HTMLPurifier 4.4.0
|
00001 <?php 00002 00009 class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter 00010 { 00011 public $name = 'SafeIframe'; 00012 public $always_load = true; 00013 protected $regexp = NULL; 00014 // XXX: The not so good bit about how this is all setup now is we 00015 // can't check HTML.SafeIframe in the 'prepare' step: we have to 00016 // defer till the actual filtering. 00017 public function prepare($config) { 00018 $this->regexp = $config->get('URI.SafeIframeRegexp'); 00019 return true; 00020 } 00021 public function filter(&$uri, $config, $context) { 00022 // check if filter not applicable 00023 if (!$config->get('HTML.SafeIframe')) return true; 00024 // check if the filter should actually trigger 00025 if (!$context->get('EmbeddedURI', true)) return true; 00026 $token = $context->get('CurrentToken', true); 00027 if (!($token && $token->name == 'iframe')) return true; 00028 // check if we actually have some whitelists enabled 00029 if ($this->regexp === null) return false; 00030 // actually check the whitelists 00031 return preg_match($this->regexp, $uri->toString()); 00032 } 00033 } 00034 00035 // vim: et sw=4 sts=4