1
|
|
|
<?php |
2
|
|
|
namespace EZAMA{ |
3
|
|
|
abstract class htmlstripHelper |
4
|
|
|
{ |
5
|
|
|
const TAGS=3; |
6
|
|
|
const ATTRIBUTES=4; |
7
|
|
|
const TAGS_AND_ATTRIBUTES=1; |
8
|
|
|
const TAGS_WITH_ATTRIBUTES=2; |
9
|
|
|
|
10
|
|
|
protected $is_php=false; |
11
|
|
|
protected $is_html=false; |
12
|
|
|
protected $allowedTags=array(); |
13
|
|
|
protected $allowedAttributes=array(); |
14
|
|
|
protected $html=''; |
15
|
|
|
protected $doctype; |
16
|
|
|
protected $body; |
17
|
|
|
protected $head; |
18
|
|
|
protected $html_tag; |
19
|
|
|
protected static $events_attributes=array( |
20
|
|
|
'onabort' => 1, |
21
|
|
|
'onafterprint' => 1, |
22
|
|
|
'onbeforeprint' => 1, |
23
|
|
|
'onbeforeunload' => 1, |
24
|
|
|
'onblur' => 1, |
25
|
|
|
'oncanplay' => 1, |
26
|
|
|
'oncanplaythrough' => 1, |
27
|
|
|
'onchange' => 1, |
28
|
|
|
'onclick' => 1, |
29
|
|
|
'oncontextmenu' => 1, |
30
|
|
|
'oncopy' => 1, |
31
|
|
|
'oncuechange' => 1, |
32
|
|
|
'oncut' => 1, |
33
|
|
|
'ondblclick' => 1, |
34
|
|
|
'ondrag' => 1, |
35
|
|
|
'ondragend' => 1, |
36
|
|
|
'ondragenter' => 1, |
37
|
|
|
'ondragleave' => 1, |
38
|
|
|
'ondragover' => 1, |
39
|
|
|
'ondragstart' => 1, |
40
|
|
|
'ondrop' => 1, |
41
|
|
|
'ondurationchange' => 1, |
42
|
|
|
'onemptied' => 1, |
43
|
|
|
'onended' => 1, |
44
|
|
|
'onerror' => 1, |
45
|
|
|
'onfocus' => 1, |
46
|
|
|
'onhashchange' => 1, |
47
|
|
|
'oninput' => 1, |
48
|
|
|
'oninvalid' => 1, |
49
|
|
|
'onkeydown' => 1, |
50
|
|
|
'onkeypress' => 1, |
51
|
|
|
'onkeyup' => 1, |
52
|
|
|
'onload' => 1, |
53
|
|
|
'onloadeddata' => 1, |
54
|
|
|
'onloadedmetadata' => 1, |
55
|
|
|
'onloadstart' => 1, |
56
|
|
|
'onmousedown' => 1, |
57
|
|
|
'onmousemove' => 1, |
58
|
|
|
'onmouseout' => 1, |
59
|
|
|
'onmouseover' => 1, |
60
|
|
|
'onmouseup' => 1, |
61
|
|
|
'onmousewheel' => 1, |
62
|
|
|
'onoffline' => 1, |
63
|
|
|
'ononline' => 1, |
64
|
|
|
'onpageshow' => 1, |
65
|
|
|
'onpaste' => 1, |
66
|
|
|
'onpause' => 1, |
67
|
|
|
'onplay' => 1, |
68
|
|
|
'onplaying' => 1, |
69
|
|
|
'onprogress' => 1, |
70
|
|
|
'onratechange' => 1, |
71
|
|
|
'onreset' => 1, |
72
|
|
|
'onresize' => 1, |
73
|
|
|
'onscroll' => 1, |
74
|
|
|
'onsearch' => 1, |
75
|
|
|
'onseeked' => 1, |
76
|
|
|
'onseeking' => 1, |
77
|
|
|
'onselect' => 1, |
78
|
|
|
'onstalled' => 1, |
79
|
|
|
'onsubmit' => 1, |
80
|
|
|
'onsuspend' => 1, |
81
|
|
|
'ontimeupdate' => 1, |
82
|
|
|
'ontoggle' => 1, |
83
|
|
|
'onunload' => 1, |
84
|
|
|
'onvolumechange' => 1, |
85
|
|
|
'onwaiting' => 1, |
86
|
|
|
'onwheel' => 1 |
87
|
|
|
); |
88
|
|
|
|
89
|
|
|
