Static Public Member Functions | |
static | removeHTMLtags ($text, $processCallback=null, $args=array(), $extratags=array()) |
Cleans up HTML, removes dangerous tags and attributes, and removes HTML comments. | |
static | removeHTMLcomments ($text) |
Remove '', and everything between. | |
static | validateTagAttributes ($attribs, $element) |
Take an array of attribute names and values and normalize or discard illegal values for the given element type. | |
static | validateAttributes ($attribs, $whitelist) |
Take an array of attribute names and values and normalize or discard illegal values for the given whitelist. | |
static | mergeAttributes ($a, $b) |
Merge two sets of HTML attributes. | |
static | checkCss ($value) |
Pick apart some CSS and check it for forbidden or unsafe structures. | |
static | fixTagAttributes ($text, $element) |
Take a tag soup fragment listing an HTML element's attributes and normalize it to well-formed XML, discarding unwanted attributes. | |
static | encodeAttribute ($text) |
Encode an attribute value for HTML output. | |
static | safeEncodeAttribute ($text) |
Encode an attribute value for HTML tags, with extra armoring against further wiki processing. | |
static | escapeId ($id, $options=array()) |
Given a value escape it so that it can be used in an id attribute and return it, this does not validate the value however (see first link). | |
static | escapeClass ($class) |
Given a value, escape it so that it can be used as a CSS class and return it. | |
static | escapeHtmlAllowEntities ($html) |
Given HTML input, escape with htmlspecialchars but un-escape entites. | |
static | decodeTagAttributes ($text) |
Return an associative array of attribute names and values from a partial tag string. | |
static | normalizeCharReferences ($text) |
Ensure that any entities and character references are legal for XML and XHTML specifically. | |
static | normalizeCharReferencesCallback ($matches) |
static | normalizeEntity ($name) |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the named entity reference as is. | |
static | decCharReference ($codepoint) |
static | hexCharReference ($codepoint) |
static | decodeCharReferences ($text) |
Decode any character references, numeric or named entities, in the text and return a UTF-8 string. | |
static | decodeCharReferencesCallback ($matches) |
static | decodeChar ($codepoint) |
Return UTF-8 string for a codepoint if that is a valid character reference, otherwise U+FFFD REPLACEMENT CHARACTER. | |
static | decodeEntity ($name) |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the UTF-8 encoding of that character. | |
static | attributeWhitelist ($element) |
Fetch the whitelist of acceptable attributes for a given element name. | |
static | setupAttributeWhitelist () |
Foreach array key (an allowed HTML element), return an array of allowed attributes. | |
static | stripAllTags ($text) |
Take a fragment of (potentially invalid) HTML and return a version with any tags removed, encoded as plain text. | |
static | hackDocType () |
Hack up a private DOCTYPE with HTML's standard entity declarations. | |
static | cleanUrl ($url) |
Static Private Member Functions | |
static | armorLinksCallback ($matches) |
Regex replace callback for armoring links against further processing. | |
static | getTagAttributeCallback ($set) |
Pick the appropriate attribute value from a match set from the MW_ATTRIBS_REGEX matches. | |
static | normalizeAttributeValue ($text) |
Normalize whitespace and character references in an XML source- encoded text for an attribute value. | |
static | normalizeWhitespace ($text) |
static | validateCodepoint ($codepoint) |
Returns true if a given Unicode codepoint is a valid character in XML. |
Definition at line 331 of file Sanitizer.php.
static Sanitizer::armorLinksCallback | ( | $ | matches | ) | [static, private] |
Regex replace callback for armoring links against further processing.
array | $matches |
Definition at line 871 of file Sanitizer.php.
static Sanitizer::attributeWhitelist | ( | $ | element | ) | [static] |
Fetch the whitelist of acceptable attributes for a given element name.
string | $element |
Definition at line 1139 of file Sanitizer.php.
static Sanitizer::checkCss | ( | $ | value | ) | [static] |
Pick apart some CSS and check it for forbidden or unsafe structures.
Returns a sanitized string, or false if it was just too evil.
Currently URL references, 'expression', 'tps' are forbidden.
string | $value |
Definition at line 658 of file Sanitizer.php.
static Sanitizer::cleanUrl | ( | $ | url | ) | [static] |
Definition at line 1341 of file Sanitizer.php.
