4 * Removes all unrecognized tags from the list of tokens.
6 * This strategy iterates through all the tokens and removes unrecognized
7 * tokens. If a token is not recognized but a TagTransform is defined for
8 * that element, the element will be transformed accordingly.
11 class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
15 * @param HTMLPurifier_Token[] $tokens
16 * @param HTMLPurifier_Config $config
17 * @param HTMLPurifier_Context $context
18 * @return array|HTMLPurifier_Token[]
20 public function execute($tokens, $config, $context)
22 $definition = $config->getHTMLDefinition();
23 $generator = new HTMLPurifier_Generator($config, $context);
26 $escape_invalid_tags = $config->get('Core.EscapeInvalidTags');
27 $remove_invalid_img = $config->get('Core.RemoveInvalidImg');
29 // currently only used to determine if comments should be kept
30 $trusted = $config->get('HTML.Trusted');
31 $comment_lookup = $config->get('HTML.AllowedComments');
32 $comment_regexp = $config->get('HTML.AllowedCommentsRegexp');
33 $check_comments = $comment_lookup !== array() || $comment_regexp !== null;
35 $remove_script_contents = $config->get('Core.RemoveScriptContents');
36 $hidden_elements = $config->get('Core.HiddenElements');
38 // remove script contents compatibility
39 if ($remove_script_contents === true) {
40 $hidden_elements['script'] = true;
41 } elseif ($remove_script_contents === false && isset($hidden_elements['script'])) {
42 unset($hidden_elements['script']);
45 $attr_validator = new HTMLPurifier_AttrValidator();
47 // removes tokens until it reaches a closing tag with its value
48 $remove_until = false;
50 // converts comments into text tokens when this is equal to a tag name
51 $textify_comments = false;
54 $context->register('CurrentToken', $token);
57 if ($config->get('Core.CollectErrors')) {
58 $e =& $context->get('ErrorCollector');
61 foreach ($tokens as $token) {
63 if (empty($token->is_tag) || $token->name !== $remove_until) {
67 if (!empty($token->is_tag)) {
70 // before any processing, try to transform the element
71 if (isset($definition->info_tag_transform[$token->name])) {
72 $original_name = $token->name;
73 // there is a transformation for this tag
75 $token = $definition->
76 info_tag_transform[$token->name]->transform($token, $config, $context);
78 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
82 if (isset($definition->info[$token->name])) {
83 // mostly everything's good, but
84 // we need to make sure required attributes are in order
85 if (($token instanceof HTMLPurifier_Token_Start || $token instanceof HTMLPurifier_Token_Empty) &&
86 $definition->info[$token->name]->required_attr &&
87 ($token->name != 'img' || $remove_invalid_img) // ensure config option still works
89 $attr_validator->validateToken($token, $config, $context);
91 foreach ($definition->info[$token->name]->required_attr as $name) {
92 if (!isset($token->attr[$name])) {
101 'Strategy_RemoveForeignElements: Missing required attribute',
107 $token->armor['ValidateAttributes'] = true;
110 if (isset($hidden_elements[$token->name]) && $token instanceof HTMLPurifier_Token_Start) {
111 $textify_comments = $token->name;
112 } elseif ($token->name === $textify_comments && $token instanceof HTMLPurifier_Token_End) {
113 $textify_comments = false;
116 } elseif ($escape_invalid_tags) {
117 // invalid tag, generate HTML representation and insert in
119 $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
121 $token = new HTMLPurifier_Token_Text(
122 $generator->generateFromToken($token)
125 // check if we need to destroy all of the tag's children
126 // CAN BE GENERICIZED
127 if (isset($hidden_elements[$token->name])) {
128 if ($token instanceof HTMLPurifier_Token_Start) {
129 $remove_until = $token->name;
130 } elseif ($token instanceof HTMLPurifier_Token_Empty) {
131 // do nothing: we're still looking
133 $remove_until = false;
136 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed');
140 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
145 } elseif ($token instanceof HTMLPurifier_Token_Comment) {
146 // textify comments in script tags when they are allowed
147 if ($textify_comments !== false) {
148 $data = $token->data;
149 $token = new HTMLPurifier_Token_Text($data);
150 } elseif ($trusted || $check_comments) {
151 // always cleanup comments
152 $trailing_hyphen = false;
154 // perform check whether or not there's a trailing hyphen
155 if (substr($token->data, -1) == '-') {
156 $trailing_hyphen = true;
159 $token->data = rtrim($token->data, '-');
160 $found_double_hyphen = false;
161 while (strpos($token->data, '--') !== false) {
162 $found_double_hyphen = true;
163 $token->data = str_replace('--', '-', $token->data);
165 if ($trusted || !empty($comment_lookup[trim($token->data)]) ||
166 ($comment_regexp !== null && preg_match($comment_regexp, trim($token->data)))) {
169 if ($trailing_hyphen) {
172 'Strategy_RemoveForeignElements: Trailing hyphen in comment removed'
175 if ($found_double_hyphen) {
176 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Hyphens in comment collapsed');
181 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
188 $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
192 } elseif ($token instanceof HTMLPurifier_Token_Text) {
198 if ($remove_until && $e) {
199 // we removed tokens until the end, throw error
200 $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until);
202 $context->destroy('CurrentToken');
207 // vim: et sw=4 sts=4
projects / yaffs-website / blob