0 follower

CHtmlPurifier

Package system.web.widgets
Inheritance class CHtmlPurifier » COutputProcessor » CFilterWidget » CWidget » CBaseController » CComponent
Implements IFilter
Since 1.0
Version $Id$
Source Code framework/web/widgets/CHtmlPurifier.php
CHtmlPurifier is wrapper of HTML Purifier.

CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.

CHtmlPurifier can be used as either a widget or a controller filter.

Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
actionPrefix string the prefix to the IDs of the actions. CWidget
controller CController the controller that this widget belongs to. CWidget
id string id of the widget. CWidget
isFilter boolean whether this widget is used as a filter. CFilterWidget
options mixed the options to be passed to {@link https://htmlpurifier. CHtmlPurifier
owner CBaseController owner/creator of this widget. CWidget
stopAction boolean whether to stop the action execution when this widget is used as a filter. CFilterWidget
viewPath string Returns the directory containing the view files for this widget. CWidget

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. CComponent
__construct() Constructor. CFilterWidget
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
actions() Returns a list of actions that are used by this widget. CWidget
asa() Returns the named behavior object. CComponent
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
beginCache() Begins fragment caching. CBaseController
beginClip() Begins recording a clip. CBaseController
beginContent() Begins the rendering of content that is to be decorated by the specified view. CBaseController
beginWidget() Creates a widget and executes it. CBaseController
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
createWidget() Creates a widget and initializes it. CBaseController
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
endCache() Ends fragment caching. CBaseController
endClip() Ends recording a clip. CBaseController
endContent() Ends the rendering of content. CBaseController
endWidget() Ends the execution of the named widget. CBaseController
filter() Performs the filtering. CFilterWidget
getController() Returns the controller that this widget belongs to. CWidget
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
getId() Returns id of the widget. CWidget
getIsFilter() Checks whether this widget is used as a filter. CFilterWidget
getOwner() Returns owner/creator of this widget. It could be either a widget or a controller. CWidget
getViewFile() Looks for the view script file according to the view name. CWidget
getViewPath() Returns the directory containing the view files for this widget. CWidget
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasProperty() Determines whether a property is defined. CComponent
init() Initializes the widget. COutputProcessor
onProcessOutput() Raised when the output has been captured. COutputProcessor
processOutput() Processes the captured output. CHtmlPurifier
purify() Purifies the HTML content by removing malicious code. CHtmlPurifier
raiseEvent() Raises an event. CComponent
render() Renders a view. CWidget
renderFile() Renders a view file. CBaseController
renderInternal() Renders a view file. CBaseController
run() Executes the widget. COutputProcessor
setId() Sets id of the widget. CWidget
widget() Creates a widget and executes it. CBaseController

Events

Hide inherited events

EventDescriptionDefined By
onProcessOutput Raised when the output has been captured. COutputProcessor

Property Details

options property
public mixed $options;

the options to be passed to HTML Purifier. This can be a HTMLPurifier_Config object, an array of directives (Namespace.Directive => Value) or the filename of an ini file.

Method Details

processOutput() method
public void processOutput(string $output)
$output string the captured output to be processed
Source Code: framework/web/widgets/CHtmlPurifier.php#47 (show)
public function processOutput($output)
{
    
$output=$this->purify($output);
    
parent::processOutput($output);
}

Processes the captured output. This method purifies the output using HTML Purifier.

purify() method
public string purify(string $content)
$content string the content to be purified.
{return} string the purified content
Source Code: framework/web/widgets/CHtmlPurifier.php#58 (show)
public function purify($content)
{
    
$purifier=new HTMLPurifier($this->options);
    
$purifier->config->set('Cache','SerializerPath',Yii::app()->getRuntimePath());
    return 
$purifier->purify($content);
}

Purifies the HTML content by removing malicious code.