protected static $attributes=array( |
90
|
|
|
'accept' => 1, |
91
|
|
|
'accesskey' => 1, |
92
|
|
|
'action' => 1, |
93
|
|
|
'alt' => 1, |
94
|
|
|
'async' => 1, |
95
|
|
|
'autocomplete' => 1, |
96
|
|
|
'autofocus' => 1, |
97
|
|
|
'autoplay' => 1, |
98
|
|
|
'charset' => 1, |
99
|
|
|
'checked' => 1, |
100
|
|
|
'cite' => 1, |
101
|
|
|
'class' => 1, |
102
|
|
|
'cols' => 1, |
103
|
|
|
'colspan' => 1, |
104
|
|
|
'content' => 1, |
105
|
|
|
'contenteditable' => 1, |
106
|
|
|
'controls' => 1, |
107
|
|
|
'coords' => 1, |
108
|
|
|
'data' => 1, |
109
|
|
|
'datetime' => 1, |
110
|
|
|
'default' => 1, |
111
|
|
|
'defer' => 1, |
112
|
|
|
'dir' => 1, |
113
|
|
|
'dirname' => 1, |
114
|
|
|
'disabled' => 1, |
115
|
|
|
'download' => 1, |
116
|
|
|
'draggable' => 1, |
117
|
|
|
'dropzone' => 1, |
118
|
|
|
'enctype' => 1, |
119
|
|
|
'for' => 1, |
120
|
|
|
'form' => 1, |
121
|
|
|
'formaction' => 1, |
122
|
|
|
'headers' => 1, |
123
|
|
|
'height' => 1, |
124
|
|
|
'hidden' => 1, |
125
|
|
|
'high' => 1, |
126
|
|
|
'href' => 1, |
127
|
|
|
'hreflang' => 1, |
128
|
|
|
'http' => 1, |
129
|
|
|
'id' => 1, |
130
|
|
|
'ismap' => 1, |
131
|
|
|
'kind' => 1, |
132
|
|
|
'label' => 1, |
133
|
|
|
'lang' => 1, |
134
|
|
|
'list' => 1, |
135
|
|
|
'loop' => 1, |
136
|
|
|
'low' => 1, |
137
|
|
|
'max' => 1, |
138
|
|
|
'maxlength' => 1, |
139
|
|
|
'media' => 1, |
140
|
|
|
'method' => 1, |
141
|
|
|
'min' => 1, |
142
|
|
|
'multiple' => 1, |
143
|
|
|
'muted' => 1, |
144
|
|
|
'name' => 1, |
145
|
|
|
'novalidate' => 1, |
146
|
|
|
'onabort' => 1, |
147
|
|
|
'onafterprint' => 1, |
148
|
|
|
'onbeforeprint' => 1, |
149
|
|
|
'onbeforeunload' => 1, |
150
|
|
|
'onblur' => 1, |
151
|
|
|
'oncanplay' => 1, |
152
|
|
|
'oncanplaythrough' => 1, |
153
|
|
|
'onchange' => 1, |
154
|
|
|
'onclick' => 1, |
155
|
|
|
'oncontextmenu' => 1, |
156
|
|
|
'oncopy' => 1, |
157
|
|
|
'oncuechange' => 1, |
158
|
|
|
'oncut' => 1, |
159
|
|
|
'ondblclick' => 1, |
160
|
|
|
'ondrag' => 1, |
161
|
|
|
'ondragend' => 1, |
162
|
|
|
'ondragenter' => 1, |
163
|
|
|
'ondragleave' => 1, |
164
|
|
|
'ondragover' => 1, |
165
|
|
|
'ondragstart' => 1, |
166
|
|
|
'ondrop' => 1, |
167
|
|
|
'ondurationchange' => 1, |
168
|
|
|
'onemptied' => 1, |
169
|
|
|
'onended' => 1, |
170
|
|
|
'onerror' => 1, |
171
|
|
|
'onfocus' => 1, |
172
|
|
|
'onhashchange' => 1, |
173
|
|
|
'oninput' => 1, |
174
|
|
|
'oninvalid' => 1, |
175
|
|
|
'onkeydown' => 1, |
176
|
|
|
'onkeypress' => 1, |
177
|
|
|
'onkeyup' => 1, |
178
|
|
|
'onload' => 1, |
179
|
|
|
'onloadeddata' => 1, |
180
|
|
|
'onloadedmetadata' => 1, |
181
|
|
|
