Static Public Member Functions | |
static | removeHTMLtags ($text, $processCallback=null, $args=array(), $extratags=array()) |
Cleans up HTML, removes dangerous tags and attributes, and removes HTML comments. | |
static | removeHTMLcomments ($text) |
Remove '', and everything between. | |
static | validateTagAttributes ($attribs, $element) |
Take an array of attribute names and values and normalize or discard illegal values for the given element type. | |
static | validateAttributes ($attribs, $whitelist) |
Take an array of attribute names and values and normalize or discard illegal values for the given whitelist. | |
static | mergeAttributes ($a, $b) |
Merge two sets of HTML attributes. | |
static | checkCss ($value) |
Pick apart some CSS and check it for forbidden or unsafe structures. | |
static | cssDecodeCallback ($matches) |
static | fixTagAttributes ($text, $element) |
Take a tag soup fragment listing an HTML element's attributes and normalize it to well-formed XML, discarding unwanted attributes. | |
static | encodeAttribute ($text) |
Encode an attribute value for HTML output. | |
static | safeEncodeAttribute ($text) |
Encode an attribute value for HTML tags, with extra armoring against further wiki processing. | |
static | escapeId ($id, $options=array()) |
Given a value escape it so that it can be used in an id attribute and return it, this does not validate the value however (see first link). | |
static | escapeClass ($class) |
Given a value, escape it so that it can be used as a CSS class and return it. | |
static | escapeHtmlAllowEntities ($html) |
Given HTML input, escape with htmlspecialchars but un-escape entites. | |
static | decodeTagAttributes ($text) |
Return an associative array of attribute names and values from a partial tag string. | |
static | normalizeCharReferences ($text) |
Ensure that any entities and character references are legal for XML and XHTML specifically. | |
static | normalizeCharReferencesCallback ($matches) |
static | normalizeEntity ($name) |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the named entity reference as is. | |
static | decCharReference ($codepoint) |
static | hexCharReference ($codepoint) |
static | decodeCharReferences ($text) |
Decode any character references, numeric or named entities, in the text and return a UTF-8 string. | |
static | decodeCharReferencesCallback ($matches) |
static | decodeChar ($codepoint) |
Return UTF-8 string for a codepoint if that is a valid character reference, otherwise U+FFFD REPLACEMENT CHARACTER. | |
static | decodeEntity ($name) |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the UTF-8 encoding of that character. | |
static | attributeWhitelist ($element) |
Fetch the whitelist of acceptable attributes for a given element name. | |
static | setupAttributeWhitelist () |
Foreach array key (an allowed HTML element), return an array of allowed attributes. | |
static | stripAllTags ($text) |
Take a fragment of (potentially invalid) HTML and return a version with any tags removed, encoded as plain text. | |
static | hackDocType () |
Hack up a private DOCTYPE with HTML's standard entity declarations. | |
static | cleanUrl ($url) |
Static Private Member Functions | |
static | armorLinksCallback ($matches) |
Regex replace callback for armoring links against further processing. | |
static | getTagAttributeCallback ($set) |
Pick the appropriate attribute value from a match set from the MW_ATTRIBS_REGEX matches. | |
static | normalizeAttributeValue ($text) |
Normalize whitespace and character references in an XML source- encoded text for an attribute value. | |
static | normalizeWhitespace ($text) |
static | validateCodepoint ($codepoint) |
Returns true if a given Unicode codepoint is a valid character in XML. |
Definition at line 331 of file Sanitizer.php.
static Sanitizer::armorLinksCallback | ( | $ | matches | ) | [static, private] |
Regex replace callback for armoring links against further processing.
array | $matches |
Definition at line 900 of file Sanitizer.php.
static Sanitizer::attributeWhitelist | ( | $ | element | ) | [static] |
Fetch the whitelist of acceptable attributes for a given element name.
string | $element |
Definition at line 1168 of file Sanitizer.php.
static Sanitizer::checkCss | ( | $ | value | ) | [static] |
Pick apart some CSS and check it for forbidden or unsafe structures.
Returns a sanitized string, or false if it was just too evil.
Currently URL references, 'expression', 'tps' are forbidden.
string | $value |
Definition at line 654 of file Sanitizer.php.
static Sanitizer::cleanUrl | ( | $ | url | ) | [static] |
Definition at line 1370 of file Sanitizer.php.
