当前位置: 首页>>代码示例>>PHP>>正文


PHP Sanitizer::escapeIdReferenceList方法代码示例

本文整理汇总了PHP中Sanitizer::escapeIdReferenceList方法的典型用法代码示例。如果您正苦于以下问题:PHP Sanitizer::escapeIdReferenceList方法的具体用法?PHP Sanitizer::escapeIdReferenceList怎么用?PHP Sanitizer::escapeIdReferenceList使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Sanitizer的用法示例。


在下文中一共展示了Sanitizer::escapeIdReferenceList方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: validateAttributes

 /**
  * Take an array of attribute names and values and normalize or discard
  * illegal values for the given whitelist.
  *
  * - Discards attributes not on the given whitelist
  * - Unsafe style attributes are discarded
  * - Invalid id attributes are re-encoded
  *
  * @param array $attribs
  * @param array $whitelist List of allowed attribute names
  * @return array
  *
  * @todo Check for legal values where the DTD limits things.
  * @todo Check for unique id attribute :P
  */
 static function validateAttributes($attribs, $whitelist)
 {
     $whitelist = array_flip($whitelist);
     $hrefExp = '/^(' . wfUrlProtocols() . ')[^\\s]+$/';
     $out = [];
     foreach ($attribs as $attribute => $value) {
         # Allow XML namespace declaration to allow RDFa
         if (preg_match(self::XMLNS_ATTRIBUTE_PATTERN, $attribute)) {
             if (!preg_match(self::EVIL_URI_PATTERN, $value)) {
                 $out[$attribute] = $value;
             }
             continue;
         }
         # Allow any attribute beginning with "data-"
         # However:
         # * data-ooui is reserved for ooui
         # * data-mw and data-parsoid are reserved for parsoid
         # * data-mw-<name here> is reserved for extensions (or core) if
         #   they need to communicate some data to the client and want to be
         #   sure that it isn't coming from an untrusted user.
         # * Ensure that the attribute is not namespaced by banning
         #   colons.
         if (!preg_match('/^data-(?!ooui|mw|parsoid)[^:]*$/i', $attribute) && !isset($whitelist[$attribute])) {
             continue;
         }
         # Strip javascript "expression" from stylesheets.
         # http://msdn.microsoft.com/workshop/author/dhtml/overview/recalc.asp
         if ($attribute == 'style') {
             $value = Sanitizer::checkCss($value);
         }
         # Escape HTML id attributes
         if ($attribute === 'id') {
             $value = Sanitizer::escapeId($value, 'noninitial');
         }
         # Escape HTML id reference lists
         if ($attribute === 'aria-describedby' || $attribute === 'aria-flowto' || $attribute === 'aria-labelledby' || $attribute === 'aria-owns') {
             $value = Sanitizer::escapeIdReferenceList($value, 'noninitial');
         }
         // RDFa and microdata properties allow URLs, URIs and/or CURIs.
         // Check them for sanity.
         if ($attribute === 'rel' || $attribute === 'rev' || $attribute === 'about' || $attribute === 'property' || $attribute === 'resource' || $attribute === 'datatype' || $attribute === 'typeof' || $attribute === 'itemid' || $attribute === 'itemprop' || $attribute === 'itemref' || $attribute === 'itemscope' || $attribute === 'itemtype') {
             // Paranoia. Allow "simple" values but suppress javascript
             if (preg_match(self::EVIL_URI_PATTERN, $value)) {
                 continue;
             }
         }
         # NOTE: even though elements using href/src are not allowed directly, supply
         #       validation code that can be used by tag hook handlers, etc
         if ($attribute === 'href' || $attribute === 'src') {
             if (!preg_match($hrefExp, $value)) {
                 continue;
                 // drop any href or src attributes not using an allowed protocol.
                 // NOTE: this also drops all relative URLs
             }
         }
         // If this attribute was previously set, override it.
         // Output should only have one attribute of each name.
         $out[$attribute] = $value;
     }
     # itemtype, itemid, itemref don't make sense without itemscope
     if (!array_key_exists('itemscope', $out)) {
         unset($out['itemtype']);
         unset($out['itemid']);
         unset($out['itemref']);
     }
     # TODO: Strip itemprop if we aren't descendants of an itemscope or pointed to by an itemref.
     return $out;
 }
开发者ID:claudinec,项目名称:galan-wiki,代码行数:83,代码来源:Sanitizer.php

示例2: testEscapeIdReferenceList

 /**
  * Test escapeIdReferenceList for consistency with escapeId
  *
  * @dataProvider provideEscapeIdReferenceList
  * @covers Sanitizer::escapeIdReferenceList
  */
 public function testEscapeIdReferenceList($referenceList, $id1, $id2)
 {
     $this->assertEquals(Sanitizer::escapeIdReferenceList($referenceList, 'noninitial'), Sanitizer::escapeId($id1, 'noninitial') . ' ' . Sanitizer::escapeId($id2, 'noninitial'));
 }
开发者ID:paladox,项目名称:mediawiki,代码行数:10,代码来源:SanitizerTest.php


注:本文中的Sanitizer::escapeIdReferenceList方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。