'onloadstart' => 1, |
182
|
|
|
'onmousedown' => 1, |
183
|
|
|
'onmousemove' => 1, |
184
|
|
|
'onmouseout' => 1, |
185
|
|
|
'onmouseover' => 1, |
186
|
|
|
'onmouseup' => 1, |
187
|
|
|
'onmousewheel' => 1, |
188
|
|
|
'onoffline' => 1, |
189
|
|
|
'ononline' => 1, |
190
|
|
|
'onpageshow' => 1, |
191
|
|
|
'onpaste' => 1, |
192
|
|
|
'onpause' => 1, |
193
|
|
|
'onplay' => 1, |
194
|
|
|
'onplaying' => 1, |
195
|
|
|
'onprogress' => 1, |
196
|
|
|
'onratechange' => 1, |
197
|
|
|
'onreset' => 1, |
198
|
|
|
'onresize' => 1, |
199
|
|
|
'onscroll' => 1, |
200
|
|
|
'onsearch' => 1, |
201
|
|
|
'onseeked' => 1, |
202
|
|
|
'onseeking' => 1, |
203
|
|
|
'onselect' => 1, |
204
|
|
|
'onstalled' => 1, |
205
|
|
|
'onsubmit' => 1, |
206
|
|
|
'onsuspend' => 1, |
207
|
|
|
'ontimeupdate' => 1, |
208
|
|
|
'ontoggle' => 1, |
209
|
|
|
'onunload' => 1, |
210
|
|
|
'onvolumechange' => 1, |
211
|
|
|
'onwaiting' => 1, |
212
|
|
|
'onwheel' => 1, |
213
|
|
|
'open' => 1, |
214
|
|
|
'optimum' => 1, |
215
|
|
|
'pattern' => 1, |
216
|
|
|
'placeholder' => 1, |
217
|
|
|
'poster' => 1, |
218
|
|
|
'preload' => 1, |
219
|
|
|
'readonly' => 1, |
220
|
|
|
'rel' => 1, |
221
|
|
|
'required' => 1, |
222
|
|
|
'reversed' => 1, |
223
|
|
|
'rows' => 1, |
224
|
|
|
'rowspan' => 1, |
225
|
|
|
'sandbox' => 1, |
226
|
|
|
'scope' => 1, |
227
|
|
|
'selected' => 1, |
228
|
|
|
'shape' => 1, |
229
|
|
|
'size' => 1, |
230
|
|
|
'sizes' => 1, |
231
|
|
|
'span' => 1, |
232
|
|
|
'spellcheck' => 1, |
233
|
|
|
'src' => 1, |
234
|
|
|
'srcdoc' => 1, |
235
|
|
|
'srclang' => 1, |
236
|
|
|
'source' => 1, |
237
|
|
|
'start' => 1, |
238
|
|
|
'step' => 1, |
239
|
|
|
'style' => 1, |
240
|
|
|
'tabindex' => 1, |
241
|
|
|
'target' => 1, |
242
|
|
|
'title' => 1, |
243
|
|
|
'translate' => 1, |
244
|
|
|
'type' => 1, |
245
|
|
|
'usemap' => 1, |
246
|
|
|
'value' => 1, |
247
|
|
|
'width' => 1, |
248
|
|
|
'wrap' => 1, |
249
|
|
|
); |
250
|
|
|
protected static $tags=array( |
251
|
|
|
'<php>'=> 1, |
252
|
|
|
'<!-- -->' => 1, |
253
|
|
|
'<doctypetag>' => 1, |
254
|
|
|
'<a>' => 1, |
255
|
|
|
'<abbr>' => 1, |
256
|
|
|
'<acronym>' => 1, |
257
|
|
|
'<address>' => 1, |
258
|
|
|
'<applet>' => 1, |
259
|
|
|
'<embed>' => 1, |
260
|
|
|
'<object>' => 1, |
261
|
|
|
'<area>' => 1, |
262
|
|
|
'<article>' => 1, |
263
|
|
|
'<aside>' => 1, |
264
|
|
|
'<audio>' => 1, |
265
|
|
|
'<b>' => 1, |
266
|
|
|
'<base>' => 1, |
267
|
|
|
'<basefont>' => 1, |
268
|
|
|
'<bdi>' => 1, |
269
|
|
|
'<bdo>' => 1, |
270
|
|
|
'<big>' => 1, |
271
|
|
|
'<blockquote>' => 1, |
272
|
|
|
'<bodytag>' => 1, |
273
|
|
|
