PHP Classes

File: secure_html_filter.php

Recommend this page to a friend!
  Classes of Manuel Lemos   Secure HTML parser and filter   secure_html_filter.php   Download  
File: secure_html_filter.php
Role: Example script
Content type: text/plain
Description: Script with forms to test the secure HTML filter classes
Class: Secure HTML parser and filter
Parse and filter insecure HTML tags and CSS styles
Author: By
Last change: - Added rgb to the list of safe CSS functions.
- Moved the CSS filter definitions.
- Added support to also filter CSS stylesheets.
Date: 13 years ago
Size: 6,212 bytes
 

Contents

Class file image Download
<?php
/*
 * safe_html_filter.php
 *
 * @(#) $Id: secure_html_filter.php,v 1.5 2010/02/08 00:09:32 mlemos Exp $
 *
 */

   
require('forms.php');
    require(
'form_layout_vertical.php');
    require(
'filecacheclass.php');
    require(
'css_parser.php');
    require(
'dtd_parser.php');
    require(
'markup_parser.php');
    require(
'markup_filter_validator.php');
    require(
'markup_filter_safe_html.php');

   
$form = new form_class;
   
$form->NAME = 'filter_form';
   
$form->METHOD = 'POST';
   
$form->ACTION = '';
   
$form->debug = 'trigger_error';
   
$form->ShowAllErrors = 1;
   
$form->InvalidCLASS = 'invalid';
   
$form->AddInput(array(
       
'TYPE'=>'textarea',
       
'NAME'=>'data',
       
'ID'=>'data',
       
'ROWS'=>10,
       
'COLS'=>60,
       
'ValidateAsNotEmpty'=>1,
       
'ValidationErrorMessage'=>
           
'It was not specified any HTML to validate.',
       
'LABEL'=>'<u>D</u>ata',
       
'ACCESSKEY'=>'D'
   
));
   
$form->AddInput(array(
       
'TYPE'=>'radio',
       
'NAME'=>'as',
       
'ID'=>'as_html',
       
'VALUE'=>'html',
       
'LABEL'=>'As <u>H</u>TML',
       
'ACCESSKEY'=>'H',
       
'CHECKED'=>1
   
));
   
$form->AddInput(array(
       
'TYPE'=>'checkbox',
       
'NAME'=>'only_body',
       
'ID'=>'only_body',
       
'LABEL'=>'Only <u>b</u>ody',
       
'ACCESSKEY'=>'b'
   
));
   
$form->AddInput(array(
       
'TYPE'=>'radio',
       
'NAME'=>'as',
       
'ID'=>'as_css',
       
'VALUE'=>'css',
       
'LABEL'=>'As <u>C</u>SS',
       
'ACCESSKEY'=>'C'
   
));
   
$form->AddInput(array(
       
'TYPE'=>'textarea',
       
'NAME'=>'filtered',
       
'ID'=>'filtered',
       
'ROWS'=>10,
       
'COLS'=>60,
       
'LABEL'=>'Filtered',
    ));
   
$form->AddInput(array(
       
'TYPE'=>'submit',
       
'NAME'=>'filter',
       
'ID'=>'filter',
       
'VALUE'=>'Filter',
       
'ACCESSKEY'=>'F'
   
));
   
$error = $warnings = '';
   
$form->LoadInputValues($form->WasSubmitted('filter'));
   
$verify=array();
    if(
$form->WasSubmitted('filter'))
    {
        if((
$error_message = $form->Validate($verify)) === '')
        {
           
$filter = new markup_filter_safe_html_class;
           
$filter->track_lines = 1;
           
$filter->safe_proprietary_css_properties = array(
               
'-moz-border-radius'=>array(),
               
'-moz-border-radius-topleft'=>array(),
               
'-moz-border-radius-topright'=>array(),
               
'-moz-border-radius-bottomleft'=>array(),
               
'-moz-border-radius-bottomright'=>array(),
               
'-webkit-border-radius'=>array(),
               
'-webkit-border-top-left-radius'=>array(),
               
'-webkit-border-top-right-radius'=>array(),
               
'-webkit-border-bottom-left-radius'=>array(),
               
'-webkit-border-bottom-right-radius'=>array(),
            );
           
$filter->safe_css_property_functions = array(
               
'alpha'=>array(),
               
'counter'=>array(),
               
'counters'=>array(),
               
'attr'=>array(),
               
'rgb'=>array(),
            );
           
$as_html = $form->GetCheckedState('as_html');
            if(
$as_html)
            {
               
