library/HTMLPurifier.php

   1 <?php
   2
   3 /*!
   4  * @mainpage
   5  *
   6  * HTMLPurifier is an HTML filter that will take an arbitrary snippet of
   7  * HTML and rigorously test, validate and filter it into a version that
   8  * is safe for output onto webpages. It achieves this by:
   9  *
  10  *  -# Lexing (parsing into tokens) the document,
  11  *  -# Executing various strategies on the tokens:
  12  *      -# Removing all elements not in the whitelist,
  13  *      -# Making the tokens well-formed,
  14  *      -# Fixing the nesting of the nodes, and
  15  *      -# Validating attributes of the nodes; and
  16  *  -# Generating HTML from the purified tokens.
  17  *
  18  * However, most users will only need to interface with the HTMLPurifier
  19  * class, so this massive amount of infrastructure is usually concealed.
  20  * If you plan on working with the internals, be sure to include
  21  * HTMLPurifier_ConfigDef and HTMLPurifier_Config.
  22  */
  23
  24 require_once 'HTMLPurifier/ConfigDef.php';
  25 require_once 'HTMLPurifier/Config.php';
  26 require_once 'HTMLPurifier/Lexer.php';
  27 require_once 'HTMLPurifier/HTMLDefinition.php';
  28 require_once 'HTMLPurifier/Generator.php';
  29 require_once 'HTMLPurifier/Strategy/Core.php';
  30
  31 /**
  32  * Main library execution class.
  33  *
  34  * Facade that performs calls to the HTMLPurifier_Lexer,
  35  * HTMLPurifier_Strategy and HTMLPurifier_Generator subsystems in order to
  36  * purify HTML.
  37  */
  38 class HTMLPurifier
  39 {
  40
  41     var $config;
  42
  43     var $lexer, $strategy, $generator;
  44
  45     /**
  46      * Initializes the purifier.
  47      * @param $config Optional HTMLPurifier_Config object for all instances of
  48      *                the purifier, if omitted, a default configuration is
  49      *                supplied.
  50      */
  51     function HTMLPurifier($config = null) {
  52         $this->config = $config ? $config : HTMLPurifier_Config::createDefault();
  53
  54         $this->lexer = HTMLPurifier_Lexer::create();
  55         $this->strategy = new HTMLPurifier_Strategy_Core();
  56         $this->generator = new HTMLPurifier_Generator();
  57     }
  58
  59     /**
  60      * Filters an HTML snippet/document to be XSS-free and standards-compliant.
  61      *
  62      * @param $html String of HTML to purify
  63      * @param $config HTMLPurifier_Config object for this operation, if omitted,
  64      *                defaults to the config object specified during this
  65      *                object's construction.
  66      * @return Purified HTML
  67      */
  68     function purify($html, $config = null) {
  69         $config = $config ? $config : $this->config;
  70         return
  71             $this->generator->generateFromTokens(
  72                 $this->strategy->execute(
  73                     $this->lexer->tokenizeHTML($html, $config),
  74                 $config
  75             ),
  76             $config
  77         );
  78     }
  79
  80 }
  81
  82 ?>