'<br>' => 1, |
274
|
|
|
'<button>' => 1, |
275
|
|
|
'<canvas>' => 1, |
276
|
|
|
'<caption>' => 1, |
277
|
|
|
'<center>' => 1, |
278
|
|
|
'<cite>' => 1, |
279
|
|
|
'<code>' => 1, |
280
|
|
|
'<col>' => 1, |
281
|
|
|
'<colgroup>' => 1, |
282
|
|
|
'<data>' => 1, |
283
|
|
|
'<datalist>' => 1, |
284
|
|
|
'<dd>' => 1, |
285
|
|
|
'<del>' => 1, |
286
|
|
|
'<details>' => 1, |
287
|
|
|
'<dfn>' => 1, |
288
|
|
|
'<dialog>' => 1, |
289
|
|
|
'<dir>' => 1, |
290
|
|
|
'<ul>' => 1, |
291
|
|
|
'<div>' => 1, |
292
|
|
|
'<dl>' => 1, |
293
|
|
|
'<dt>' => 1, |
294
|
|
|
'<em>' => 1, |
295
|
|
|
'<fieldset>' => 1, |
296
|
|
|
'<figcaption>' => 1, |
297
|
|
|
'<figure>' => 1, |
298
|
|
|
'<font>' => 1, |
299
|
|
|
'<footer>' => 1, |
300
|
|
|
'<form>' => 1, |
301
|
|
|
'<frame>' => 1, |
302
|
|
|
'<frameset>' => 1, |
303
|
|
|
'<h1>' => 1, |
304
|
|
|
'<h2>' => 1, |
305
|
|
|
'<h3>' => 1, |
306
|
|
|
'<h5>' => 1, |
307
|
|
|
'<h6>' => 1, |
308
|
|
|
'<hn>' => 1, |
309
|
|
|
'<head>' => 1, |
310
|
|
|
'<header>' => 1, |
311
|
|
|
'<hr>' => 1, |
312
|
|
|
'<htmltag>' => 1, |
313
|
|
|
'<i>' => 1, |
314
|
|
|
'<iframe>' => 1, |
315
|
|
|
'<img>' => 1, |
316
|
|
|
'<input>' => 1, |
317
|
|
|
'<ins>' => 1, |
318
|
|
|
'<kbd>' => 1, |
319
|
|
|
'<label>' => 1, |
320
|
|
|
'<legend>' => 1, |
321
|
|
|
'<li>' => 1, |
322
|
|
|
'<link>' => 1, |
323
|
|
|
'<main>' => 1, |
324
|
|
|
'<map>' => 1, |
325
|
|
|
'<mark>' => 1, |
326
|
|
|
'<meta>' => 1, |
327
|
|
|
'<meter>' => 1, |
328
|
|
|
'<nav>' => 1, |
329
|
|
|
'<noframes>' => 1, |
330
|
|
|
'<noscript>' => 1, |
331
|
|
|
'<ol>' => 1, |
332
|
|
|
'<optgroup>' => 1, |
333
|
|
|
'<option>' => 1, |
334
|
|
|
'<output>' => 1, |
335
|
|
|
'<p>' => 1, |
336
|
|
|
'<param>' => 1, |
337
|
|
|
'<picture>' => 1, |
338
|
|
|
'<pre>' => 1, |
339
|
|
|
'<progress>' => 1, |
340
|
|
|
'<q>' => 1, |
341
|
|
|
'<rp>' => 1, |
342
|
|
|
'<rt>' => 1, |
343
|
|
|
'<ruby>' => 1, |
344
|
|
|
'<s>' => 1, |
345
|
|
|
'<samp>' => 1, |
346
|
|
|
'<script>' => 1, |
347
|
|
|
'<section>' => 1, |
348
|
|
|
'<select>' => 1, |
349
|
|
|
'<small>' => 1, |
350
|
|
|
'<source>' => 1, |
351
|
|
|
'<span>' => 1, |
352
|
|
|
'<strike>' => 1, |
353
|
|
|
'<strong>' => 1, |
354
|
|
|
'<style>' => 1, |
355
|
|
|
'<sub>' => 1, |
356
|
|
|
'<summary>' => 1, |
357
|
|
|
'<sup>' => 1, |
358
|
|
|
'<svg>' => 1, |
359
|
|
|
'<table>' => 1, |
360
|
|
|
'<tbody>' => 1, |
361
|
|
|
'<td>' => 1, |
362
|
|
|
'<template>' => 1, |
363
|
|
|
'<textarea>' => 1, |
364
|
|
|
'<tfoot>' => 1, |
365
|
|
|
'<th>' => 1, |
366
|
|
|
'<thead>' => 1, |
367
|
|
|
'<time>' => 1, |
368
|
|
|
'<title>' => 1, |
