HTMLPurifier 4.4.0
|
00001 <?php 00002 00006 class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule 00007 { 00008 public $name = 'Forms'; 00009 public $safe = false; 00010 00011 public $content_sets = array( 00012 'Block' => 'Form', 00013 'Inline' => 'Formctrl', 00014 ); 00015 00016 public function setup($config) { 00017 $form = $this->addElement('form', 'Form', 00018 'Required: Heading | List | Block | fieldset', 'Common', array( 00019 'accept' => 'ContentTypes', 00020 'accept-charset' => 'Charsets', 00021 'action*' => 'URI', 00022 'method' => 'Enum#get,post', 00023 // really ContentType, but these two are the only ones used today 00024 'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data', 00025 )); 00026 $form->excludes = array('form' => true); 00027 00028 $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array( 00029 'accept' => 'ContentTypes', 00030 'accesskey' => 'Character', 00031 'alt' => 'Text', 00032 'checked' => 'Bool#checked', 00033 'disabled' => 'Bool#disabled', 00034 'maxlength' => 'Number', 00035 'name' => 'CDATA', 00036 'readonly' => 'Bool#readonly', 00037 'size' => 'Number', 00038 'src' => 'URI#embedded', 00039 'tabindex' => 'Number', 00040 'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image', 00041 'value' => 'CDATA', 00042 )); 00043 $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input(); 00044 00045 $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array( 00046 'disabled' => 'Bool#disabled', 00047 'multiple' => 'Bool#multiple', 00048 'name' => 'CDATA', 00049 'size' => 'Number', 00050 'tabindex' => 'Number', 00051 )); 00052 00053 $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array( 00054 'disabled' => 'Bool#disabled', 00055 'label' => 'Text', 00056 'selected' => 'Bool#selected', 00057 'value' => 'CDATA', 00058 )); 00059 // It's illegal for there to be more than one selected, but not 00060 // be multiple. Also, no selected means undefined behavior. This might 00061 // be difficult to implement; perhaps an injector, or a context variable. 00062 00063 $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array( 00064 'accesskey' => 'Character', 00065 'cols*' => 'Number', 00066 'disabled' => 'Bool#disabled', 00067 'name' => 'CDATA', 00068 'readonly' => 'Bool#readonly', 00069 'rows*' => 'Number', 00070 'tabindex' => 'Number', 00071 )); 00072 $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea(); 00073 00074 $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array( 00075 'accesskey' => 'Character', 00076 'disabled' => 'Bool#disabled', 00077 'name' => 'CDATA', 00078 'tabindex' => 'Number', 00079 'type' => 'Enum#button,submit,reset', 00080 'value' => 'CDATA', 00081 )); 00082 00083 // For exclusions, ideally we'd specify content sets, not literal elements 00084 $button->excludes = $this->makeLookup( 00085 'form', 'fieldset', // Form 00086 'input', 'select', 'textarea', 'label', 'button', // Formctrl 00087 'a', // as per HTML 4.01 spec, this is omitted by modularization 00088 'isindex', 'iframe' // legacy items 00089 ); 00090 00091 // Extra exclusion: img usemap="" is not permitted within this element. 00092 // We'll omit this for now, since we don't have any good way of 00093 // indicating it yet. 00094 00095 // This is HIGHLY user-unfriendly; we need a custom child-def for this 00096 $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common'); 00097 00098 $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array( 00099 'accesskey' => 'Character', 00100 // 'for' => 'IDREF', // IDREF not implemented, cannot allow 00101 )); 00102 $label->excludes = array('label' => true); 00103 00104 $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array( 00105 'accesskey' => 'Character', 00106 )); 00107 00108 $this->addElement('optgroup', false, 'Required: option', 'Common', array( 00109 'disabled' => 'Bool#disabled', 00110 'label*' => 'Text', 00111 )); 00112 00113 // Don't forget an injector for <isindex>. This one's a little complex 00114 // because it maps to multiple elements. 00115 00116 } 00117 } 00118 00119 // vim: et sw=4 sts=4