[Sommaire] [Imprimer]

   1  <?php
   2  /**
   3   * TSafeHtml class file
   4   *
   5   * @author Wei Zhuo <weizhuo[at]gmail[dot]com>
   6   * @link http://www.pradosoft.com/
   7   * @copyright Copyright &copy; 2005 PradoSoft
   8   * @license http://www.pradosoft.com/license/
   9   * @version $Id: TSafeHtml.php 1397 2006-09-07 07:55:53Z wei $
  10   * @package System.Web.UI.WebControls
  11   */
  12  
  13  /**
  14   * TSafeHtml class
  15   *
  16   * TSafeHtml is a control that strips down all potentially dangerous
  17   * HTML content. It is mainly a wrapper of {@link http://pixel-apes.com/safehtml/ SafeHTML}
  18   * project. According to the SafeHTML project, it tries to safeguard
  19   * the following situations when the string is to be displayed to end-users,
  20   * - Opening tag without its closing tag
  21   * - closing tag without its opening tag
  22   * - any of these tags: base, basefont, head, html, body, applet, object,
  23   *   iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link,
  24   *   meta, style, title, blink, xml, etc.
  25   * - any of these attributes: on*, data*, dynsrc
  26   * - javascript:/vbscript:/about: etc. protocols
  27   * - expression/behavior etc. in styles
  28   * - any other active content.
  29   *
  30   * To use TSafeHtml, simply enclose the content to be secured within
  31   * the body of TSafeHtml in a template.
  32   *
  33   * @author Wei Zhuo <weizhuo[at]gmail[dot]com>
  34   * @version $Id: TSafeHtml.php 1397 2006-09-07 07:55:53Z wei $
  35   * @package System.Web.UI.WebControls
  36   * @since 3.0
  37   */
  38  class TSafeHtml extends TControl
  39  {
  40      /**
  41       * Renders body content.
  42       * This method overrides parent implementation by removing
  43       * malicious javascript code from the body content
  44       * @param THtmlWriter writer
  45       */
  46  	public function render($writer)
  47      {
  48          $textWriter=new TTextWriter;
  49          parent::render(new THtmlWriter($textWriter));
  50          $writer->write($this->parseSafeHtml($textWriter->flush()));
  51      }
  52  
  53      /**
  54       * Use SafeHTML to remove malicous javascript from the HTML content.
  55       * @param string HTML content
  56       * @return string safer HTML content
  57       */
  58  	protected function parseSafeHtml($text)
  59      {
  60          $renderer = Prado::createComponent('System.3rdParty.SafeHtml.TSafeHtmlParser');
  61          return $renderer->parse($text);
  62      }
  63  }
  64  
  65  ?>