Login   Register  
PHP Classes
elePHPant
Icontem

File: secure_html_filter.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Manuel Lemos  >  Secure HTML parser and filter  >  secure_html_filter.php  >  Download  
File: secure_html_filter.php
Role: Example script
Content type: text/plain
Description: Script with forms to test the secure HTML filter classes
Class: Secure HTML parser and filter
Parse and filter insecure HTML tags and CSS styles
Author: By
Last change: - Added rgb to the list of safe CSS functions.
- Moved the CSS filter definitions.
- Added support to also filter CSS stylesheets.
Date: 4 years ago
Size: 6,212 bytes
 

Contents

Class file image Download
<?php
/*
 * safe_html_filter.php
 *
 * @(#) $Id: secure_html_filter.php,v 1.5 2010/02/08 00:09:32 mlemos Exp $
 *
 */

    
require('forms.php');
    require(
'form_layout_vertical.php');
    require(
'filecacheclass.php');
    require(
'css_parser.php');
    require(
'dtd_parser.php');
    require(
'markup_parser.php');
    require(
'markup_filter_validator.php');
    require(
'markup_filter_safe_html.php');

    
$form = new form_class;
    
$form->NAME 'filter_form';
    
$form->METHOD 'POST';
    
$form->ACTION '';
    
$form->debug 'trigger_error';
    
$form->ShowAllErrors 1;
    
$form->InvalidCLASS 'invalid';
    
$form->AddInput(array(
        
'TYPE'=>'textarea',
        
'NAME'=>'data',
        
'ID'=>'data',
        
'ROWS'=>10,
        
'COLS'=>60,
        
'ValidateAsNotEmpty'=>1,
        
'ValidationErrorMessage'=>
            
'It was not specified any HTML to validate.',
        
'LABEL'=>'<u>D</u>ata',
        
'ACCESSKEY'=>'D'
    
));
    
$form->AddInput(array(
        
'TYPE'=>'radio',
        
'NAME'=>'as',
        
'ID'=>'as_html',
        
'VALUE'=>'html',
        
'LABEL'=>'As <u>H</u>TML',
        
'ACCESSKEY'=>'H',
        
'CHECKED'=>1
    
));
    
$form->AddInput(array(
        
'TYPE'=>'checkbox',
        
'NAME'=>'only_body',
        
'ID'=>'only_body',
        
'LABEL'=>'Only <u>b</u>ody',
        
'ACCESSKEY'=>'b'
    
));
    
$form->AddInput(array(
        
'TYPE'=>'radio',
        
'NAME'=>'as',
        
'ID'=>'as_css',
        
'VALUE'=>'css',
        
'LABEL'=>'As <u>C</u>SS',
        
'ACCESSKEY'=>'C'
    
));
    
$form->AddInput(array(
        
'TYPE'=>'textarea',
        
'NAME'=>'filtered',
        
'ID'=>'filtered',
        
'ROWS'=>10,
        
'COLS'=>60,
        
'LABEL'=>'Filtered',
    ));
    
$form->AddInput(array(
        
'TYPE'=>'submit',
        
'NAME'=>'filter',
        
'ID'=>'filter',
        
'VALUE'=>'Filter',
        
'ACCESSKEY'=>'F'
    
));
    
$error $warnings '';
    
$form->LoadInputValues($form->WasSubmitted('filter'));
    
$verify=array();
    if(
$form->WasSubmitted('filter'))
    {
        if((
$error_message $form->Validate($verify)) === '')
        {
            
$filter = new markup_filter_safe_html_class;
            
$filter->track_lines 1;
            
$filter->safe_proprietary_css_properties = array(
                
'-moz-border-radius'=>array(),
                
'-moz-border-radius-topleft'=>array(),
                
'-moz-border-radius-topright'=>array(),
                
'-moz-border-radius-bottomleft'=>array(),
                
'-moz-border-radius-bottomright'=>array(),
                
'-webkit-border-radius'=>array(),
                
'-webkit-border-top-left-radius'=>array(),
                
'-webkit-border-top-right-radius'=>array(),
                
'-webkit-border-bottom-left-radius'=>array(),
                
'-webkit-border-bottom-right-radius'=>array(),
            );
            
$filter->safe_css_property_functions = array(
                
'alpha'=>array(),
                
'counter'=>array(),
                
'counters'=>array(),
                
'attr'=>array(),
                
'rgb'=>array(),
            );
            
$as_html $form->GetCheckedState('as_html');
            if(
$as_html)
            {
                