369
|
|
|
'<tr>' => 1, |
370
|
|
|
'<track>' => 1, |
371
|
|
|
'<tt>' => 1, |
372
|
|
|
'<u>' => 1, |
373
|
|
|
'<var>' => 1, |
374
|
|
|
'<video>' => 1, |
375
|
|
|
'<wbr>' => 1, |
376
|
|
|
); |
377
|
|
|
protected function loadHTML($html) |
378
|
|
|
{ |
379
|
|
|
$xml = new \DOMDocument(); |
380
|
|
|
//Suppress warnings: proper error handling is beyond scope of example |
381
|
|
|
libxml_use_internal_errors(true); |
382
|
|
|
if (!strlen($html)) { |
383
|
|
|
throw new \InvalidArgumentException("Empty string given"); |
384
|
|
|
} |
385
|
|
|
$true=$xml->loadHTML($html, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD); |
386
|
|
|
if ($true) { |
387
|
|
|
$this->html=$xml; |
388
|
|
|
} |
389
|
|
|
} |
390
|
|
|
protected function handleTags($notAllowedTags, $callback, $callback1) |
391
|
|
|
{ |
392
|
|
|
if (!is_array($notAllowedTags)) { |
393
|
|
|
return false; |
394
|
|
|
} |
395
|
|
|
if (count($notAllowedTags) !== 2) { |
396
|
|
|
return false; |
397
|
|
|
} |
398
|
|
|
$notAllowedTags=array_values($notAllowedTags); |
399
|
|
|
$keep=(bool)$notAllowedTags[1]; |
400
|
|
|
$notAllowedTags=$notAllowedTags[0]; |
401
|
|
|
if (is_string($notAllowedTags)) { |
402
|
|
|
$notAllowedTags=explode(',', $notAllowedTags); |
403
|
|
|
} |
404
|
|
|
if (is_array($notAllowedTags)) { |
405
|
|
|
$notAllowedTags=array_filter(array_map($callback, $notAllowedTags), $callback1); |
406
|
|
|
$this->allowedTags=!$keep?array_fill_keys($notAllowedTags, 1):array_diff_key(self::$tags, array_flip($notAllowedTags)); |
407
|
|
|
} else { |
408
|
|
|
return false; |
409
|
|
|
} |
410
|
|
|
return true; |
411
|
|
|
} |
412
|
|
|
|
413
|
|
|
protected function handleAttributes($notAllowedAttributes, $callback, $callback2) |
414
|
|
|
{ |
415
|
|
|
if (!is_array($notAllowedAttributes)) { |
416
|
|
|
return false; |
417
|
|
|
} |
418
|
|
|
if (count($notAllowedAttributes) !== 2) { |
419
|
|
|
return false; |
420
|
|
|
} |
421
|
|
|
$keep=(bool)$notAllowedAttributes[1]; |
422
|
|
|
$notAllowedAttributes=$notAllowedAttributes[0]; |
423
|
|
|
if (is_string($notAllowedAttributes)) { |
424
|
|
|
$notAllowedAttributes= explode(',', $notAllowedAttributes); |
425
|
|
|
} |
426
|
|
|
if (is_array($notAllowedAttributes)) { |
427
|
|
|
$notAllowedAttributes=array_filter(array_map($callback, $notAllowedAttributes), $callback2); |
428
|
|
|
$this->allowedAttributes=!$keep?array_fill_keys($notAllowedAttributes, 1):array_diff_key(self::$attributes, array_flip($notAllowedAttributes)); |
429
|
|
|
} else { |
430
|
|
|
return false; |
431
|
|
|
} |
432
|
|
|
return true; |
433
|
|
|
} |
434
|
|
|
|