Referenced by Parser::makeFreeExternalLink(), and Parser::replaceExternalLinks().
static Sanitizer::cssDecodeCallback | ( | $ | matches | ) | [static] |
Definition at line 687 of file Sanitizer.php.
static Sanitizer::decCharReference | ( | $ | codepoint | ) | [static] |
Definition at line 1060 of file Sanitizer.php.
static Sanitizer::decodeChar | ( | $ | codepoint | ) | [static] |
Return UTF-8 string for a codepoint if that is a valid character reference, otherwise U+FFFD REPLACEMENT CHARACTER.
int | $codepoint |
Definition at line 1133 of file Sanitizer.php.
static Sanitizer::decodeCharReferences | ( | $ | text | ) | [static] |
Decode any character references, numeric or named entities, in the text and return a UTF-8 string.
string | $text |
Definition at line 1101 of file Sanitizer.php.
Referenced by CoreLinkFunctions::categoryLinkHook(), RecentChange::cleanupForIRC(), UploadForm::detectScript(), CoreParserFunctions::displaytitle(), WebRequest::getFileName(), Parser::guessSectionNameFromWikiText(), Title::newFromText(), ImageCleanup::processPage(), and Parser::replaceInternalLinks2().
static Sanitizer::decodeCharReferencesCallback | ( | $ | matches | ) | [static] |
static Sanitizer::decodeEntity | ( | $ | name | ) | [static] |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the UTF-8 encoding of that character.
Otherwise, returns pseudo-entity source (eg )
string | $name |
Definition at line 1149 of file Sanitizer.php.
static Sanitizer::decodeTagAttributes | ( | $ | text | ) | [static] |
Return an associative array of attribute names and values from a partial tag string.
Attribute names are forces to lowercase, character references are decoded to UTF-8 text.
string |
Definition at line 912 of file Sanitizer.php.
Referenced by Parser::extensionSubstitution(), and Linker::makeKnownLinkObj().
static Sanitizer::encodeAttribute | ( | $ | text | ) | [static] |
Encode an attribute value for HTML output.
$text |
Definition at line 750 of file Sanitizer.php.
Referenced by ApiFormatXml::doubleQuote(), and Xml::expandAttributes().
static Sanitizer::escapeClass | ( | $ | class | ) | [static] |
Given a value, escape it so that it can be used as a CSS class and return it.
string | $class |
Definition at line 870 of file Sanitizer.php.
Referenced by getBodyOptions(), SpecialStatistics::getGroupStats(), getPageClasses(), and SkinTemplate::outputPage().
static Sanitizer::escapeHtmlAllowEntities | ( | $ | html | ) | [static] |
Given HTML input, escape with htmlspecialchars but un-escape entites.
This allows (generally harmless) entities like to survive.
string | $html String to escape |
Definition at line 885 of file Sanitizer.php.
Referenced by Linker::formatComment(), and wfMsgExt().
static Sanitizer::escapeId | ( | $ | id, | |
$ | options = array() | |||
) | [static] |
Given a value escape it so that it can be used in an id attribute and return it, this does not validate the value however (see first link).
http://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with the id attribute
string | $id Id to validate | |
mixed | $options String or array of strings (default is array()): 'noninitial': This is a non-initial fragment of an id, not a full id, so don't pay attention if the first character isn't valid at the beginning of an id. 'xml': Don't restrict the id to be HTML4-compatible. This option allows any alphabetic character to be used, per the XML standard. Therefore, it also completely changes the type of escaping: instead of weird dot-encoding, runs of invalid characters (mostly whitespace) are just compressed into a single underscore. |
Definition at line 819 of file Sanitizer.php.
Referenced by Title::escapeFragmentForURL(), MonoBookTemplate::execute(), ModernTemplate::execute(), Parser::formatHeadings(), and ImagePage::makeMetadataTable().
static Sanitizer::fixTagAttributes | ( | $ | text, | |
$ | element | |||
) | [static] |
Take a tag soup fragment listing an HTML element's attributes and normalize it to well-formed XML, discarding unwanted attributes.
Output is safe for further wikitext processing, with escaping of values that could trigger problems.
string | $text | |
string | $element |
Definition at line 727 of file Sanitizer.php.
static Sanitizer::getTagAttributeCallback | ( | $ | set | ) | [static, private] |
Pick the appropriate attribute value from a match set from the MW_ATTRIBS_REGEX matches.
array | $set |
Definition at line 950 of file Sanitizer.php.
static Sanitizer::hackDocType | ( | ) | [static] |
Hack up a private DOCTYPE with HTML's standard entity declarations.
PHP 4 seemed to know these if you gave it an HTML doctype, but PHP 5.1 doesn't.
Use for passing XHTML fragments to PHP's XML parsing functions
Definition at line 1360 of file Sanitizer.php.
