当前位置: 首页>>代码示例>>PHP>>正文


PHP UrlHelper::filterBadProtocol方法代码示例

本文整理汇总了PHP中UrlHelper::filterBadProtocol方法的典型用法代码示例。如果您正苦于以下问题:PHP UrlHelper::filterBadProtocol方法的具体用法?PHP UrlHelper::filterBadProtocol怎么用?PHP UrlHelper::filterBadProtocol使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在UrlHelper的用法示例。


在下文中一共展示了UrlHelper::filterBadProtocol方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: attributes

 /**
  * Processes a string of HTML attributes.
  *
  * @param string $attributes
  *   The html attribute to process.
  *
  * @return string
  *   Cleaned up version of the HTML attributes.
  */
 protected static function attributes($attributes)
 {
     $attributes_array = array();
     $mode = 0;
     $attribute_name = '';
     $skip = FALSE;
     $skip_protocol_filtering = FALSE;
     while (strlen($attributes) != 0) {
         // Was the last operation successful?
         $working = 0;
         switch ($mode) {
             case 0:
                 // Attribute name, href for instance.
                 if (preg_match('/^([-a-zA-Z][-a-zA-Z0-9]*)/', $attributes, $match)) {
                     $attribute_name = strtolower($match[1]);
                     $skip = $attribute_name == 'style' || substr($attribute_name, 0, 2) == 'on';
                     // Values for attributes of type URI should be filtered for
                     // potentially malicious protocols (for example, an href-attribute
                     // starting with "javascript:"). However, for some non-URI
                     // attributes performing this filtering causes valid and safe data
                     // to be mangled. We prevent this by skipping protocol filtering on
                     // such attributes.
                     // @see \Drupal\Component\Utility\UrlHelper::filterBadProtocol()
                     // @see http://www.w3.org/TR/html4/index/attributes.html
                     $skip_protocol_filtering = substr($attribute_name, 0, 5) === 'data-' || in_array($attribute_name, array('title', 'alt'));
                     $working = $mode = 1;
                     $attributes = preg_replace('/^[-a-zA-Z][-a-zA-Z0-9]*/', '', $attributes);
                 }
                 break;
             case 1:
                 // Equals sign or valueless ("selected").
                 if (preg_match('/^\\s*=\\s*/', $attributes)) {
                     $working = 1;
                     $mode = 2;
                     $attributes = preg_replace('/^\\s*=\\s*/', '', $attributes);
                     break;
                 }
                 if (preg_match('/^\\s+/', $attributes)) {
                     $working = 1;
                     $mode = 0;
                     if (!$skip) {
                         $attributes_array[] = $attribute_name;
                     }
                     $attributes = preg_replace('/^\\s+/', '', $attributes);
                 }
                 break;
             case 2:
                 // Attribute value, a URL after href= for instance.
                 if (preg_match('/^"([^"]*)"(\\s+|$)/', $attributes, $match)) {
                     $thisval = $skip_protocol_filtering ? $match[1] : UrlHelper::filterBadProtocol($match[1]);
                     if (!$skip) {
                         $attributes_array[] = "{$attribute_name}=\"{$thisval}\"";
                     }
                     $working = 1;
                     $mode = 0;
                     $attributes = preg_replace('/^"[^"]*"(\\s+|$)/', '', $attributes);
                     break;
                 }
                 if (preg_match("/^'([^']*)'(\\s+|\$)/", $attributes, $match)) {
                     $thisval = $skip_protocol_filtering ? $match[1] : UrlHelper::filterBadProtocol($match[1]);
                     if (!$skip) {
                         $attributes_array[] = "{$attribute_name}='{$thisval}'";
                     }
                     $working = 1;
                     $mode = 0;
                     $attributes = preg_replace("/^'[^']*'(\\s+|\$)/", '', $attributes);
                     break;
                 }
                 if (preg_match("%^([^\\s\"']+)(\\s+|\$)%", $attributes, $match)) {
                     $thisval = $skip_protocol_filtering ? $match[1] : UrlHelper::filterBadProtocol($match[1]);
                     if (!$skip) {
                         $attributes_array[] = "{$attribute_name}=\"{$thisval}\"";
                     }
                     $working = 1;
                     $mode = 0;
                     $attributes = preg_replace("%^[^\\s\"']+(\\s+|\$)%", '', $attributes);
                 }
                 break;
         }
         if ($working == 0) {
             // Not well formed; remove and try again.
             $attributes = preg_replace('/
       ^
       (
       "[^"]*("|$)     # - a string that starts with a double quote, up until the next double quote or the end of the string
       |               # or
       \'[^\']*(\'|$)| # - a string that starts with a quote, up until the next quote or the end of the string
       |               # or
       \\S              # - a non-whitespace character
       )*              # any number of the above three
       \\s*             # any number of whitespaces
//.........这里部分代码省略.........
开发者ID:ddrozdik,项目名称:dmaps,代码行数:101,代码来源:Xss.php

