1. class
  2. SilverStripe
  3. \
  4. Forms
  5. \
  6. HTMLEditor
  7. \
  8. HTMLEditorSanitiser

HTMLEditorSanitiser

class HTMLEditorSanitiser (View source)

Sanitises an HTMLValue so it's contents are the elements and attributes that are whitelisted using the same configuration as TinyMCE

See www.tinymce.com/wiki.php/configuration:valid_elements for details on the spec of TinyMCE's whitelist configuration

Traits

Configurable

Provides extensions to this object to integrate it with standard config API methods.

Injectable

A class that can be instantiated or replaced via DI

Config options

Properties

protected deprecated stdClass $elements
protected deprecated stdClass $elementPatterns
protected deprecated stdClass $globalAttributes

Methods

public static 
Config_ForClass
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

from  Configurable
public
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

from  Configurable
public static 
Injectable
create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

from  Injectable
public static 
Injectable
singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

from  Injectable
public
__construct(HTMLEditorConfig $config)

Construct a sanitiser from a given HTMLEditorConfig

protected
string
patternToRegex($str) deprecated

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

protected
addValidElements(string $validElements) deprecated

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

protected
stdClass
getRuleForElement(string $tag) deprecated

Given an element tag, return the rule structure for that element

protected
stdClass
getRuleForAttribute(object $elementRule, string $name) deprecated

Given an attribute name, return the rule structure for that attribute

protected
bool
elementMatchesRule(DOMElement $element, stdClass $rule = null) deprecated

Given a DOMElement and an element rule, check if that element passes the rule

protected
bool
attributeMatchesRule(DOMAttr $attr, stdClass $rule = null) deprecated

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

public
sanitise(HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Details

in Configurable at line 18
static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

in Configurable at line 29
mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

in Injectable at line 26
static Injectable create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();

Parameters

mixed ...$args

Return Value

Injectable

in Injectable at line 43
static Injectable singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Parameters

string $class

Optional classname to create, if the called class should not be used

Return Value

Injectable

The singleton instance

at line 64
__construct(HTMLEditorConfig $config)

Construct a sanitiser from a given HTMLEditorConfig

Note that we build data structures from the current state of HTMLEditorConfig - later changes to the passed instance won't cause this instance to update it's whitelist

Parameters

HTMLEditorConfig $config

at line 84
protected string patternToRegex($str) deprecated

deprecated 5.4.0 Will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet::patternToRegex() in a future major release

Given a TinyMCE pattern (close to unix glob style), create a regex that does the match

Parameters

$str
  • The TinyMCE pattern

Return Value

string
  • The equivalent regex

at line 102
protected addValidElements(string $validElements) deprecated

deprecated 5.4.0 Will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet in a future major release

Given a valid_elements string, parse out the actual element and attribute rules and add to the internal whitelist

Logic based heavily on javascript version from tiny_mce_src.js

Parameters

string $validElements
  • The valid_elements or extended_valid_elements string to add to the whitelist

at line 212
protected stdClass getRuleForElement(string $tag) deprecated

deprecated 5.4.0 Will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet::getRuleForElement() in a future major release

Given an element tag, return the rule structure for that element

Parameters

string $tag

The element tag

Return Value

stdClass

The element rule

at line 237
protected stdClass getRuleForAttribute(object $elementRule, string $name) deprecated

deprecated 5.4.0 Will be replaced with logic in SilverStripe\Forms\HTMLEditor\HTMLEditorElementRule in a future major release

Given an attribute name, return the rule structure for that attribute

Parameters

object $elementRule
string $name

The attribute name

Return Value

stdClass

The attribute rule

at line 261
protected bool elementMatchesRule(DOMElement $element, stdClass $rule = null) deprecated

deprecated 5.4.0 Will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet::isElementAllowed() in a future major release

Given a DOMElement and an element rule, check if that element passes the rule

Parameters

DOMElement $element

The element to check
stdClass $rule

The rule to check against

Return Value

bool

True if the element passes (and so can be kept), false if it fails (and so needs stripping)

at line 304
protected bool attributeMatchesRule(DOMAttr $attr, stdClass $rule = null) deprecated

deprecated 5.4.0 Will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorElementRule::isAttributeAllowed() in a future major release

Given a DOMAttr and an attribute rule, check if that attribute passes the rule

Parameters

DOMAttr $attr
  • the attribute to check
stdClass $rule
  • the rule to check against

Return Value

bool
  • true if the attribute passes (and so can be kept), false if it fails (and so needs stripping)

at line 330
sanitise(HTMLValue $html)

Given an SS_HTMLValue instance, will remove and elements and attributes that are not explicitly included in the whitelist passed to __construct on instance creation

Parameters

HTMLValue $html
  • The HTMLValue to remove any non-whitelisted elements & attributes from