TSafeHtml - Code Metrics - Inspection of "Drop HTMLSax; use HTMLPurifier instead" - pradosoft/prado - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 4fd734...3bd73d )

by Fabio

created 2016-11-27 11:37 UTC

TSafeHtml A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	43
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	6

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	43
rs	10
wmc	5
lcom	1
cbo	6

4 Methods

Rating	Name	Size	Complexity
A	setConfig()	4	1
A	getConfig()	5	2
A	render()	6	1
A	parseSafeHtml()	5	1

<?php
/**
 * TSafeHtml class file
 *
 * @author Wei Zhuo <weizhuo[at]gmail[dot]com>
 * @link https://github.com/pradosoft/prado4
 * @copyright Copyright &copy; 2005-2016 The PRADO Group
 * @license https://github.com/pradosoft/prado4/blob/master/LICENSE
 * @package Prado\Web\UI\WebControls
 */

namespace Prado\Web\UI\WebControls;
use Prado\IO\TTextWriter;
use Prado\Prado;
use Prado\TPropertyValue;

/**
 * TSafeHtml class
 *
 * TSafeHtml is a control that strips down all potentially dangerous HTML content.
 * It is mainly a wrapper of {@link http://htmlpurifier.org/ HTMLPurifier} project.
 *
 * To use TSafeHtml, simply enclose the content to be secured within
 * the body of TSafeHtml in a template.
 *
 * You can specify a custom configuration for HTMLPurifier using the
 * {@link setConfig Config} property. Please refer to the
 * {@link http://htmlpurifier.org/docs HTMLPurifier documentation} for the
 * possibile configuration parameters.
 *
 * @author Wei Zhuo <weizhuo[at]gmail[dot]com>
 * @package Prado\Web\UI\WebControls
 * @since 3.0
 */
class TSafeHtml extends \Prado\Web\UI\TControl
{
	/**
	 * Sets a custom configuration for HTMLPurifier.
	 * @param \HTMLPurifier_Config custom configuration
	 */
	public function setConfig(\HTMLPurifier_Config $value)
	{
		$this->setViewState('Config', $value, null);
	}

	/**
	 * @return \HTMLPurifier_Config Configuration for HTMLPurifier.
	 */
	public function getConfig()
	{
		$config = $this->getViewState('Config', null);
		return ($config === null) ? \HTMLPurifier_Config::createDefault() : $config;
	}

	/**
	 * Renders body content.
	 * This method overrides parent implementation by removing malicious code from the body content
	 * @param THtmlWriter writer
	 */
	public function render($writer)
	{
		$htmlWriter = Prado::createComponent($this->GetResponse()->getHtmlWriterType(), new TTextWriter());
		parent::render($htmlWriter);
		$writer->write($this->parseSafeHtml($htmlWriter->flush()));
	}

	/**
	 * Use HTMLPurifier to remove malicous content from HTML.
	 * @param string HTML content
	 * @return string safer HTML content
	 */
	protected function parseSafeHtml($text)
	{
		$purifier = new \HTMLPurifier($this->getConfig());
		return $purifier->purify($text);
	}
}



1			<?php
2			/**
3			* TSafeHtml class file
4			*
5			* @author Wei Zhuo <weizhuo[at]gmail[dot]com>
6			* @link https://github.com/pradosoft/prado4
7			* @copyright Copyright © 2005-2016 The PRADO Group
8			* @license https://github.com/pradosoft/prado4/blob/master/LICENSE
9			* @package Prado\Web\UI\WebControls
10			*/
11
12			namespace Prado\Web\UI\WebControls;
13			use Prado\IO\TTextWriter;
14			use Prado\Prado;
15			use Prado\TPropertyValue;
16
17			/**
18			* TSafeHtml class
19			*
20			* TSafeHtml is a control that strips down all potentially dangerous HTML content.
21			* It is mainly a wrapper of {@link http://htmlpurifier.org/ HTMLPurifier} project.
22			*
23			* To use TSafeHtml, simply enclose the content to be secured within
24			* the body of TSafeHtml in a template.
25			*
26			* You can specify a custom configuration for HTMLPurifier using the
27			* {@link setConfig Config} property. Please refer to the
28			* {@link http://htmlpurifier.org/docs HTMLPurifier documentation} for the
29			* possibile configuration parameters.
30			*
31			* @author Wei Zhuo <weizhuo[at]gmail[dot]com>
32			* @package Prado\Web\UI\WebControls
33			* @since 3.0
34			*/
35			class TSafeHtml extends \Prado\Web\UI\TControl
36			{
37			/**
38			* Sets a custom configuration for HTMLPurifier.
39			* @param \HTMLPurifier_Config custom configuration
40			*/
41			public function setConfig(\HTMLPurifier_Config $value)
42			{
43			$this->setViewState('Config', $value, null);
44			}
45
46			/**
47			* @return \HTMLPurifier_Config Configuration for HTMLPurifier.
48			*/
49			public function getConfig()
50			{
51			$config = $this->getViewState('Config', null);
52			return ($config === null) ? \HTMLPurifier_Config::createDefault() : $config;
53			}
54
55			/**
56			* Renders body content.
57			* This method overrides parent implementation by removing malicious code from the body content
58			* @param THtmlWriter writer
59			*/
60			public function render($writer)
61			{
62			$htmlWriter = Prado::createComponent($this->GetResponse()->getHtmlWriterType(), new TTextWriter());
63			parent::render($htmlWriter);
64			$writer->write($this->parseSafeHtml($htmlWriter->flush()));
65			}
66
67			/**
68			* Use HTMLPurifier to remove malicous content from HTML.
69			* @param string HTML content
70			* @return string safer HTML content
71			*/
72			protected function parseSafeHtml($text)
73			{
74			$purifier = new \HTMLPurifier($this->getConfig());
75			return $purifier->purify($text);
76			}
77			}
78
79

pradosoft / prado

Push — master ( 4fd734...3bd73d )

TSafeHtml A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like