示例2: attributes

 /**
  * Processes a string of HTML attributes.
  *
  * @param string $attributes
  *   The html attribute to process.
  *
  * @return string
  *   Cleaned up version of the HTML attributes.
  */
 protected static function attributes($attributes)
 {
     $attributes_array = array();
     $mode = 0;
     $attribute_name = '';
     $skip = FALSE;
     while (strlen($attributes) != 0) {
         // Was the last operation successful?
         $working = 0;
         switch ($mode) {
             case 0:
                 // Attribute name, href for instance.
                 if (preg_match('/^([-a-zA-Z]+)/', $attributes, $match)) {
                     $attribute_name = strtolower($match[1]);
                     $skip = $attribute_name == 'style' || substr($attribute_name, 0, 2) == 'on';
                     $working = $mode = 1;
                     $attributes = preg_replace('/^[-a-zA-Z]+/', '', $attributes);
                 }
                 break;
             case 1:
                 // Equals sign or valueless ("selected").
                 if (preg_match('/^\\s*=\\s*/', $attributes)) {
                     $working = 1;
                     $mode = 2;
                     $attributes = preg_replace('/^\\s*=\\s*/', '', $attributes);
                     break;
                 }
                 if (preg_match('/^\\s+/', $attributes)) {
                     $working = 1;
                     $mode = 0;
                     if (!$skip) {
                         $attributes_array[] = $attribute_name;
                     }
                     $attributes = preg_replace('/^\\s+/', '', $attributes);
                 }
                 break;
             case 2:
                 // Attribute value, a URL after href= for instance.
                 if (preg_match('/^"([^"]*)"(\\s+|$)/', $attributes, $match)) {
                     $thisval = UrlHelper::filterBadProtocol($match[1]);
                     if (!$skip) {
                         $attributes_array[] = "{$attribute_name}=\"{$thisval}\"";
                     }
                     $working = 1;
                     $mode = 0;
                     $attributes = preg_replace('/^"[^"]*"(\\s+|$)/', '', $attributes);
                     break;
                 }
                 if (preg_match("/^'([^']*)'(\\s+|\$)/", $attributes, $match)) {
                     $thisval = UrlHelper::filterBadProtocol($match[1]);
                     if (!$skip) {
                         $attributes_array[] = "{$attribute_name}='{$thisval}'";
                     }
                     $working = 1;
                     $mode = 0;
                     $attributes = preg_replace("/^'[^']*'(\\s+|\$)/", '', $attributes);
                     break;
                 }
                 if (preg_match("%^([^\\s\"']+)(\\s+|\$)%", $attributes, $match)) {
                     $thisval = UrlHelper::filterBadProtocol($match[1]);
                     if (!$skip) {
                         $attributes_array[] = "{$attribute_name}=\"{$thisval}\"";
                     }
                     $working = 1;
                     $mode = 0;
                     $attributes = preg_replace("%^[^\\s\"']+(\\s+|\$)%", '', $attributes);
                 }
                 break;
         }
         if ($working == 0) {
             // Not well formed; remove and try again.
             $attributes = preg_replace('/
       ^
       (
       "[^"]*("|$)     # - a string that starts with a double quote, up until the next double quote or the end of the string
       |               # or
       \'[^\']*(\'|$)| # - a string that starts with a quote, up until the next quote or the end of the string
       |               # or
       \\S              # - a non-whitespace character
       )*              # any number of the above three
       \\s*             # any number of whitespaces
       /x', '', $attributes);
             $mode = 0;
         }
     }
     // The attribute list ends with a valueless attribute like "selected".
     if ($mode == 1 && !$skip) {
         $attributes_array[] = $attribute_name;
     }
     return $attributes_array;
 }
开发者ID:davidsoloman,项目名称:drupalconsole.com,代码行数:100,代码来源:Xss.php


注:本文中的UrlHelper::filterBadProtocol方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。