PHP HTMLPurifier::instance方法代码示例

 /**
  * Passes markup through HTMLPurifier making it safe to output to end user
  *
  * @param string $content
  * @param array|null $config
  * @return string
  */
 public static function process($content, $config = null)
 {
     $configInstance = \HTMLPurifier_Config::create($config);
     $configInstance->autoFinalize = false;
     $purifier = \HTMLPurifier::instance($configInstance);
     $purifier->config->set('Cache.SerializerPath', \Yii::$app->getRuntimePath());
     return $purifier->purify($content);
 }

 /**
  * @param string $html
  * @param array $config
  * @return string
  */
 protected function purifyHTML($html, $config)
 {
     $configInstance = \HTMLPurifier_Config::create($config);
     $configInstance->autoFinalize = false;
     $purifier = \HTMLPurifier::instance($configInstance);
     $purifier->config->set('Cache.SerializerPath', $this->tmpPath);
     return $purifier->purify($html);
 }

 /**
  * Passes markup through HTMLPurifier making it safe to output to end user
  *
  * @param string $content The HTML content to purify
  * @param array|\Closure|null $config The config to use for HtmlPurifier.
  * If not specified or `null` the default config will be used.
  * You can use an array or an anonymous function to provide configuration options:
  *
  * - An array will be passed to the `HTMLPurifier_Config::create()` method.
  * - An anonymous function will be called after the config was created.
  *   The signature should be: `function($config)` where `$config` will be an
  *   instance of `HTMLPurifier_Config`.
  *
  *   Here is a usage example of such a function:
  *
  *   ~~~
  *   // Allow the HTML5 data attribute `data-type` on `img` elements.
  *   $content = HtmlPurifier::process($content, function ($config) {
  *     $config->getHTMLDefinition(true)
  *            ->addAttribute('img', 'data-type', 'Text');
  *   });
  * ~~~
  *
  * @return string the purified HTML content.
  */
 public static function process($content, $config = null)
 {
     $configInstance = \HTMLPurifier_Config::create($config instanceof \Closure ? null : $config);
     $configInstance->autoFinalize = false;
     $purifier = \HTMLPurifier::instance($configInstance);
     $purifier->config->set('Cache.SerializerPath', Application::$app->getRuntimePath());
     if ($config instanceof \Closure) {
         call_user_func($config, $configInstance);
     }
     return $purifier->purify($content);
 }

 /**
  * Singleton for enforcing just one HTML Purifier in your system
  *
  * @param HTMLPurifier|HTMLPurifier_Config $prototype Optional prototype
  *                   HTMLPurifier instance to overload singleton with,
  *                   or HTMLPurifier_Config instance to configure the
  *                   generated version with.
  *
  * @return HTMLPurifier
  * @note Backwards compatibility, see instance()
  */
 public static function getInstance($prototype = null)
 {
     return HTMLPurifier::instance($prototype);
 }

 /**
  * HTMLPurifier cross site scripting filter. This version assumes the
  * existence of the "Standalone Distribution" htmlpurifier library, and is set to not tidy
  * input.
  *
  * @param   string  data to clean
  * @return  string
  */
 protected function xss_filter_htmlpurifier($data)
 {
     /**
      * @todo License should go here, http://htmlpurifier.org/
      */
     if (!class_exists('HTMLPurifier_Config', FALSE)) {
         // Load HTMLPurifier
         require Kohana::find_file('vendor', 'htmlpurifier/HTMLPurifier.standalone', TRUE);
     }
     // Set configuration
     $config = HTMLPurifier_Config::createDefault();
     $config->set('HTML.TidyLevel', 'none');
     // Only XSS cleaning now
     $cache = Kohana::config('html_purifier.cache');
     if ($cache and is_string($cache)) {
         $config->set('Cache.SerializerPath', $cache);
     }
     // Run HTMLPurifier
     $data = HTMLPurifier::instance($config)->purify($data);
     return $data;
 }

