Subversion-Projekte lars-tiefland.prado

Revision

Details | Letzte Änderung | Log anzeigen | RSS feed

Revision Autor Zeilennr. Zeile
1 lars 1
<?php
2
/**
3
 * TSafeHtml class file
4
 *
5
 * @author Wei Zhuo <weizhuo[at]gmail[dot]com>
6
 * @link http://www.pradosoft.com/
7
 * @copyright Copyright &copy; 2005-2008 PradoSoft
8
 * @license http://www.pradosoft.com/license/
9
 * @version $Id: TSafeHtml.php 2541 2008-10-21 15:05:13Z qiang.xue $
10
 * @package System.Web.UI.WebControls
11
 */
12
 
13
/**
14
 * TSafeHtml class
15
 *
16
 * TSafeHtml is a control that strips down all potentially dangerous
17
 * HTML content. It is mainly a wrapper of {@link http://pixel-apes.com/safehtml/ SafeHTML}
18
 * project. According to the SafeHTML project, it tries to safeguard
19
 * the following situations when the string is to be displayed to end-users,
20
 * - Opening tag without its closing tag
21
 * - closing tag without its opening tag
22
 * - any of these tags: base, basefont, head, html, body, applet, object,
23
 *   iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link,
24
 *   meta, style, title, blink, xml, etc.
25
 * - any of these attributes: on*, data*, dynsrc
26
 * - javascript:/vbscript:/about: etc. protocols
27
 * - expression/behavior etc. in styles
28
 * - any other active content.
29
 *
30
 * To use TSafeHtml, simply enclose the content to be secured within
31
 * the body of TSafeHtml in a template.
32
 *
33
 * @author Wei Zhuo <weizhuo[at]gmail[dot]com>
34
 * @version $Id: TSafeHtml.php 2541 2008-10-21 15:05:13Z qiang.xue $
35
 * @package System.Web.UI.WebControls
36
 * @since 3.0
37
 */
38
class TSafeHtml extends TControl
39
{
40
	/**
41
	 * Renders body content.
42
	 * This method overrides parent implementation by removing
43
	 * malicious javascript code from the body content
44
	 * @param THtmlWriter writer
45
	 */
46
	public function render($writer)
47
	{
48
		$textWriter=new TTextWriter;
49
		parent::render(new THtmlWriter($textWriter));
50
		$writer->write($this->parseSafeHtml($textWriter->flush()));
51
	}
52
 
53
	/**
54
	 * Use SafeHTML to remove malicous javascript from the HTML content.
55
	 * @param string HTML content
56
	 * @return string safer HTML content
57
	 */
58
	protected function parseSafeHtml($text)
59
	{
60
		$renderer = Prado::createComponent('System.3rdParty.SafeHtml.TSafeHtmlParser');
61
		return $renderer->parse($text);
62
	}
63
}
64