Ticket #26: sanitize.patch

File sanitize.patch, 2.8 kB (added by mortonda@…, 4 months ago)

a basic implementation of htmltidy

  • php/mime.php 

    diff --git a/php/mime.php b/php/mime.php
index b4ab994..f9af670 100644
    a b  
    7777   require_once ("core.php"); 
    7878   require_once ("maia_db.php"); 
    7979   require_once ("Mail/mimeDecode.php");  // PEAR::Mail::mimeDecode.php 
     80   require_once 'HTMLPurifier.auto.php'; 
     81 
    8082 
    8183 
    8284   /* 
     
    176178   function sanitize_html($body) 
    177179   { 
    178180 
    179        // Replace any images with a placeholder image 
    180        $body = preg_replace("/<img(.*?)>/si", "<img src=\"images/blocked.jpg\">", $body); 
    181  
    182        // Structural tags are NOT allowed! 
    183        // <!DOCTYPE>, <base>, <body>, <head>, <html>, <link>, <meta>, <title> 
    184  
    185        // Block-level elements are allowed 
    186        $allowable_tags = "<address><blockquote><div><h1><h2>" . 
    187                          "<h3><h4><h5><h6><p>"; 
    188  
    189        // Inline styles are allowed 
    190        $allowable_tags .= "<b><big><cite><code><em><font><i><kbd><pre><s>" . 
    191                           "<samp><small><span><strike><strong><sub><sup>" . 
    192                           "<tt><u><var><style><rt><ruby>"; 
    193  
    194        // Logical styles are allowed 
    195        $allowable_tags .= "<abbr><acronym><del><ins><q>"; 
    196  
    197        // Physical styles are NOT allowed! 
    198        // <blink>, <marquee> 
    199  
    200        // List tags are allowed 
    201        $allowable_tags .= "<dir><dl><dd><dt><li><menu><ol><ul>"; 
    202  
    203        // Spacing and positioning tags are allowed 
    204        $allowable_tags .= "<br><center><nobr><spacer><wbr><hr>"; 
    205  
    206        // Linking tags are allowed 
    207        // Exceptions: <link><map><area> 
    208        $allowable_tags .= "<a>"; 
    209  
    210        // Image tags are allowed, if they're local 
    211        $allowable_tags .= "<img>"; 
    212  
    213        // Table tags are allowed 
    214        $allowable_tags .= "<table><th><tr><td><caption><col><colgroup>" . 
    215                           "<tbody><thead><tfoot>"; 
    216  
    217        // Frame tags are NOT allowed! 
    218        // <frame>, <frameset>, <noframes> 
    219  
    220        // Form tags are NOT allowed! 
    221        // <button>, <form>, <input>, <option>, <select>, <textarea>, 
    222        // <fieldset>, <label>, <legend> 
    223  
    224        // Multimedia tags are NOT allowed! 
    225        // <applet>, <bgsound>, <embed>, <object>, <param> 
    226  
    227        // Script tags are NOT allowed! 
    228        // <script>, <noscript> 
    229  
    230        // Miscellaneous banned tags 
    231        // <basefont>, <isindex>, <ilayer>, <iframe>, <keygen>, 
    232        // <layer>, <multicol>, <server>, <comment> 
     181       $config = HTMLPurifier_Config::createDefault(); 
     182       $config->set('Cache', 'DefinitionImpl', null); 
     183       $config->set('URI', 'Disable', true); 
     184       $purifier = new HTMLPurifier($config); 
    233185 
    234        $html = "\n<!-- Maia: Decoded HTML begins here -->\n"; 
    235        $html .= trim(strip_tags($body, $allowable_tags)); 
    236        $html .= "\n<!-- Maia: Decoded HTML ends here -->\n\n"; 
     186       $html =  $purifier->purify($body); 
    237187 
    238188       return ($html); 
    239189   }