PHP Classes

File: test_safe_html_filter.php

Recommend this page to a friend!
  Classes of Manuel Lemos   Secure HTML parser and filter   test_safe_html_filter.php   Download  
File: test_safe_html_filter.php
Role: Example script
Content type: text/plain
Description: Example script that demonstrates how to parse and filter and HTML document file
Class: Secure HTML parser and filter
Parse and filter insecure HTML tags and CSS styles
Author: By
Last change: Added options for testing.
Date: 15 years ago
Size: 3,621 bytes
 

Contents

Class file image Download
<?php
/*
 * test_safe_html_filter.php
 *
 * @(#) $Header: /home/mlemos/cvsroot/markupparser/test_safe_html_filter.php,v 1.10 2009/08/21 05:21:12 mlemos Exp $
 *
 */

   
require_once('css_parser.php');
    require_once(
'dtd_parser.php');
    require_once(
'filecacheclass.php');
    require_once(
'markup_parser.php');
    require_once(
'markup_filter_validator.php');
    require_once(
'markup_filter_safe_html.php');

   
$message_file = ((IsSet($_SERVER['argv']) && count($_SERVER['argv'])>1) ? $_SERVER['argv'][1] : 'test/sample/simple.html');

   
$filter = new markup_filter_safe_html_class;

   
/* Set to 1 if you need to track line numbers of errors or element
     * positions
     */
   
$filter->track_lines = 1;

   
/* Add here the proprietary CSS properties that you know that are safe
     * to allow.
     */
   
$filter->safe_proprietary_css_properties = array(
       
'-moz-border-radius'=>array(),
       
'-moz-border-radius-topleft'=>array(),
       
'-moz-border-radius-topright'=>array(),
       
'-moz-border-radius-bottomleft'=>array(),
       
'-moz-border-radius-bottomright'=>array(),
       
'-webkit-border-radius'=>array(),
       
'-webkit-border-top-left-radius'=>array(),
       
'-webkit-border-top-right-radius'=>array(),
       
'-webkit-border-bottom-left-radius'=>array(),
       
'-webkit-border-bottom-right-radius'=>array(),
    );
   
   
/* Add here the CSS property function names properties that you know
     * that are safe to allow.
     */
   
$filter->safe_css_property_functions = array(
       
'alpha'=>array()
    );

   
$parameters=array(
       
'File'=>$message_file,

       
/* Read a markup from a string instead of a file */
        /* 'Data'=>'<html><head><title>My HTML data string</title></head>
                    <body><p>My HTML data string</p></body></html>', */

        /* Set to 1 if want to filter HTML that only contains the body
            part of a page */
       
'OnlyBody'=>0,

       
/* Set to the path of the directory where cache files will be
            stored with parsed DTD information to avoid parsing overhead,
            otherwise it may become very slow. */
       
'DTDCachePath'=>'',
    );

/*
 * The following lines are for testing purposes.
 * Remove these lines when adapting this example to real applications.
 */
   
if(defined('__TEST'))
    {
        if(IsSet(
$__test_options['parameters']))
           
$parameters = $__test_options['parameters'];
    }

   
$start = microtime();
    if((
$success = $filter->StartParsing($parameters)))
    {
       
$output = '';
        do
        {
            if(!(
$success = $filter->Parse($end, $elements)))
                break;
           
$te = count($elements);
            for(
$e = 0; $e < $te; ++$e)
            {
               
/*
                var_dump($elements[$e]);
                */
               
if(!($success = $filter->RewriteElement($elements[$e], $markup)))
                    break;
               
$output.= $markup;
            }
        }
        while(!
$end);
        if(
$success)
           
$success = $filter->FinishParsing();
        if(
$success)
            echo
$output;
    }
   
$end = microtime();
    if(!
$success)
    {
        echo
'Markup parsing error: '.$filter->error.' at position '.$filter->error_position;
        if(
$filter->track_lines
       
&& $filter->GetPositionLine($filter->error_position, $line, $column))
            echo
' line '.$line.' column '.$column;
        echo
"\n";
    }
    for(
$warning = 0, Reset($filter->warnings); $warning < count($filter->warnings); Next($filter->warnings), $warning++)
    {
       
$w = Key($filter->warnings);
        echo
'Warning: ', $filter->warnings[$w], ' at position ', $w;
        if(
$filter->track_lines
       
&& $filter->GetPositionLine($w, $line, $column))
            echo
' line '.$line.' column '.$column;
        echo
"\n";
    }
    if(!
defined('__TEST'))
        echo
'Timer: ', doubleval(strtok($end,' ')) + doubleval(strtok('')) - doubleval(strtok($start,' ')) - doubleval(strtok('')), "\n";
?>