當前位置: 首頁>>代碼示例>>PHP>>正文


PHP Sanitizer::escapeIdReferenceList方法代碼示例

本文整理匯總了PHP中Sanitizer::escapeIdReferenceList方法的典型用法代碼示例。如果您正苦於以下問題:PHP Sanitizer::escapeIdReferenceList方法的具體用法?PHP Sanitizer::escapeIdReferenceList怎麽用?PHP Sanitizer::escapeIdReferenceList使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在Sanitizer的用法示例。


在下文中一共展示了Sanitizer::escapeIdReferenceList方法的2個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。

示例1: validateAttributes

 /**
  * Take an array of attribute names and values and normalize or discard
  * illegal values for the given whitelist.
  *
  * - Discards attributes not on the given whitelist
  * - Unsafe style attributes are discarded
  * - Invalid id attributes are re-encoded
  *
  * @param array $attribs
  * @param array $whitelist List of allowed attribute names
  * @return array
  *
  * @todo Check for legal values where the DTD limits things.
  * @todo Check for unique id attribute :P
  */
 static function validateAttributes($attribs, $whitelist)
 {
     $whitelist = array_flip($whitelist);
     $hrefExp = '/^(' . wfUrlProtocols() . ')[^\\s]+$/';
     $out = [];
     foreach ($attribs as $attribute => $value) {
         # Allow XML namespace declaration to allow RDFa
         if (preg_match(self::XMLNS_ATTRIBUTE_PATTERN, $attribute)) {
             if (!preg_match(self::EVIL_URI_PATTERN, $value)) {
                 $out[$attribute] = $value;
             }
             continue;
         }
         # Allow any attribute beginning with "data-"
         # However:
         # * data-ooui is reserved for ooui
         # * data-mw and data-parsoid are reserved for parsoid
         # * data-mw-<name here> is reserved for extensions (or core) if
         #   they need to communicate some data to the client and want to be
         #   sure that it isn't coming from an untrusted user.
         # * Ensure that the attribute is not namespaced by banning
         #   colons.
         if (!preg_match('/^data-(?!ooui|mw|parsoid)[^:]*$/i', $attribute) && !isset($whitelist[$attribute])) {
             continue;
         }
         # Strip javascript "expression" from stylesheets.
         # http://msdn.microsoft.com/workshop/author/dhtml/overview/recalc.asp
         if ($attribute == 'style') {
             $value = Sanitizer::checkCss($value);
         }
         # Escape HTML id attributes
         if ($attribute === 'id') {
             $value = Sanitizer::escapeId($value, 'noninitial');
         }
         # Escape HTML id reference lists
         if ($attribute === 'aria-describedby' || $attribute === 'aria-flowto' || $attribute === 'aria-labelledby' || $attribute === 'aria-owns') {
             $value = Sanitizer::escapeIdReferenceList($value, 'noninitial');
         }
         // RDFa and microdata properties allow URLs, URIs and/or CURIs.
         // Check them for sanity.
         if ($attribute === 'rel' || $attribute === 'rev' || $attribute === 'about' || $attribute === 'property' || $attribute === 'resource' || $attribute === 'datatype' || $attribute === 'typeof' || $attribute === 'itemid' || $attribute === 'itemprop' || $attribute === 'itemref' || $attribute === 'itemscope' || $attribute === 'itemtype') {
             // Paranoia. Allow "simple" values but suppress javascript
             if (preg_match(self::EVIL_URI_PATTERN, $value)) {
                 continue;
             }
         }
         # NOTE: even though elements using href/src are not allowed directly, supply
         #       validation code that can be used by tag hook handlers, etc
         if ($attribute === 'href' || $attribute === 'src') {
             if (!preg_match($hrefExp, $value)) {
                 continue;
                 // drop any href or src attributes not using an allowed protocol.
                 // NOTE: this also drops all relative URLs
             }
         }
         // If this attribute was previously set, override it.
         // Output should only have one attribute of each name.
         $out[$attribute] = $value;
     }
     # itemtype, itemid, itemref don't make sense without itemscope
     if (!array_key_exists('itemscope', $out)) {
         unset($out['itemtype']);
         unset($out['itemid']);
         unset($out['itemref']);
     }
     # TODO: Strip itemprop if we aren't descendants of an itemscope or pointed to by an itemref.
     return $out;
 }
開發者ID:claudinec,項目名稱:galan-wiki,代碼行數:83,代碼來源:Sanitizer.php

示例2: testEscapeIdReferenceList

 /**
  * Test escapeIdReferenceList for consistency with escapeId
  *
  * @dataProvider provideEscapeIdReferenceList
  * @covers Sanitizer::escapeIdReferenceList
  */
 public function testEscapeIdReferenceList($referenceList, $id1, $id2)
 {
     $this->assertEquals(Sanitizer::escapeIdReferenceList($referenceList, 'noninitial'), Sanitizer::escapeId($id1, 'noninitial') . ' ' . Sanitizer::escapeId($id2, 'noninitial'));
 }
開發者ID:paladox,項目名稱:mediawiki,代碼行數:10,代碼來源:SanitizerTest.php


注:本文中的Sanitizer::escapeIdReferenceList方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。