4 * Implements safety checks for safe iframes.
6 * @warning This filter is *critical* for ensuring that %HTML.SafeIframe
9 class HTMLPurifier_URIFilter_SafeIframe
extends HTMLPurifier_URIFilter
11 public $name = 'SafeIframe';
12 public $always_load = true;
13 protected $regexp = NULL;
14 // XXX: The not so good bit about how this is all setup now is we
15 // can't check HTML.SafeIframe in the 'prepare' step: we have to
16 // defer till the actual filtering.
17 public function prepare($config) {
18 $this->regexp
= $config->get('URI.SafeIframeRegexp');
21 public function filter(&$uri, $config, $context) {
22 // check if filter not applicable
23 if (!$config->get('HTML.SafeIframe')) return true;
24 // check if the filter should actually trigger
25 if (!$context->get('EmbeddedURI', true)) return true;
26 $token = $context->get('CurrentToken', true);
27 if (!($token && $token->name
== 'iframe')) return true;
28 // check if we actually have some whitelists enabled
29 if ($this->regexp
=== null) return false;
30 // actually check the whitelists
31 return preg_match($this->regexp
, $uri->toString());