library/HTMLPurifier/URIScheme/file.php

   1 <?php
   2
   3 /**
   4  * Validates file as defined by RFC 1630 and RFC 1738.
   5  */
   6 class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme {
   7
   8     // Generally file:// URLs are not accessible from most
   9     // machines, so placing them as an img src is incorrect.
  10     public $browsable = false;
  11
  12     // Basically the *only* URI scheme for which this is true, since
  13     // accessing files on the local machine is very common.  In fact,
  14     // browsers on some operating systems don't understand the
  15     // authority, though I hear it is used on Windows to refer to
  16     // network shares.
  17     public $may_omit_host = true;
  18
  19     public function doValidate(&$uri, $config, $context) {
  20         // Authentication method is not supported
  21         $uri->userinfo = null;
  22         // file:// makes no provisions for accessing the resource
  23         $uri->port     = null;
  24         // While it seems to work on Firefox, the querystring has
  25         // no possible effect and is thus stripped.
  26         $uri->query    = null;
  27         return true;
  28     }
  29
  30 }
  31
  32 // vim: et sw=4 sts=4