Referenced by Parser::makeFreeExternalLink(), and Parser::replaceExternalLinks().
static Sanitizer::decCharReference | ( | $ | codepoint | ) | [static] |
Definition at line 1031 of file Sanitizer.php.
static Sanitizer::decodeChar | ( | $ | codepoint | ) | [static] |
Return UTF-8 string for a codepoint if that is a valid character reference, otherwise U+FFFD REPLACEMENT CHARACTER.
int | $codepoint |
Definition at line 1104 of file Sanitizer.php.
static Sanitizer::decodeCharReferences | ( | $ | text | ) | [static] |
Decode any character references, numeric or named entities, in the text and return a UTF-8 string.
string | $text |
Definition at line 1072 of file Sanitizer.php.
Referenced by CoreLinkFunctions::categoryLinkHook(), RecentChange::cleanupForIRC(), UploadForm::detectScript(), CoreParserFunctions::displaytitle(), WebRequest::getFileName(), Parser::guessSectionNameFromWikiText(), Title::newFromText(), ImageCleanup::processPage(), and Parser::replaceInternalLinks2().
static Sanitizer::decodeCharReferencesCallback | ( | $ | matches | ) | [static] |
static Sanitizer::decodeEntity | ( | $ | name | ) | [static] |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the UTF-8 encoding of that character.
Otherwise, returns pseudo-entity source (eg )
string | $name |
Definition at line 1120 of file Sanitizer.php.
static Sanitizer::decodeTagAttributes | ( | $ | text | ) | [static] |
Return an associative array of attribute names and values from a partial tag string.
Attribute names are forces to lowercase, character references are decoded to UTF-8 text.
string |
Definition at line 883 of file Sanitizer.php.
Referenced by Parser::extensionSubstitution(), and Linker::makeKnownLinkObj().
static Sanitizer::encodeAttribute | ( | $ | text | ) | [static] |
Encode an attribute value for HTML output.
$text |
Definition at line 721 of file Sanitizer.php.
Referenced by ApiFormatXml::doubleQuote(), and Xml::expandAttributes().
static Sanitizer::escapeClass | ( | $ | class | ) | [static] |
Given a value, escape it so that it can be used as a CSS class and return it.
string | $class |
Definition at line 841 of file Sanitizer.php.
Referenced by getBodyOptions(), SpecialStatistics::getGroupStats(), getPageClasses(), and SkinTemplate::outputPage().
static Sanitizer::escapeHtmlAllowEntities | ( | $ | html | ) | [static] |
Given HTML input, escape with htmlspecialchars but un-escape entites.
This allows (generally harmless) entities like to survive.
string | $html String to escape |
Definition at line 856 of file Sanitizer.php.
Referenced by Linker::formatComment(), and wfMsgExt().
static Sanitizer::escapeId | ( | $ | id, | |
$ | options = array() | |||
) | [static] |
Given a value escape it so that it can be used in an id attribute and return it, this does not validate the value however (see first link).
http://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with the id attribute
string | $id Id to validate | |
mixed | $options String or array of strings (default is array()): 'noninitial': This is a non-initial fragment of an id, not a full id, so don't pay attention if the first character isn't valid at the beginning of an id. 'xml': Don't restrict the id to be HTML4-compatible. This option allows any alphabetic character to be used, per the XML standard. Therefore, it also completely changes the type of escaping: instead of weird dot-encoding, runs of invalid characters (mostly whitespace) are just compressed into a single underscore. |
Definition at line 790 of file Sanitizer.php.
Referenced by Title::escapeFragmentForURL(), MonoBookTemplate::execute(), ModernTemplate::execute(), Parser::formatHeadings(), and ImagePage::makeMetadataTable().
static Sanitizer::fixTagAttributes | ( | $ | text, | |
$ | element | |||
) | [static] |
Take a tag soup fragment listing an HTML element's attributes and normalize it to well-formed XML, discarding unwanted attributes.
Output is safe for further wikitext processing, with escaping of values that could trigger problems.
string | $text | |
string | $element |
Definition at line 698 of file Sanitizer.php.
static Sanitizer::getTagAttributeCallback | ( | $ | set | ) | [static, private] |
Pick the appropriate attribute value from a match set from the MW_ATTRIBS_REGEX matches.
array | $set |
Definition at line 921 of file Sanitizer.php.
static Sanitizer::hackDocType | ( | ) | [static] |
Hack up a private DOCTYPE with HTML's standard entity declarations.
PHP 4 seemed to know these if you gave it an HTML doctype, but PHP 5.1 doesn't.
Use for passing XHTML fragments to PHP's XML parsing functions
Definition at line 1331 of file Sanitizer.php.
Referenced by HTMLDiffer::htmlDiff(), and ParserTest::wellFormed().
static Sanitizer::hexCharReference | ( | $ | codepoint | ) | [static] |
Definition at line 1040 of file Sanitizer.php.
static Sanitizer::mergeAttributes | ( | $ | a, | |
$ | b | |||
) | [static] |
Merge two sets of HTML attributes.