<input type="hidden" id="<?php 
echo $genid;
?>
commentsRequired" value="<?php 
echo config_option('file_revision_comments_required') ? '1' : '0';
?>
"/>

<?php 
tpl_display(get_template_path('form_errors'));
if ($file->isNew()) {
    $ckEditorContent = '';
} else {
    $content = $file->getFileContentWithRealUrls();
    require_once LIBRARY_PATH . "/htmlpurifier/HTMLPurifier.standalone.php";
    $ckEditorContent = HTMLPurifier::instance()->purify($content);
}
if (config_option('checkout_for_editing_online')) {
    ajx_on_leave("og.openLink('" . get_url('files', 'release_file', array('id' => $file->getId())) . "')");
    add_page_action(lang("checkin file"), "javascript:(function(){ var form = document.getElementById('{$genid}form'); form.checkin.value = '1'; form.new_revision_document.value = 'checked'; form.rename = false; form.onsubmit(); })()", "ico-checkin");
}
add_page_action(lang("save"), "javascript:(function(){ var form = document.getElementById('{$genid}form'); form.new_revision_document.value = 'checked'; form.rename = false; form.onsubmit(); })()", "save");
add_page_action(lang("save as"), "javascript:(function(){ var form = document.getElementById('{$genid}form'); form.new_revision_document.value = 'checked'; form.rename = true; form.onsubmit(); })()", "save_as");
?>

 	<div>
		<input type="hidden" id="fileContent" name="fileContent" value="" />
		<input type="hidden" id="fileid" name="file[id]" value="<?php 
if (!$file->isNew()) {
    echo $file->getId();
}

 /**
  * Used to sanitize user-inputed HTML from any XSS code.
  * Use this function when you want to use HTML-code inputed by users safely.
  *
  * @param string $raw_html Input HTML code
  *
  * @return string Sanitized HTML ready to be safely displayed on page.
  */
 public static function sanitizeHtml($raw_html)
 {
     try {
         $cache_dir = fn_get_cache_path(false) . 'html_purifier/';
         if (!is_dir($cache_dir)) {
             fn_mkdir($cache_dir);
         }
         $config_instance = \HTMLPurifier_Config::createDefault();
         $config_instance->set('HTML.DefinitionID', PRODUCT_NAME . '_' . PRODUCT_VERSION);
         $config_instance->set('HTML.DefinitionRev', 1);
         $config_instance->set('Cache.SerializerPath', $cache_dir);
         $config_instance->set('Cache.SerializerPermissions', DEFAULT_DIR_PERMISSIONS);
         $config_instance->autoFinalize = false;
         /**
          * Allows to configure HTMLPurifier before it purifies given HTML.
          *
          * @param \HTMLPurifier_Config $config_instance Instance of HTMLPurifier_Config
          * @param string               $raw_html        HTML to be purified
          */
         fn_set_hook('sanitize_html', $config_instance, $raw_html);
         /** @var \HTMLPurifier_HTMLDefinition $html_definition */
         if ($html_definition = $config_instance->maybeGetRawHTMLDefinition()) {
             $html_definition->addAttribute('a', 'target', new \HTMLPurifier_AttrDef_Enum(array('_blank', '_self', '_target', '_top')));
         }
         $purifier_instance = \HTMLPurifier::instance($config_instance);
         $html_purify = $purifier_instance->purify($raw_html);
         return html_entity_decode($html_purify, ENT_QUOTES, 'UTF-8');
     } catch (\Exception $e) {
         throw new DeveloperException($e->getMessage());
     }
 }

