HTMLPurifier 4.4.0
/home/ezyang/Dev/htmlpurifier/library/HTMLPurifier/URIFilter/SafeIframe.php
Go to the documentation of this file.
00001 <?php
00002 
00009 class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter
00010 {
00011     public $name = 'SafeIframe';
00012     public $always_load = true;
00013     protected $regexp = NULL;
00014     // XXX: The not so good bit about how this is all setup now is we
00015     // can't check HTML.SafeIframe in the 'prepare' step: we have to
00016     // defer till the actual filtering.
00017     public function prepare($config) {
00018         $this->regexp = $config->get('URI.SafeIframeRegexp');
00019         return true;
00020     }
00021     public function filter(&$uri, $config, $context) {
00022         // check if filter not applicable
00023         if (!$config->get('HTML.SafeIframe')) return true;
00024         // check if the filter should actually trigger
00025         if (!$context->get('EmbeddedURI', true)) return true;
00026         $token = $context->get('CurrentToken', true);
00027         if (!($token && $token->name == 'iframe')) return true;
00028         // check if we actually have some whitelists enabled
00029         if ($this->regexp === null) return false;
00030         // actually check the whitelists
00031         return preg_match($this->regexp, $uri->toString());
00032     }
00033 }
00034 
00035 // vim: et sw=4 sts=4