Conflicting items in the second set will override those in the first, except for 'class' attributes which will be combined (if they're both strings).
array | $a | |
array | $b |
Definition at line 637 of file Sanitizer.php.
Referenced by MathRenderer::_attribs(), Linker::linkAttribs(), Linker::makeKnownLinkObj(), and ImageGallery::toHTML().
static Sanitizer::normalizeAttributeValue | ( | $ | text | ) | [static, private] |
Normalize whitespace and character references in an XML source- encoded text for an attribute value.
See http://www.w3.org/TR/REC-xml/#AVNormalize for background, but note that we're not returning the value, but are returning XML source fragments that will be slapped into output.
string | $text |
Definition at line 955 of file Sanitizer.php.
static Sanitizer::normalizeCharReferences | ( | $ | text | ) | [static] |
Ensure that any entities and character references are legal for XML and XHTML specifically.
Any stray bits will be &-escaped to result in a valid text fragment.
a. any named char refs must be known in XHTML b. any numeric char refs must be legal chars, not invalid or forbidden c. use &x, not &X d. fix or reject non-valid attributes
string | $text |
Definition at line 982 of file Sanitizer.php.
Referenced by Parser::parse().
static Sanitizer::normalizeCharReferencesCallback | ( | $ | matches | ) | [static] |
static Sanitizer::normalizeEntity | ( | $ | name | ) | [static] |
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the named entity reference as is.
If the entity is a MediaWiki-specific alias, returns the HTML equivalent. Otherwise, returns HTML-escaped text of pseudo-entity source (eg &foo;)
string | $name |
Definition at line 1020 of file Sanitizer.php.
static Sanitizer::normalizeWhitespace | ( | $ | text | ) | [static, private] |
Definition at line 961 of file Sanitizer.php.
static Sanitizer::removeHTMLcomments | ( | $ | text | ) | [static] |
Remove '', and everything between.
To avoid leaving blank lines, when a comment is both preceded and followed by a newline (ignoring spaces), trim leading and trailing spaces and one of the newlines.
string | $text |
Definition at line 527 of file Sanitizer.php.
static Sanitizer::removeHTMLtags | ( | $ | text, | |
$ | processCallback = null , |
|||
$ | args = array() , |
|||
$ | extratags = array() | |||
) | [static] |
Cleans up HTML, removes dangerous tags and attributes, and removes HTML comments.
string | $text | |
callback | $processCallback to do any variable or parameter replacements in HTML attribute values | |
array | $args for the processing callback |
Definition at line 341 of file Sanitizer.php.
Referenced by Parser::internalParse(), and Parser::testSrvus().
static Sanitizer::safeEncodeAttribute | ( | $ | text | ) | [static] |
Encode an attribute value for HTML tags, with extra armoring against further wiki processing.
$text |
Definition at line 742 of file Sanitizer.php.
static Sanitizer::setupAttributeWhitelist | ( | ) | [static] |
Foreach array key (an allowed HTML element), return an array of allowed attributes.
Definition at line 1154 of file Sanitizer.php.
static Sanitizer::stripAllTags | ( | $ | text | ) | [static] |
Take a fragment of (potentially invalid) HTML and return a version with any tags removed, encoded as plain text.
Warning: this return value must be further escaped for literal inclusion in HTML output as of 1.10!
string | $text HTML fragment |
Definition at line 1310 of file Sanitizer.php.
Referenced by Parser::stripAltText().
static Sanitizer::validateAttributes | ( | $ | attribs, | |
$ | whitelist | |||
) | [static] |
Take an array of attribute names and values and normalize or discard illegal values for the given whitelist.
array | $attribs | |
array | $whitelist list of allowed attribute names |
Check for unique id attribute :P
Definition at line 597 of file Sanitizer.php.
static Sanitizer::validateCodepoint | ( | $ | codepoint | ) | [static, private] |
Returns true if a given Unicode codepoint is a valid character in XML.
int | $codepoint |
Definition at line 1054 of file Sanitizer.php.
static Sanitizer::validateTagAttributes | ( | $ | attribs, | |
$ | element | |||
) | [static] |
Take an array of attribute names and values and normalize or discard illegal values for the given element type.
array | $attribs | |
string | $element |
Check for unique id attribute :P
Definition at line 577 of file Sanitizer.php.
Referenced by MathRenderer::_attribs(), Parser::renderImageGallery(), and Parser::renderPreTag().