|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* @link https://www.yiiframework.com/ |
|
4
|
|
|
* @copyright Copyright (c) 2008 Yii Software LLC |
|
5
|
|
|
* @license https://www.yiiframework.com/license/ |
|
6
|
|
|
*/ |
|
7
|
|
|
|
|
8
|
|
|
namespace yii\helpers; |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* BaseHtmlPurifier provides concrete implementation for [[HtmlPurifier]]. |
|
12
|
|
|
* |
|
13
|
|
|
* Do not use BaseHtmlPurifier. Use [[HtmlPurifier]] instead. |
|
14
|
|
|
* |
|
15
|
|
|
* @author Alexander Makarov <[email protected]> |
|
16
|
|
|
* @since 2.0 |
|
17
|
|
|
*/ |
|
18
|
|
|
class BaseHtmlPurifier |
|
19
|
|
|
{ |
|
20
|
|
|
/** |
|
21
|
|
|
* Passes markup through HTMLPurifier making it safe to output to end user. |
|
22
|
|
|
* |
|
23
|
|
|
* @param string $content The HTML content to purify |
|
24
|
|
|
* @param array|\Closure|null $config The config to use for HtmlPurifier. |
|
25
|
|
|
* If not specified or `null` the default config will be used. |
|
26
|
|
|
* You can use an array or an anonymous function to provide configuration options: |
|
27
|
|
|
* |
|
28
|
|
|
* - An array will be passed to the `HTMLPurifier_Config::create()` method. |
|
29
|
|
|
* - An anonymous function will be called after the config was created. |
|
30
|
|
|
* The signature should be: `function($config)` where `$config` will be an |
|
31
|
|
|
* instance of `HTMLPurifier_Config`. |
|
32
|
|
|
* |
|
33
|
|
|
* Here is a usage example of such a function: |
|
34
|
|
|
* |
|
35
|
|
|
* ```php |
|
36
|
|
|
* // Allow the HTML5 data attribute `data-type` on `img` elements. |
|
37
|
|
|
* $content = HtmlPurifier::process($content, function ($config) { |
|
38
|
|
|
* $config->getHTMLDefinition(true) |
|
39
|
|
|
* ->addAttribute('img', 'data-type', 'Text'); |
|
40
|
|
|
* }); |
|
41
|
|
|
* ``` |
|
42
|
|
|
* |
|
43
|
|
|
* @return string the purified HTML content. |
|
44
|
|
|
*/ |
|
45
|
1 |
|
public static function process($content, $config = null) |
|
46
|
|
|
{ |
|
47
|
1 |
|
$configInstance = \HTMLPurifier_Config::create($config instanceof \Closure ? null : $config); |
|
48
|
1 |
|
$configInstance->autoFinalize = false; |
|
49
|
1 |
|
$purifier = \HTMLPurifier::instance($configInstance); |
|
50
|
1 |
|
$purifier->config->set('Cache.SerializerPath', \Yii::$app->getRuntimePath()); |
|
51
|
1 |
|
$purifier->config->set('Cache.SerializerPermissions', 0775); |
|
52
|
|
|
|
|
53
|
1 |
|
static::configure($configInstance); |
|
54
|
1 |
|
if ($config instanceof \Closure) { |
|
55
|
|
|
call_user_func($config, $configInstance); |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
1 |
|
return $purifier->purify($content); |
|
59
|
|
|
} |
|
60
|
|
|
|
|
61
|
|
|
/** |
|
62
|
|
|
* Allow the extended HtmlPurifier class to set some default config options. |
|
63
|
|
|
* @param \HTMLPurifier_Config $config |
|
64
|
|
|
* @since 2.0.3 |
|
65
|
|
|
*/ |
|
66
|
1 |
|
protected static function configure($config) |
|
|
|
|
|
|
67
|
|
|
{ |
|
68
|
1 |
|
} |
|
69
|
|
|
} |
|
70
|
|
|
|
yiisoft /
yii2
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.