diff options
| author | Evan Prodromou <evan@status.net> | 2010-02-20 11:35:01 -0500 |
|---|---|---|
| committer | Evan Prodromou <evan@status.net> | 2010-02-20 11:35:01 -0500 |
| commit | 81ea0f81173030c73cfc8dd46946d126d3d41622 (patch) | |
| tree | 5df2ddd2d59086b81ba471ccea16629571c791bf /extlib/HTMLPurifier/HTMLPurifier.kses.php | |
| parent | ed45df045f661e9c3b85e0657986c99c320914f0 (diff) | |
Add HTMLPurifier to extlib
HTMLPurifier defangs arbitrary submitted HTML. We're using it in the
OStatus plugin, but it may be valuable for other parts of the codebase
(I think OEmbed might benefit, for example).
Diffstat (limited to 'extlib/HTMLPurifier/HTMLPurifier.kses.php')
| -rw-r--r-- | extlib/HTMLPurifier/HTMLPurifier.kses.php | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/extlib/HTMLPurifier/HTMLPurifier.kses.php b/extlib/HTMLPurifier/HTMLPurifier.kses.php new file mode 100644 index 000000000..3143feb17 --- /dev/null +++ b/extlib/HTMLPurifier/HTMLPurifier.kses.php @@ -0,0 +1,30 @@ +<?php + +/** + * @file + * Emulation layer for code that used kses(), substituting in HTML Purifier. + */ + +require_once dirname(__FILE__) . '/HTMLPurifier.auto.php'; + +function kses($string, $allowed_html, $allowed_protocols = null) { + $config = HTMLPurifier_Config::createDefault(); + $allowed_elements = array(); + $allowed_attributes = array(); + foreach ($allowed_html as $element => $attributes) { + $allowed_elements[$element] = true; + foreach ($attributes as $attribute => $x) { + $allowed_attributes["$element.$attribute"] = true; + } + } + $config->set('HTML.AllowedElements', $allowed_elements); + $config->set('HTML.AllowedAttributes', $allowed_attributes); + $allowed_schemes = array(); + if ($allowed_protocols !== null) { + $config->set('URI.AllowedSchemes', $allowed_protocols); + } + $purifier = new HTMLPurifier($config); + return $purifier->purify($string); +} + +// vim: et sw=4 sts=4 |