$parameters=array(
                   
'Data'=>$form->GetInputValue('data'),
                   
'OnlyBody'=>$form->GetCheckedState('only_body'),
                   
'DTDCachePath'=>'',
                );
/*
                $start = microtime();
*/
               
if(($success = $filter->StartParsing($parameters)))
                {
                   
$output = '';
                    do
                    {
                        if(!(
$success = $filter->Parse($end, $elements)))
                            break;
                       
$te = count($elements);
                        for(
$e = 0; $e < $te; ++$e)
                        {
                            if(!(
$success = $filter->RewriteElement($elements[$e], $markup)))
                                break;
                           
$output .= $markup;
                        }
                    }
                    while(!
$end);
                    if(
$success)
                       
$success = $filter->FinishParsing();
                   
$done = 1;
                }
/*
                $end = microtime();
*/
           
}
            else
            {
               
$success = $filter->FilterStylesheet($form->GetInputValue('data'), $output);
               
$done = 1;
            }
            if(
$success)
               
$form->SetInputValue('filtered', $output);
            else
            {
               
$error = $filter->error.' at position '.$filter->error_position;
                if(
$filter->track_lines
               
&& ($as_html ? $filter->GetPositionLine($filter->error_position, $line, $column) : $filter->GetStylesheetPositionLine($filter->error_position, $line, $column)))
                   
$error .= ' line '.$line.' column '.$column;
            }
            for(
$warning = 0, Reset($filter->warnings); $warning < count($filter->warnings); Next($filter->warnings), $warning++)
            {
               
$w = Key($filter->warnings);
               
$warnings .= $filter->warnings[$w].' at position '.$w;
                if(
$filter->track_lines
               
&& ($as_html ? $filter->GetPositionLine($w, $line, $column) : $filter->GetStylesheetPositionLine($w, $line, $column)))
                   
$warnings .= ' line '.$line.' column '.$column;
               
$warnings .= "\n";
            }
/*
            echo 'Timer: ', doubleval(strtok($end,' ')) + doubleval(strtok('')) - doubleval(strtok($start,' ')) - doubleval(strtok('')), "\n";
*/
       
}
        else
        {
           
$done = 0;
           
$error_message = HtmlEntities($error_message);
        }
    }
    else
    {
       
$error_message = '';
       
$done = 0;
    }
   
$form->AddInput(array(
       
'ID'=>'layout',
       
'NAME'=>'layout',
       
'TYPE'=>'custom',
       
'CustomClass'=>'form_layout_vertical_class',
       
'Inputs'=>array(
           
'data',
           
'as_html',
           
'only_body',
           
'as_css',
           
'error',
           
'warnings',
           
'filtered',
           
'filter',
        ),
       
'Data'=>array(
           
'error'=>'<tr><td>Error:</td><td class="invalid">'.HtmlSpecialChars($error).'</td></tr>',
           
'warnings'=>'<tr><td>Warnings:</td><td class="invalid">'.nl2br(HtmlSpecialChars($warnings)).'</td></tr>'
       
),
       
'Properties'=>array(
           
'filtered'=>array(
               
'Visible'=>$done,
            ),
           
'error'=>array(
               
'Visible'=>(strlen($error) && $done),
            ),
           
'warnings'=>array(
               
'Visible'=>(strlen($warnings) && $done),
            ),
           
'as_html'=>array(
               
'SwitchedPosition'=>1,
            ),
           
'as_css'=>array(
               
'SwitchedPosition'=>1,
            ),
           
'only_body'=>array(
               
'SwitchedPosition'=>1,
            ),
        ),
       
'InvalidMark'=>'[Verify]',
    ));

    if(!
$done)
    {
        if(
strlen($error_message))
        {
           
Reset($verify);
           
$focus=Key($verify);
        }
        else
           
$focus='data';
       
$form->ConnectFormToInput($focus, 'ONLOAD', 'Focus', array());
    }

   
$onload=HtmlSpecialChars($form->PageLoad());

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test for Secure HTML and CSS parser and filter class</title>
<style type="text/css"><!--
.invalid { border-color: #ff0000; background-color: #ffcccc }
// --></style>
</head>
<body onload="<?php echo $onload; ?>" bgcolor="#cccccc">
<center><h1>Test for Secure HTML and CSS parser and filter class</h1></center>
<div align="center">
<?php
    $form
->StartLayoutCapture();
   
$form->AddInputPart('layout');
   
$form->EndLayoutCapture();
   
$form->DisplayOutput();
?>
</div>
</body>
</html>