CHtmlPurifier
| 包 | system.web.widgets |
|---|---|
| 继承 | class CHtmlPurifier » COutputProcessor » CFilterWidget » CWidget » CBaseController » CComponent |
| 实现 | IFilter |
| 可用自 | 1.0 |
| 源码 | framework/web/widgets/CHtmlPurifier.php |
CHtmlPurifier is wrapper of HTML Purifier.
CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.
CHtmlPurifier can be used as either a widget or a controller filter.
Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.
Usage as a class:
Usage as validation rule:
CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.
CHtmlPurifier can be used as either a widget or a controller filter.
Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.
Usage as a class:
$p = new CHtmlPurifier();
$p->options = array('URI.AllowedSchemes'=>array(
'http' => true,
'https' => true,
));
$text = $p->purify($text);
Usage as validation rule:
array('text','filter','filter'=>array($obj=new CHtmlPurifier(),'purify')),
公共属性
| 属性 | 类型 | 描述 | 被定义在 |
|---|---|---|---|
| actionPrefix | string | the prefix to the IDs of the actions. | CWidget |
| controller | CController | Returns the controller that this widget belongs to. | CWidget |
| id | string | Returns the ID of the widget or generates a new one if requested. | CWidget |
| isFilter | boolean | whether this widget is used as a filter. | CFilterWidget |
| options | mixed | Get the options for the HTML Purifier instance. | CHtmlPurifier |
| owner | CBaseController | Returns the owner/creator of this widget. | CWidget |
| skin | mixed | the name of the skin to be used by this widget. | CWidget |
| stopAction | boolean | whether to stop the action execution when this widget is used as a filter. | CFilterWidget |
| viewPath | string | Returns the directory containing the view files for this widget. | CWidget |
受保护的属性
| 属性 | 类型 | 描述 | 被定义在 |
|---|---|---|---|
| purifier | HTMLPurifier | Get the HTML Purifier instance or create a new one if it doesn't exist. | CHtmlPurifier |
公共方法
| 方法 | 描述 | 被定义在 |
|---|---|---|
| __call() | Calls the named method which is not a class method. | CComponent |
| __construct() | Constructor. | CFilterWidget |
| __get() | Returns a property value, an event handler list or a behavior based on its name. | CComponent |
| __isset() | Checks if a property value is null. | CComponent |
| __set() | Sets value of a component property. | CComponent |
| __unset() | Sets a component property to be null. | CComponent |
| actions() | Returns a list of actions that are used by this widget. | CWidget |
| asa() | Returns the named behavior object. | CComponent |
| attachBehavior() | Attaches a behavior to this component. | CComponent |
| attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
| attachEventHandler() | Attaches an event handler to an event. | CComponent |
| beginCache() | Begins fragment caching. | CBaseController |
| beginClip() | Begins recording a clip. | CBaseController |
| beginContent() | Begins the rendering of content that is to be decorated by the specified view. | CBaseController |
| beginWidget() | Creates a widget and executes it. | CBaseController |
| canGetProperty() | Determines whether a property can be read. | CComponent |
| canSetProperty() | Determines whether a property can be set. | CComponent |
| createWidget() | Creates a widget and initializes it. | CBaseController |
| detachBehavior() | Detaches a behavior from the component. | CComponent |
| detachBehaviors() | Detaches all behaviors from the component. | CComponent |
| detachEventHandler() | Detaches an existing event handler. | CComponent |
| disableBehavior() | Disables an attached behavior. | CComponent |
| disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
| enableBehavior() | Enables an attached behavior. | CComponent |
| enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
| endCache() | Ends fragment caching. | CBaseController |
| endClip() | Ends recording a clip. | CBaseController |
| endContent() | Ends the rendering of content. | CBaseController |
| endWidget() | Ends the execution of the named widget. | CBaseController |
| evaluateExpression() | Evaluates a PHP expression or callback under the context of this component. | CComponent |
| filter() | Performs the filtering. | CFilterWidget |
| getController() | Returns the controller that this widget belongs to. | CWidget |
| getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
| getId() | Returns the ID of the widget or generates a new one if requested. | CWidget |
| getIsFilter() | Checks whether this widget is used as a filter. | CFilterWidget |
| getOptions() | Get the options for the HTML Purifier instance. | CHtmlPurifier |
| getOwner() | Returns the owner/creator of this widget. | CWidget |
| getViewFile() | Looks for the view script file according to the view name. | CWidget |
| getViewPath() | Returns the directory containing the view files for this widget. | CWidget |
| hasEvent() | Determines whether an event is defined. | CComponent |
| hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
| hasProperty() | Determines whether a property is defined. | CComponent |
| init() | Initializes the widget. | COutputProcessor |
| onProcessOutput() | Raised when the output has been captured. | COutputProcessor |
| processOutput() | Processes the captured output. | CHtmlPurifier |
| purify() | Purifies the HTML content by removing malicious code. | CHtmlPurifier |
| raiseEvent() | Raises an event. | CComponent |
| render() | Renders a view. | CWidget |
| renderFile() | Renders a view file. | CBaseController |
| renderInternal() | Renders a view file. | CBaseController |
| run() | Executes the widget. | COutputProcessor |
| setId() | Sets the ID of the widget. | CWidget |
| setOptions() | Set the options for HTML Purifier and create a new HTML Purifier instance based on these options. | CHtmlPurifier |
| widget() | Creates a widget and executes it. | CBaseController |
受保护的方法
| 方法 | 描述 | 被定义在 |
|---|---|---|
| createNewHtmlPurifierInstance() | Create a new HTML Purifier instance. | CHtmlPurifier |
| getPurifier() | Get the HTML Purifier instance or create a new one if it doesn't exist. | CHtmlPurifier |
属性详情
options
属性
Get the options for the HTML Purifier instance.
purifier
属性
只读
protected HTMLPurifier getPurifier()
Get the HTML Purifier instance or create a new one if it doesn't exist.
方法详情
createNewHtmlPurifierInstance()
方法
|
protected HTMLPurifier createNewHtmlPurifierInstance()
| ||
| {return} | HTMLPurifier | |
源码: framework/web/widgets/CHtmlPurifier.php#124 (显示)
protected function createNewHtmlPurifierInstance()
{
$this->_purifier=new HTMLPurifier($this->getOptions());
$this->_purifier->config->set('Cache.SerializerPath',Yii::app()->getRuntimePath());
return $this->_purifier;
}
Create a new HTML Purifier instance.
getOptions()
方法
|
public mixed getOptions()
| ||
| {return} | mixed | the HTML Purifier instance options |
源码: framework/web/widgets/CHtmlPurifier.php#104 (显示)
public function getOptions()
{
return $this->_options;
}
Get the options for the HTML Purifier instance.
getPurifier()
方法
|
protected HTMLPurifier getPurifier()
| ||
| {return} | HTMLPurifier | |
源码: framework/web/widgets/CHtmlPurifier.php#113 (显示)
protected function getPurifier()
{
if($this->_purifier!==null)
return $this->_purifier;
return $this->createNewHtmlPurifierInstance();
}
Get the HTML Purifier instance or create a new one if it doesn't exist.
processOutput()
方法
|
public void processOutput(string $output)
| ||
| $output | string | the captured output to be processed |
源码: framework/web/widgets/CHtmlPurifier.php#68 (显示)
public function processOutput($output)
{
$output=$this->purify($output);
parent::processOutput($output);
}
Processes the captured output. This method purifies the output using HTML Purifier.
purify()
方法
|
public mixed purify(mixed $content)
| ||
| $content | mixed | the content to be purified. |
| {return} | mixed | the purified content |
源码: framework/web/widgets/CHtmlPurifier.php#79 (显示)
public function purify($content)
{
if(is_array($content))
$content=array_map(array($this,'purify'),$content);
else
$content=$this->getPurifier()->purify($content);
return $content;
}
Purifies the HTML content by removing malicious code.
setOptions()
方法
|
public static setOptions(mixed $options)
| ||
| $options | mixed | the options for HTML Purifier |
| {return} | static | the object instance itself |
源码: framework/web/widgets/CHtmlPurifier.php#93 (显示)
public function setOptions($options)
{
$this->_options=$options;
$this->createNewHtmlPurifierInstance();
return $this;
}
Set the options for HTML Purifier and create a new HTML Purifier instance based on these options.