435
|
|
|
protected static function handlePhp($is_php, $domDoc, &$allowed_tags) |
436
|
|
|
{ |
437
|
|
|
$result=$domDoc->saveHTML(); |
438
|
|
|
self::handleMainHtmlTags($result, $allowed_tags); |
439
|
|
|
return substr(($is_php&&isset($allowed_tags['<php>']))? |
440
|
|
|
str_replace(array('<php>','</php>'), array('<?php ',' ?>'), $result): |
441
|
|
|
$result, stripos($result, '<div>')+5, -7); |
442
|
|
|
} |
443
|
|
|
|
444
|
|
|
protected static function handleMainHtmlTags(&$result, &$allowed_tags) |
445
|
|
|
{ |
446
|
|
|
$result=str_replace( |
447
|
|
|
array('<doctypetag','</doctypetag>','<headtag ' ,'</headtag','<htmltag ','</htmltag','<bodytag ','</bodytag'), |
448
|
|
|
array('<!doctype ','','<head ','</head','<html ','</html','<body ','</body'), |
449
|
|
|
$result |
450
|
|
|
); |
451
|
|
|
if (!isset($allowed_tags['<doctypetag>'])) { |
452
|
|
|
$doctypeOffset=stripos($result, '<!doctype'); |
453
|
|
|
$result=str_replace(substr($result, $doctypeOffset, strpos($result, '>', $doctypeOffset)+1-$doctypeOffset), '', $result); |
454
|
|
|
} |
455
|
|
|
} |
456
|
|
|
protected static function handleComments($domDoc, &$allowed_tags) |
457
|
|
|
{ |
458
|
|
|
if (!isset($allowed_tags['<!-- -->'])) { |
459
|
|
|
$xpath = new \DOMXPath($domDoc); |
460
|
|
|
$DomComments=$xpath->query("//comment()"); |
461
|
|
|
foreach ($DomComments as $DomComment) { |
462
|
|
|
$DomComment->parentNode->removeChild($DomComment); |
463
|
|
|
} |
464
|
|
|
} |
465
|
|
|
} |
466
|
|
|
protected static function stripAttributes($tag, &$allowed_attrs, $type=1) |
467
|
|
|
{ |
468
|
|
|
if ($tag instanceof \DOMElement) { |
469
|
|
|
if ($type===2) { |
470
|
|
|
self:: stripAttributesTypeTwo($tag, $allowed_attrs); |
471
|
|
|
} else { |
472
|
|
|
self::stripAttributesTypeOne($tag, $allowed_attrs); |
473
|
|
|
} |
474
|
|
|
} |
475
|
|
|
} |
476
|
|
|
|
477
|
|
|
protected static function stripAttributesTypeOne($tag, &$allowed_attrs) |
478
|
|
|
{ |
479
|
|
|
foreach (Iterator_to_array($tag->attributes) as $attr) { |
480
|
|
|
if (!isset($allowed_attrs[$attr->nodeName])) { |
481
|
|
|
$tag->removeAttribute($attr->nodeName); |
482
|
|
|
} |
483
|
|
|
} |
484
|
|
|
} |
485
|
|
|
|
486
|
|
|
protected static function stripAttributesTypeTwo($tag, &$allowed_attrs) |
487
|
|
|
{ |
488
|
|
|
foreach (Iterator_to_array($tag->attributes) as $attr) { |
489
|
|
|
if (!isset($allowed_attrs[$attr->nodeName])) { |
490
|
|
|
if ($tag->parentNode) { |
491
|
|
|
$tag->parentNode->removeChild($tag); |
492
|
|
|
} |
493
|
|
|
} |
494
|
|
|
} |
495
|
|
|
} |
496
|
|
|
} |
497
|
|
|
|
498
|
|
|
} |
499
|
|
|
|