[Sommaire] [Imprimer]

   1  <?php
   2  error_reporting (E_ALL);
   3  /*
   4  
   5      Example for Safehtml
   6  
   7  */
   8  
   9  define('XML_HTMLSAX3', dirname(__FILE__). "/classes/");
  10  ?>
  11  
  12  <html>
  13      <head>
  14          <style>
  15              STRIKE, S
  16                  {
  17                  color: #999999
  18                  }
  19          </style>
  20      </head>
  21  
  22      <body>
  23          <h2> SAFEHTML Testing interface</h2> This parser strip down all potentially dangerous content within HTML:
  24  
  25          <ul>
  26              <li> opening tag without its closing tag
  27  
  28              <li> closing tag without its opening tag
  29  
  30              <li> any of these tags: "base", "basefont", "head", "html", "body", "applet", "object", "iframe", "frame", "frameset", "script", "layer", "ilayer", "embed", "bgsound", "link", "meta", "style", "title", "blink", "xml" etc.
  31  
  32              <li> any of these attributes: on*, data*, dynsrc
  33  
  34              <li> javascript:/vbscript:/about: etc. protocols
  35  
  36              <li> expression/behavior etc. in styles
  37  
  38              <li> any other active content
  39          </ul>
  40  
  41          <p>
  42  
  43          If you found any bugs in this parser, please inform me &mdash; ICQ:551593 or <a href = mailto:thingol@mail.ru>thingol@mail.ru</a> - Roman Ivanov.
  44  
  45          <form method = "post" action = "<?php echo $_SERVER["PHP_SELF"];?>">
  46              <textarea name = "html" rows = "10" cols = "100">
  47                  <?
  48                  if (isset($_POST["html"])) {
  49                      $_POST["html"] = stripslashes($_POST["html"]);
  50                      echo htmlspecialchars($_POST["html"]);
  51                  }
  52                  ?>
  53  
  54              </textarea>
  55  
  56              <input type = "submit">
  57          </form>
  58  
  59          <?php
  60          require_once  ('classes/safehtml.php');
  61  
  62  		function getmicrotime () {
  63              list($usec, $sec) = explode(" ", microtime());
  64              return ((float)$usec + (float)$sec);
  65          }
  66  
  67          if (isset($_POST["html"])) {
  68              $doc = $_POST["html"];
  69  
  70              // Instantiate the handler
  71              $safehtml = &new safehtml();
  72  
  73              echo ('<pre>');
  74              // Time HTMLSax
  75              $start = getmicrotime();
  76              $result = $safehtml->parse($doc);
  77              echo ("Parsing took seconds:\t\t" . (getmicrotime() - $start));
  78              echo ('</pre>');
  79  
  80              echo ('<b>Source code after filtration:</b><br/>');
  81              echo (htmlspecialchars($result));
  82  
  83              echo ('<p><b>Code after filtration as is (HTML):</b><br/>');
  84              echo ($result);
  85          }
  86          ?>
  87  
  88                  <hr>
  89                  <h3> Many thanks:</h3>
  90  
  91                  <ul>
  92                      <li> HTMLSax authors
  93  
  94                      <li> lj user=BOLK
  95  
  96                      <li> lj user=ati & lj user=curiousweasel
  97  
  98                      <li> lj user=teplorod
  99  
 100                      <li> Boris Bogdanov
 101  
 102                      <li>Mash
 103  
 104                      <li> lj user=electrocat
 105  
 106                      <li>shmel
 107  
 108                      <li> John "Gozzy" Godsland
 109  
 110                      <li> Christian Stocker
 111  
 112                      <li> Nick Cleaton
 113                  </ul>
 114  
 115                  <hr/>
 116  
 117                  <a href = "http://pixel-apes.com/safehtml"> Download Safehtml</a>.
 118  
 119                  <br/>
 120  
 121                  Copyright &copy; 2004-2005, Roman Ivanov.
 122  
 123                  <br/>
 124  
 125                  All rights reserved.
 126      </body>
 127  </html>