CHtmlPurifier
| 包 | system.web.widgets |
|---|---|
| 继承 | class CHtmlPurifier » COutputProcessor » CFilterWidget » CWidget » CBaseController » CComponent |
| 实现 | IFilter |
| 可用自 | 1.0 |
| 版本 | $Id$ |
CHtmlPurifier is wrapper of HTML Purifier.
CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.
CHtmlPurifier can be used as either a widget or a controller filter.
Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.
CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.
CHtmlPurifier can be used as either a widget or a controller filter.
Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.
公共属性
| 属性 | 类型 | 描述 | 被定义在 |
|---|---|---|---|
| actionPrefix | string | the prefix to the IDs of the actions. | CWidget |
| controller | CController | the controller that this widget belongs to. | CWidget |
| id | string | id of the widget. | CWidget |
| isFilter | boolean | whether this widget is used as a filter. | CFilterWidget |
| options | mixed | the options to be passed to {@link http://htmlpurifier. | CHtmlPurifier |
| owner | CBaseController | owner/creator of this widget. | CWidget |
| stopAction | boolean | whether to stop the action execution when this widget is used as a filter. | CFilterWidget |
| viewPath | string | Returns the directory containing the view files for this widget. | CWidget |
公共方法
| 方法 | 描述 | 被定义在 |
|---|---|---|
| __call() | Calls the named method which is not a class method. | CComponent |
| __construct() | Constructor. | CFilterWidget |
| __get() | Returns a property value, an event handler list or a behavior based on its name. | CComponent |
| __isset() | Checks if a property value is null. | CComponent |
| __set() | Sets value of a component property. | CComponent |
| __unset() | Sets a component property to be null. | CComponent |
| actions() | Returns a list of actions that are used by this widget. | CWidget |
| asa() | Returns the named behavior object. | CComponent |
| attachBehavior() | Attaches a behavior to this component. | CComponent |
| attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
| attachEventHandler() | Attaches an event handler to an event. | CComponent |
| beginCache() | Begins fragment caching. | CBaseController |
| beginClip() | Begins recording a clip. | CBaseController |
| beginContent() | Begins the rendering of content that is to be decorated by the specified view. | CBaseController |
| beginWidget() | Creates a widget and executes it. | CBaseController |
| canGetProperty() | Determines whether a property can be read. | CComponent |
| canSetProperty() | Determines whether a property can be set. | CComponent |
| createWidget() | Creates a widget and initializes it. | CBaseController |
| detachBehavior() | Detaches a behavior from the component. | CComponent |
| detachBehaviors() | Detaches all behaviors from the component. | CComponent |
| detachEventHandler() | Detaches an existing event handler. | CComponent |
| disableBehavior() | Disables an attached behavior. | CComponent |
| disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
| enableBehavior() | Enables an attached behavior. | CComponent |
| enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
| endCache() | Ends fragment caching. | CBaseController |
| endClip() | Ends recording a clip. | CBaseController |
| endContent() | Ends the rendering of content. | CBaseController |
| endWidget() | Ends the execution of the named widget. | CBaseController |
| filter() | Performs the filtering. | CFilterWidget |
| getController() | CWidget | |
| getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
| getId() | CWidget | |
| getIsFilter() | CFilterWidget | |
| getOwner() | CWidget | |
| getViewFile() | Looks for the view script file according to the view name. | CWidget |
| getViewPath() | Returns the directory containing the view files for this widget. | CWidget |
| hasEvent() | Determines whether an event is defined. | CComponent |
| hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
| hasProperty() | Determines whether a property is defined. | CComponent |
| init() | Initializes the widget. | COutputProcessor |
| onProcessOutput() | Raised when the output has been captured. | COutputProcessor |
| processOutput() | Processes the captured output. | CHtmlPurifier |
| purify() | Purifies the HTML content by removing malicious code. | CHtmlPurifier |
| raiseEvent() | Raises an event. | CComponent |
| render() | Renders a view. | CWidget |
| renderFile() | Renders a view file. | CBaseController |
| renderInternal() | Renders a view file. | CBaseController |
| run() | Executes the widget. | COutputProcessor |
| setId() | CWidget | |
| widget() | Creates a widget and executes it. | CBaseController |
属性详情
options
属性
public mixed $options;
the options to be passed to HTML Purifier. This can be a HTMLPurifier_Config object, an array of directives (Namespace.Directive => Value) or the filename of an ini file.
方法详情
processOutput()
方法
|
public void processOutput(string $output)
| ||
| $output | string | the captured output to be processed |
Processes the captured output. This method purifies the output using HTML Purifier.
purify()
方法
|
public string purify(string $content)
| ||
| $content | string | the content to be purified. |
| {return} | string | the purified content |
Purifies the HTML content by removing malicious code.