class HTMLEditorSanitiser (View source)

Sanitises an HTMLValue so it's contents are the elements and attributes that are whitelisted using the same configuration as TinyMCE

See www.tinymce.com/wiki.php/configuration:valid_elements for details on the spec of TinyMCE's whitelist configuration

Traits

Provides extensions to this object to integrate it with standard config API methods.

A class that can be instantiated or replaced via DI

Config options

Properties

protected stdClass $elements
protected stdClass $elementPatterns
protected stdClass $globalAttributes

Methods

public static 
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

public
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

public static 
create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

public static 
singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

public
__construct(HTMLEditorConfig $config)

Construct a sanitiser from a given HTMLEditorConfig

protected
string
patternToRegex($str)

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

protected
addValidElements(string $validElements)

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

protected
getRuleForElement(string $tag)

Given an element tag, return the rule structure for that element

protected
getRuleForAttribute(object $elementRule, string $name)

Given an attribute name, return the rule structure for that attribute

protected
bool
elementMatchesRule(DOMElement $element, stdClass $rule = null)

Given a DOMElement and an element rule, check if that element passes the rule

protected
bool
attributeMatchesRule(DOMAttr $attr, stdClass $rule = null)

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

public
sanitise(HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Details

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

static Injectable create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();

Parameters

mixed ...$args

Return Value

Injectable

static Injectable singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Parameters

string $class

Optional classname to create, if the called class should not be used

Return Value

Injectable

The singleton instance

__construct(HTMLEditorConfig $config)

Construct a sanitiser from a given HTMLEditorConfig

Note that we build data structures from the current state of HTMLEditorConfig - later changes to the passed instance won't cause this instance to update it's whitelist

Parameters

HTMLEditorConfig $config

protected string patternToRegex($str)

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

Parameters

$str
  • The TinyMCE pattern

Return Value

string
  • The equivalent regex

protected addValidElements(string $validElements)

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

Logic based heavily on javascript version from tiny_mce_src.js

Parameters

string $validElements
  • The valid_elements or extended_valid_elements string to add to the whitelist

protected stdClass getRuleForElement(string $tag)

Given an element tag, return the rule structure for that element

Parameters

string $tag

The element tag

Return Value

stdClass

The element rule

protected stdClass getRuleForAttribute(object $elementRule, string $name)

Given an attribute name, return the rule structure for that attribute

Parameters

object $elementRule
string $name

The attribute name

Return Value

stdClass

The attribute rule

protected bool elementMatchesRule(DOMElement $element, stdClass $rule = null)

Given a DOMElement and an element rule, check if that element passes the rule

Parameters

DOMElement $element

The element to check

stdClass $rule

The rule to check against

Return Value

bool

True if the element passes (and so can be kept), false if it fails (and so needs stripping)

protected bool attributeMatchesRule(DOMAttr $attr, stdClass $rule = null)

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

Parameters

DOMAttr $attr
  • the attribute to check
stdClass $rule
  • the rule to check against

Return Value

bool
  • true if the attribute passes (and so can be kept), false if it fails (and so needs stripping)

sanitise(HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Parameters

HTMLValue $html
  • The HTMLValue to remove any non-whitelisted elements & attributes from