$parameters=array(
                    
'Data'=>$form->GetInputValue('data'),
                    
'OnlyBody'=>$form->GetCheckedState('only_body'),
                    
'DTDCachePath'=>'',
                );
/*
                $start = microtime();
*/
                
if(($success $filter->StartParsing($parameters)))
                {
                    
$output '';
                    do
                    {
                        if(!(
$success $filter->Parse($end$elements)))
                            break;
                        
$te count($elements);
                        for(
$e 0$e $te; ++$e)
                        {
                            if(!(
$success $filter->RewriteElement($elements[$e], $markup)))
                                break;
                            
$output .= $markup;
                        }
                    }
                    while(!
$end);
                    if(
$success)
                        
$success $filter->FinishParsing();
                    
$done 1;
                }
/*
                $end = microtime();
*/
            
}
            else
            {
                
$success $filter->FilterStylesheet($form->GetInputValue('data'), $output);
                
$done 1;
            }
            if(
$success)
                
$form->SetInputValue('filtered'$output);
            else
            {
                
$error $filter->error.' at position '.$filter->error_position;
                if(
$filter->track_lines
                
&& ($as_html $filter->GetPositionLine($filter->error_position$line$column) : $filter->GetStylesheetPositionLine($filter->error_position$line$column)))
                    
$error .= ' line '.$line.' column '.$column;
            }
            for(
$warning 0Reset($filter->warnings); $warning count($filter->warnings); Next($filter->warnings), $warning++)
            {
                
$w Key($filter->warnings);
                
$warnings .= $filter->warnings[$w].' at position '.$w;
                if(
$filter->track_lines
                
&& ($as_html $filter->GetPositionLine($w$line$column) : $filter->GetStylesheetPositionLine($w$line$column)))
                    
$warnings .= ' line '.$line.' column '.$column;
                
$warnings .= "\n";
            }
/*
            echo 'Timer: ', doubleval(strtok($end,' ')) + doubleval(strtok('')) - doubleval(strtok($start,' ')) - doubleval(strtok('')), "\n";
*/
        
}
        else
        {
            
$done 0;
            
$error_message HtmlEntities($error_message);
        }
    }
    else
    {
        
$error_message '';
        
$done 0;
    }
    
$form->AddInput(array(
        
'ID'=>'layout',
        
'NAME'=>'layout',
        
'TYPE'=>'custom',
        
'CustomClass'=>'form_layout_vertical_class',
        
'Inputs'=>array(
            
'data',
            
'as_html',
            
'only_body',
            
'as_css',
            
'error',
            
'warnings',
            
'filtered',
            
'filter',
        ),
        
'Data'=>array(
            
'error'=>'<tr><td>Error:</td><td class="invalid">'.HtmlSpecialChars($error).'</td></tr>',
            
'warnings'=>'<tr><td>Warnings:</td><td class="invalid">'.nl2br(HtmlSpecialChars($warnings)).'</td></tr>'
        
),
        
'Properties'=>array(
            
'filtered'=>array(
                
'Visible'=>$done,
            ),
            
'error'=>array(
                
'Visible'=>(strlen($error) && $done),
            ),
            
'warnings'=>array(
                
'Visible'=>(strlen($warnings) && $done),
            ),
            
'as_html'=>array(
                
'SwitchedPosition'=>1,
            ),
            
'as_css'=>array(
                
'SwitchedPosition'=>1,
            ),
            
'only_body'=>array(
                
'SwitchedPosition'=>1,
            ),
        ),
        
'InvalidMark'=>'[Verify]',
    ));

    if(!
$done)
    {
        if(
strlen($error_message))
        {
            
Reset($verify);
            
$focus=Key($verify);
        }
        else
            
$focus='data';
        
$form->ConnectFormToInput($focus'ONLOAD''Focus', array());
    }

    
$onload=HtmlSpecialChars($form->PageLoad());

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test for Secure HTML and CSS parser and filter class</title>
<style type="text/css"><!--
.invalid { border-color: #ff0000; background-color: #ffcccc }
// --></style>
</head>
<body onload="<?php    echo $onload?>" bgcolor="#cccccc">
<center><h1>Test for Secure HTML and CSS parser and filter class</h1></center>
<div align="center">
<?php
    $form
->StartLayoutCapture();
    
$form->AddInputPart('layout');
    
$form->EndLayoutCapture();
    
$form->DisplayOutput();
?>
</div>
</body>
</html>