 /**
  * Used to sanitize user-inputed HTML from any XSS code.
  * Use this function when you want to use HTML-code inputed by users safely.
  *
  * @param string $raw_html Input HTML code
  *
  * @return string Sanitized HTML ready to be safely displayed on page.
  */
 public static function sanitizeHtml($raw_html)
 {
     try {
         $cache_dir = Registry::get('config.dir.cache_misc') . 'html_purifier/';
         if (!is_dir($cache_dir)) {
             fn_mkdir($cache_dir);
         }
         $config_instance = \HTMLPurifier_Config::createDefault();
         $config_instance->set('HTML.DefinitionID', PRODUCT_NAME . '_' . PRODUCT_VERSION);
         $config_instance->set('HTML.DefinitionRev', 1);
         $config_instance->set('Cache.SerializerPath', $cache_dir);
         $config_instance->set('Cache.SerializerPermissions', DEFAULT_DIR_PERMISSIONS);
         $config_instance->autoFinalize = false;
         if ($html_definition = $config_instance->maybeGetRawHTMLDefinition()) {
             $html_definition->addAttribute('a', 'target', new \HTMLPurifier_AttrDef_Enum(array('_blank', '_self', '_target', '_top')));
         }
         $purifier_instance = \HTMLPurifier::instance($config_instance);
         $html_purify = $purifier_instance->purify($raw_html);
         return html_entity_decode($html_purify, ENT_QUOTES, 'UTF-8');
     } catch (\Exception $e) {
         throw new DeveloperException($e->getMessage());
     }
 }

 function &getInstance($prototype = null)
 {
     return HTMLPurifier::instance($prototype);
 }

 /**
  * @param array $allowedHtmlElements An array of strings representing 
  * allowed HTML elements
  * @param array $allowedHtmlAttributes An array of strings representing 
  * allowed HTML attributes
  * @return HTMLPurifier 
  **/
 public static function createHtmlPurifier($allowedHtmlElements = null, $allowedHtmlAttributes = null)
 {
     // Require the HTML Purfier autoloader.
     require_once 'htmlpurifier/HTMLPurifier.auto.php';
     // Get the allowed HTML elements from the configuration file
     // Setting this as NULL allows a subest of TinyMCE's
     // valid_elements whitelist. Setting this as an empty string disallows
     // all HTML elements.
     if ($allowedHtmlElements === null) {
         $allowedHtmlElements = explode(',', get_option('html_purifier_allowed_html_elements'));
     }
     // Get the allowed HTML attributes from the configuration file
     if ($allowedHtmlAttributes === null) {
         $allowedHtmlAttributes = explode(',', get_option('html_purifier_allowed_html_attributes'));
     }
     // Filter the allowed html attributes of any attributes that are
     // missing elements.
     // For example, if there is no 'a' element then filter out the
     // attribute 'a.href' and any other attribute associated with the 'a'
     // element
     $allowedHtmlAttributes = self::filterAttributesWithMissingElements($allowedHtmlAttributes, $allowedHtmlElements);
     $purifierConfig = HTMLPurifier_Config::createDefault();
     foreach (self::$_purifierConfig as $key => $value) {
         $purifierConfig->set($key, $value);
     }
     $purifierConfig->set('HTML.AllowedElements', $allowedHtmlElements);
     $purifierConfig->set('HTML.AllowedAttributes', $allowedHtmlAttributes);
     $purifier = HTMLPurifier::instance($purifierConfig);
     return $purifier;
 }

 public static function purify($html)
 {
     return HTMLPurifier::instance()->purify($html);
 }

 public function purify($html)
 {
     $purifier = HTMLPurifier::instance();
     $purifying = $purifier->purify($html);
     //AutoFormat.AutoParagraph doesn't provide <br />
     $purified = nl2br($purifying);
     return $purified;
 }