Referenced by HTMLDiffer::htmlDiff(), and ParserTest::wellFormed().
static Sanitizer::hexCharReference | ( | $ | codepoint | ) | [static] |
Definition at line 1069 of file Sanitizer.php.
static Sanitizer::mergeAttributes | ( | $ | a, | |
$ | b | |||
) | [static] |
Merge two sets of HTML attributes.
Conflicting items in the second set will override those in the first, except for 'class' attributes which will be combined (if they're both strings).
array | $a | |
array | $b |
Definition at line 633 of file Sanitizer.php.
Referenced by MathRenderer::_attribs(), Linker::linkAttribs(), Linker::makeKnownLinkObj(), and ImageGallery::toHTML().
static Sanitizer::normalizeAttributeValue | ( | $ | text | ) | [static, private] |
Normalize whitespace and character references in an XML source- encoded text for an attribute value.
See http://www.w3.org/TR/REC-xml/#AVNormalize for background, but note that we're not returning the value, but are returning XML source fragments that will be slapped into output.
string | $text |
Definition at line 984 of file Sanitizer.php.
static Sanitizer::normalizeCharReferences | ( | $ | text | ) | [static] |
Ensure that any entities and character references are legal for XML and XHTML specifically.
Any stray bits will be &-escaped to result in a valid text fragment.
a. any named char refs must be known in XHTML b. any numeric char refs must be legal chars, not invalid or forbidden c. use &x, not &X d. fix or reject non-valid attributes
string | $text |
Definition at line 1011 of file Sanitizer.php.
Referenced by Parser::parse().
static Sanitizer::normalizeCharReferencesCallback | ( | $ | matches | ) | [static] |
static Sanitizer::normalizeEntity | ( | $ | name | ) | [static] |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the named entity reference as is.
If the entity is a MediaWiki-specific alias, returns the HTML equivalent. Otherwise, returns HTML-escaped text of pseudo-entity source (eg &foo;)
string | $name |
Definition at line 1049 of file Sanitizer.php.
static Sanitizer::normalizeWhitespace | ( | $ | text | ) | [static, private] |
Definition at line 990 of file Sanitizer.php.
static Sanitizer::removeHTMLcomments | ( | $ | text | ) | [static] |
Remove '', and everything between.
To avoid leaving blank lines, when a comment is both preceded and followed by a newline (ignoring spaces), trim leading and trailing spaces and one of the newlines.
string | $text |
Definition at line 527 of file Sanitizer.php.
static Sanitizer::removeHTMLtags | ( | $ | text, | |
$ | processCallback = null , |
|||
$ | args = array() , |
|||
$ | extratags = array() | |||
) | [static] |
Cleans up HTML, removes dangerous tags and attributes, and removes HTML comments.
string | $text | |
callback | $processCallback to do any variable or parameter replacements in HTML attribute values | |
array | $args for the processing callback |
Definition at line 341 of file Sanitizer.php.
Referenced by Parser::internalParse(), and Parser::testSrvus().
static Sanitizer::safeEncodeAttribute | ( | $ | text | ) | [static] |
Encode an attribute value for HTML tags, with extra armoring against further wiki processing.
$text |
Definition at line 771 of file Sanitizer.php.
static Sanitizer::setupAttributeWhitelist | ( | ) | [static] |
Foreach array key (an allowed HTML element), return an array of allowed attributes.
Definition at line 1183 of file Sanitizer.php.
static Sanitizer::stripAllTags | ( | $ | text | ) | [static] |
Take a fragment of (potentially invalid) HTML and return a version with any tags removed, encoded as plain text.
Warning: this return value must be further escaped for literal inclusion in HTML output as of 1.10!
string | $text HTML fragment |
Definition at line 1339 of file Sanitizer.php.
Referenced by Parser::stripAltText().
static Sanitizer::validateAttributes | ( | $ | attribs, | |
$ | whitelist | |||
) | [static] |
Take an array of attribute names and values and normalize or discard illegal values for the given whitelist.
array | $attribs | |
array | $whitelist list of allowed attribute names |
Check for unique id attribute :P
Definition at line 597 of file Sanitizer.php.
static Sanitizer::validateCodepoint | ( | $ | codepoint | ) | [static, private] |
Returns true if a given Unicode codepoint is a valid character in XML.
int | $codepoint |
Definition at line 1083 of file Sanitizer.php.
static Sanitizer::validateTagAttributes | ( | $ | attribs, | |
$ | element | |||
) | [static] |
Take an array of attribute names and values and normalize or discard illegal values for the given element type.
array | $attribs | |
string | $element |
Check for unique id attribute :P
Definition at line 577 of file Sanitizer.php.
Referenced by MathRenderer::_attribs(), Parser::renderImageGallery(), and Parser::renderPreTag().