class HtmlEditorSanitiser (View source)

Sanitises an HTMLValue so it's contents are the elements and attributes that are whitelisted using the same configuration as TinyMCE

See www.tinymce.com/wiki.php/configuration:valid_elements for details on the spec of TinyMCE's whitelist configuration

Properties

protected $elements
protected $elementPatterns
protected $globalAttributes

Methods

public
__construct(HtmlEditorConfig $config)

Construct a sanitiser from a given HtmlEditorConfig

protected
string
patternToRegex($str)

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

protected
addValidElements(string $validElements)

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

protected
getRuleForElement(string $tag)

Given an element tag, return the rule structure for that element

protected
getRuleForAttribute(object $elementRule, string $name)

Given an attribute name, return the rule structure for that attribute

protected
bool
elementMatchesRule(DOMElement $element, stdClass $rule = null)

Given a DOMElement and an element rule, check if that element passes the rule

protected
bool
attributeMatchesRule(DOMAttr $attr, stdClass $rule = null)

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

public
sanitise(SS_HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Details

__construct(HtmlEditorConfig $config)

Construct a sanitiser from a given HtmlEditorConfig

Note that we build data structures from the current state of HtmlEditorConfig - later changes to the passed instance won't cause this instance to update it's whitelist

Parameters

HtmlEditorConfig $config

protected string patternToRegex($str)

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

Parameters

$str
  • The TinyMCE pattern

Return Value

string
  • The equivalent regex

protected addValidElements(string $validElements)

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

Logic based heavily on javascript version from tiny_mce_src.js

Parameters

string $validElements
  • The valid_elements or extended_valid_elements string to add to the whitelist

protected stdClass getRuleForElement(string $tag)

Given an element tag, return the rule structure for that element

Parameters

string $tag

The element tag

Return Value

stdClass

The element rule

protected stdClass getRuleForAttribute(object $elementRule, string $name)

Given an attribute name, return the rule structure for that attribute

Parameters

object $elementRule
string $name

The attribute name

Return Value

stdClass

The attribute rule

protected bool elementMatchesRule(DOMElement $element, stdClass $rule = null)

Given a DOMElement and an element rule, check if that element passes the rule

Parameters

DOMElement $element

The element to check

stdClass $rule

The rule to check against

Return Value

bool

True if the element passes (and so can be kept), false if it fails (and so needs stripping)

protected bool attributeMatchesRule(DOMAttr $attr, stdClass $rule = null)

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

Parameters

DOMAttr $attr
  • the attribute to check
stdClass $rule
  • the rule to check against

Return Value

bool
  • true if the attribute passes (and so can be kept), false if it fails (and so needs stripping)

sanitise(SS_HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Parameters

SS_HTMLValue $html
  • The HTMLValue to remove any non-whitelisted elements & attributes from