 /**
  * Marks up a string with paragraphs and automatically links any urls.
  *
  * This function marks up the output with paragraph tags and auto-links any URLs that are found.
  * The resulting output is suitable for display in any web-browser, but must have
  * paragraph and extra html tags removed before it's ready for editing.
  *
  * Content is XSS cleaned and stripped of all but a few tags (specified by implementation.)
  *
  * @param string $string      The HTML string to format
  * @param string $allowedTags (optional) A comma-separated list of allowed tags.
  *
  * @return string A nicely-formatted version of the input text, with automatic paragraphs and urls in place
  *
  * @see unAutoParagraph()
  */
 public function autoParagraph($string, $allowedTags = null, $linkUrls = true)
 {
     if (is_null($allowedTags)) {
         $allowedTags = $this->defaultAllowedTags;
     }
     if (is_null($this->purifier)) {
         require_once PATH_SYSTEM . '/vendors/HTMLPurifier.php';
         $this->purifier = HTMLPurifier::instance();
         FileSystemUtils::recursiveMkdir($this->vendorCacheDirectory . '/purifier/');
     }
     if ($this->injectors == null && $linkUrls) {
         $this->injectors = array(new CF_HTMLPurifier_Injector_Linkify());
     }
     $purifierConfig = array('Core.Encoding' => $this->charset, 'AutoFormat.AutoParagraph' => true, 'HTML.TidyLevel' => 'none', 'HTML.Allowed' => $allowedTags, 'Cache.SerializerPath' => $this->vendorCacheDirectory);
     if (!is_null($this->injectors)) {
         $purifierConfig['AutoFormat.Custom'] = $this->injectors;
     }
     $string = $this->purifier->purify($string, $purifierConfig);
     $string = str_replace("\n\n", '[DBLBR]', $string);
     $string = str_replace("\n", '<br/>', $string);
     $string = str_replace('[DBLBR]', "\n\n", $string);
     // trim links
     $string = preg_replace_callback("/\\<a\\s+href\\=\"(" . URLUtils::URL_MATCH . ")\"\\>\\1<\\/a\\>/Uix", array($this, 'trimCallback'), $string);
     // trim all words longer than 60 chars that aren't URLs, ignoring tags
     if (preg_match_all("/\\S60/", strip_tags(preg_replace('/(\\<(\\/?[^\\>]+)\\>)/', ' $1', $string)), $m)) {
         foreach ($m[0] as $n) {
             if (!preg_match("/" . URLUtils::URL_MATCH . "/", $n)) {
                 $string = str_replace($n, trim(substr($n, 0, 60 - 3), '.') . '...', $string);
             }
         }
     }
     return $string;
 }

 public function AddComment($comment_title, $comment_content, $comment_parent = null, $comment_author = null)
 {
     // check to see if author exists
     if ($comment_author == null) {
         $comment_author = User::GetCurrent();
     }
     if ($comment_author == null) {
         return false;
     }
     // HTMLPurify the parameters
     $comment_title = HTMLPurifier::instance()->purify($comment_title);
     $comment_content = HTMLPurifier::instance()->purify($comment_content);
     global $MySQL;
     $query = "INSERT INTO " . System::$Configuration["Database.TablePrefix"] . "journal_entry_comments (journal_entry_id, author_id, comment_parent_id, comment_title, comment_content, comment_timestamp_created) VALUES (" . $this->ID . ", " . $comment_author->ID . ", " . ($comment_parent == null ? "NULL" : $comment_parent->ID) . ", " . "'" . $MySQL->real_escape_string($comment_title) . "', " . "'" . $MySQL->real_escape_string($comment_content) . "', " . "NOW()" . ")";
     $result = $MySQL->query($query);
     $success = $MySQL->errno == 0;
     if ($success) {
         // notify the user that we commented on their journal
         Notification::Create($this->Journal->Creator, "I commented on <a href=\"" . $this->Journal->GetURL() . "/entries/" . $this->Name . "\">" . $this->Title . "</a>!", "\"" . $comment_content . "\"", User::GetCurrent());
     }
     return $success;
 }

 public static function Create($sender, $receiver, $content)
 {
     $content = HTMLPurifier::instance()->purify($content);
     $query = "INSERT INTO phpmmo_shoutout_messages (message_sender_id, message_receiver_id, message_content, message_timestamp) VALUES (" . $sender->ID . ", " . $receiver->ID . ", " . "'" . mysql_real_escape_string($content) . "', " . "NOW()" . ");";
     $result = mysql_query($query);
     $success = mysql_errno() == 0;
     if ($success) {
         // notify the user that we sent them a shoutout
         Notification::Create($receiver, "I wrote you a Shoutout message!", "\"" . $content . "\"", $sender);
     }
     return $success;
 }