library/HTMLPurifier/HTMLModule/Forms.php

   1 <?php
   2
   3 /**
   4  * XHTML 1.1 Forms module, defines all form-related elements found in HTML 4.
   5  */
   6 class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
   7 {
   8     public $name = 'Forms';
   9     public $safe = false;
  10
  11     public $content_sets = array(
  12         'Block' => 'Form',
  13         'Inline' => 'Formctrl',
  14     );
  15
  16     public function setup($config) {
  17         $form = $this->addElement('form', 'Form',
  18           'Required: Heading | List | Block | fieldset', 'Common', array(
  19             'accept' => 'ContentTypes',
  20             'accept-charset' => 'Charsets',
  21             'action*' => 'URI',
  22             'method' => 'Enum#get,post',
  23             // really ContentType, but these two are the only ones used today
  24             'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data',
  25         ));
  26         $form->excludes = array('form' => true);
  27
  28         $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array(
  29             'accept' => 'ContentTypes',
  30             'accesskey' => 'Character',
  31             'alt' => 'Text',
  32             'checked' => 'Bool#checked',
  33             'disabled' => 'Bool#disabled',
  34             'maxlength' => 'Number',
  35             'name' => 'CDATA',
  36             'readonly' => 'Bool#readonly',
  37             'size' => 'Number',
  38             'src' => 'URI#embeds',
  39             'tabindex' => 'Number',
  40             'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
  41             'value' => 'CDATA',
  42         ));
  43         $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input();
  44
  45         $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array(
  46             'disabled' => 'Bool#disabled',
  47             'multiple' => 'Bool#multiple',
  48             'name' => 'CDATA',
  49             'size' => 'Number',
  50             'tabindex' => 'Number',
  51         ));
  52
  53         $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array(
  54             'disabled' => 'Bool#disabled',
  55             'label' => 'Text',
  56             'selected' => 'Bool#selected',
  57             'value' => 'CDATA',
  58         ));
  59         // It's illegal for there to be more than one selected, but not
  60         // be multiple. Also, no selected means undefined behavior. This might
  61         // be difficult to implement; perhaps an injector, or a context variable.
  62
  63         $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array(
  64             'accesskey' => 'Character',
  65             'cols*' => 'Number',
  66             'disabled' => 'Bool#disabled',
  67             'name' => 'CDATA',
  68             'readonly' => 'Bool#readonly',
  69             'rows*' => 'Number',
  70             'tabindex' => 'Number',
  71         ));
  72         $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea();
  73
  74         $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array(
  75             'accesskey' => 'Character',
  76             'disabled' => 'Bool#disabled',
  77             'name' => 'CDATA',
  78             'tabindex' => 'Number',
  79             'type' => 'Enum#button,submit,reset',
  80             'value' => 'CDATA',
  81         ));
  82
  83         // For exclusions, ideally we'd specify content sets, not literal elements
  84         $button->excludes = $this->makeLookup(
  85             'form', 'fieldset', // Form
  86             'input', 'select', 'textarea', 'label', 'button', // Formctrl
  87             'a' // as per HTML 4.01 spec, this is omitted by modularization
  88         );
  89
  90         // Extra exclusion: img usemap="" is not permitted within this element.
  91         // We'll omit this for now, since we don't have any good way of
  92         // indicating it yet.
  93
  94         // This is HIGHLY user-unfriendly; we need a custom child-def for this
  95         $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common');
  96
  97         $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array(
  98             'accesskey' => 'Character',
  99             // 'for' => 'IDREF', // IDREF not implemented, cannot allow
 100         ));
 101         $label->excludes = array('label' => true);
 102
 103         $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array(
 104             'accesskey' => 'Character',
 105         ));
 106
 107         $this->addElement('optgroup', false, 'Required: option', 'Common', array(
 108             'disabled' => 'Bool#disabled',
 109             'label*' => 'Text',
 110         ));
 111
 112         // Don't forget an injector for <isindex>. This one's a little complex
 113         // because it maps to multiple elements.
 114
 115     }
 116 }
 117