Documentation

Horde_Text_Filter_Xss extends Horde_Text_Filter_Base
in package

This filter attempts to make HTML safe for viewing. IT IS NOT PERFECT. If you enable HTML viewing, you are opening a security hole.

Filter parameters:

  • charset: (string) The charset of the text. DEFAULT: UTF-8
  • noprefetch: (boolean) Disable DNS pre-fetching? See: https://developer.mozilla.org/En/Controlling_DNS_prefetching DEFAULT: false
  • return_document: (string) If true, returns a full HTML representation of the document. DEFAULT: false (returns the contents contained inside the BODY tag)
  • return_dom: (boolean) If true, return a Horde_Domhtml object instead of HTML text (overrides return_document). DEFAULT: false
  • strip_styles: (boolean) Strip style tags? DEFAULT: true
  • strip_style_attributes: (boolean) Strip style attributes in all tags? DEFAULT: true
Tags
todo

http://blog.astrumfutura.com/archives/430-html-Sanitisation-Benchmarking-With-Wibble-ZF-Proposal.html

author

Jan Schneider jan@horde.org

author

Michael Slusarz slusarz@horde.org

category

Horde

license

http://www.horde.org/licenses/lgpl21 LGPL 2.1

Table of Contents

$_params  : array<string|int, mixed>
Filter parameters.
__construct()  : mixed
Constructor.
getPatterns()  : array<string|int, mixed>
Returns a hash with replace patterns.
postProcess()  : string|Horde_Domhtml
Executes any code necessary after applying the filter patterns.
preProcess()  : string
Executes any code necessaray before applying the filter patterns.
_node()  : string
Process DOM node.

Properties

$_params

Filter parameters.

protected array<string|int, mixed> $_params = array('charset' => 'UTF-8', 'noprefetch' => \false, 'return_document' => \false, 'return_dom' => \false, 'strip_styles' => \true, 'strip_style_attributes' => \true)

Methods

__construct()

Constructor.

public __construct([array<string|int, mixed> $params = array() ]) : mixed
Parameters
$params : array<string|int, mixed> = array()

Any parameters that the filter instance needs.

Return values
mixed

getPatterns()

Returns a hash with replace patterns.

public getPatterns() : array<string|int, mixed>
Return values
array<string|int, mixed>

Patterns hash.

postProcess()

Executes any code necessary after applying the filter patterns.

public postProcess(string $text) : string|Horde_Domhtml
Parameters
$text : string

The text after the filtering.

Tags
throws
Exception
Return values
string|Horde_Domhtml

The modified text or a Domhtml object if the 'return_dom' parameter is set.

preProcess()

Executes any code necessaray before applying the filter patterns.

public preProcess(string $text) : string
Parameters
$text : string

The text before the filtering.

Return values
string

The modified text.

_node()

Process DOM node.

protected _node(DOMElement $node) : string
Parameters
$node : DOMElement

Element node.

Return values
string

The plaintext representation.

Search results