HtmlEditorSanitiser

class HtmlEditorSanitiser (View source)

Sanitises an HTMLValue so it's contents are the elements and attributes that are whitelisted using the same configuration as TinyMCE

See www.tinymce.com/wiki.php/configuration:valid_elements for details on the spec of TinyMCE's whitelist configuration

Properties

protected $elements
protected $elementPatterns
protected $globalAttributes

Methods

public
__construct(HtmlEditorConfig $config)

Construct a sanitiser from a given HtmlEditorConfig

protected
string
patternToRegex($str)

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

protected
addValidElements(string $validElements)

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

protected
stdClass
getRuleForElement(string $tag)

Given an element tag, return the rule structure for that element

protected
stdClass
getRuleForAttribute(object $elementRule, string $name)

Given an attribute name, return the rule structure for that attribute

protected
bool
elementMatchesRule(DOMElement $element, stdClass $rule = null)

Given a DOMElement and an element rule, check if that element passes the rule

protected
bool
attributeMatchesRule(DOMAttr $attr, stdClass $rule = null)

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

public
sanitise(SS_HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Details

at line 31
__construct(HtmlEditorConfig $config)

Construct a sanitiser from a given HtmlEditorConfig

Note that we build data structures from the current state of HtmlEditorConfig - later changes to the passed instance won't cause this instance to update it's whitelist

Parameters

HtmlEditorConfig $config

at line 45
protected string patternToRegex($str)

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

Parameters

$str
  • The TinyMCE pattern

Return Value

string
  • The equivalent regex

at line 57
protected addValidElements(string $validElements)

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

Logic based heavily on javascript version from tiny_mce_src.js

Parameters

string $validElements
  • The valid_elements or extended_valid_elements string to add to the whitelist

at line 172
protected stdClass getRuleForElement(string $tag)

Given an element tag, return the rule structure for that element

Parameters

string $tag

The element tag

Return Value

stdClass

The element rule

at line 188
protected stdClass getRuleForAttribute(object $elementRule, string $name)

Given an attribute name, return the rule structure for that attribute

Parameters

object $elementRule
string $name

The attribute name

Return Value

stdClass

The attribute rule

at line 203
protected bool elementMatchesRule(DOMElement $element, stdClass $rule = null)

Given a DOMElement and an element rule, check if that element passes the rule

Parameters

DOMElement $element

The element to check
stdClass $rule

The rule to check against

Return Value

bool

True if the element passes (and so can be kept), false if it fails (and so needs stripping)

at line 234
protected bool attributeMatchesRule(DOMAttr $attr, stdClass $rule = null)

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

Parameters

DOMAttr $attr
  • the attribute to check
stdClass $rule
  • the rule to check against

Return Value

bool
  • true if the attribute passes (and so can be kept), false if it fails (and so needs stripping)

at line 251
sanitise(SS_HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Parameters

SS_HTMLValue $html
  • The HTMLValue to remove any non-whitelisted elements & attributes from