38 $result = $uri->validate($config, $context);
42 $uri_def = $config->getDefinition('URI');
43 $result = $uri_def->filter($uri, $config, $context);
46 // scheme-specific validation
47 $scheme_obj = $uri->getSchemeObj($config, $context);
48 if (!$scheme_obj) break;
49 if ($this->embedsResource
&& !$scheme_obj->browsable
) break;
50 $result = $scheme_obj->validate($uri, $config, $context);
53 // Post chained filtering
54 $result = $uri_def->postFilter($uri, $config, $context);
62 $context->destroy('EmbeddedURI');
63 if (!$ok) return false;
66 $result = $uri->toString();
68 // munge entire URI if necessary
70 !is_null($uri->host
) && // indicator for authority
71 !empty($scheme_obj->browsable
) &&
72 !is_null($munge = $config->get('URI', 'Munge'))
74 $result = str_replace('%s', rawurlencode($result), $munge);