File indexing completed on 2024-12-22 05:36:21
0001 <?php 0002 0003 /** 0004 * Implements safety checks for safe iframes. 0005 * 0006 * @warning This filter is *critical* for ensuring that %HTML.SafeIframe 0007 * works safely. 0008 */ 0009 class HTMLPurifier_URIFilter_SafeIframe extends HTMLPurifier_URIFilter 0010 { 0011 /** 0012 * @type string 0013 */ 0014 public $name = 'SafeIframe'; 0015 0016 /** 0017 * @type bool 0018 */ 0019 public $always_load = true; 0020 0021 /** 0022 * @type string 0023 */ 0024 protected $regexp = null; 0025 0026 // XXX: The not so good bit about how this is all set up now is we 0027 // can't check HTML.SafeIframe in the 'prepare' step: we have to 0028 // defer till the actual filtering. 0029 /** 0030 * @param HTMLPurifier_Config $config 0031 * @return bool 0032 */ 0033 public function prepare($config) 0034 { 0035 $this->regexp = $config->get('URI.SafeIframeRegexp'); 0036 return true; 0037 } 0038 0039 /** 0040 * @param HTMLPurifier_URI $uri 0041 * @param HTMLPurifier_Config $config 0042 * @param HTMLPurifier_Context $context 0043 * @return bool 0044 */ 0045 public function filter(&$uri, $config, $context) 0046 { 0047 // check if filter not applicable 0048 if (!$config->get('HTML.SafeIframe')) { 0049 return true; 0050 } 0051 // check if the filter should actually trigger 0052 if (!$context->get('EmbeddedURI', true)) { 0053 return true; 0054 } 0055 $token = $context->get('CurrentToken', true); 0056 if (!($token && $token->name == 'iframe')) { 0057 return true; 0058 } 0059 // check if we actually have some whitelists enabled 0060 if ($this->regexp === null) { 0061 return false; 0062 } 0063 // actually check the whitelists 0064 return preg_match($this->regexp, $uri->toString()); 0065 } 0066 } 0067 0068 // vim: et sw=4 sts=4