Location: PHPKode > scripts > Secure HTML parser and filter,XSS,CSRF > secure-html-parser-and-filter/secure_html_filter.php
<?php
/*
 * safe_html_filter.php
 *
 * @(#) $Id: secure_html_filter.php,v 1.2 2009/08/21 04:54:47 mlemos Exp $
 *
 */

	require('forms.php');
	require('form_layout_vertical.php');
	require('filecacheclass.php');
	require('css_parser.php');
	require('dtd_parser.php');
	require('markup_parser.php');
	require('markup_filter_validator.php');
	require('markup_filter_safe_html.php');

	$form = new form_class;
	$form->NAME = 'filter_form';
	$form->METHOD = 'POST';
	$form->ACTION = '';
	$form->debug = 'trigger_error';
	$form->ShowAllErrors = 1;
	$form->InvalidCLASS = 'invalid';
	$form->AddInput(array(
		'TYPE'=>'textarea',
		'NAME'=>'html',
		'ID'=>'html',
		'ROWS'=>10,
		'COLS'=>60,
		'ValidateAsNotEmpty'=>1,
		'ValidationErrorMessage'=>
			'It was not specified any HTML to validate.',
		'LABEL'=>'<u>H</u>TML',
		'ACCESSKEY'=>'H'
	));
	$form->AddInput(array(
		'TYPE'=>'checkbox',
		'NAME'=>'only_body',
		'ID'=>'only_body',
		'LABEL'=>'Only <u>b</u>ody',
		'ACCESSKEY'=>'b'
	));
	$form->AddInput(array(
		'TYPE'=>'textarea',
		'NAME'=>'filtered',
		'ID'=>'filtered',
		'ROWS'=>10,
		'COLS'=>60,
		'LABEL'=>'Filtered',
	));
	$form->AddInput(array(
		'TYPE'=>'submit',
		'NAME'=>'filter',
		'ID'=>'filter',
		'VALUE'=>'Filter',
		'ACCESSKEY'=>'F'
	));
	$error = $warnings = '';
	$form->LoadInputValues($form->WasSubmitted('filter'));
	$verify=array();
	if($form->WasSubmitted('filter'))
	{
		if(($error_message = $form->Validate($verify)) === '')
		{
			$filter = new markup_filter_safe_html_class;
			$filter->track_lines = 1;
/*
			$filter->safe_proprietary_css_properties = array(
				'-moz-border-radius'=>array(),
				'-moz-border-radius-topleft'=>array(),
				'-moz-border-radius-topright'=>array(),
				'-moz-border-radius-bottomleft'=>array(),
				'-moz-border-radius-bottomright'=>array(),
				'-webkit-border-radius'=>array(),
				'-webkit-border-top-left-radius'=>array(),
				'-webkit-border-top-right-radius'=>array(),
				'-webkit-border-bottom-left-radius'=>array(),
				'-webkit-border-bottom-right-radius'=>array(),
			);
			$filter->safe_css_property_functions = array(
				'alpha'=>array()
			);
*/
			$parameters=array(
				'Data'=>$form->GetInputValue('html'),
				'OnlyBody'=>$form->GetCheckedState('only_body'),
				'DTDCachePath'=>'',
			);
/*
			$start = microtime();
*/
			if(($success = $filter->StartParsing($parameters)))
			{
				$output = '';
				do
				{
					if(!($success = $filter->Parse($end, $elements)))
						break;
					$te = count($elements);
					for($e = 0; $e < $te; ++$e)
					{
						if(!($success = $filter->RewriteElement($elements[$e], $markup)))
							break;
						$output .= $markup;
					}
				}
				while(!$end);
				if($success)
					$success = $filter->FinishParsing();
				$done = 1;
			}
/*
			$end = microtime();
*/
			if($success)
				$form->SetInputValue('filtered', $output);
			else
			{
				$error = $filter->error.' at position '.$filter->error_position;
				if($filter->track_lines
				&& $filter->GetPositionLine($filter->error_position, $line, $column))
					$error .= ' line '.$line.' column '.$column;
			}
			for($warning = 0, Reset($filter->warnings); $warning < count($filter->warnings); Next($filter->warnings), $warning++)
			{
				$w = Key($filter->warnings);
				$warnings .= $filter->warnings[$w].' at position '.$w;
				if($filter->track_lines
				&& $filter->GetPositionLine($w, $line, $column))
					$warnings .= ' line '.$line.' column '.$column;
				$warnings .= "\n";
			}
/*
			echo 'Timer: ', doubleval(strtok($end,' ')) + doubleval(strtok('')) - doubleval(strtok($start,' ')) - doubleval(strtok('')), "\n";
*/
		}
		else
		{
			$done = 0;
			$error_message = HtmlEntities($error_message);
		}
	}
	else
	{
		$error_message = '';
		$done = 0;
	}
	$form->AddInput(array(
		'ID'=>'layout',
		'NAME'=>'layout',
		'TYPE'=>'custom',
		'CustomClass'=>'form_layout_vertical_class',
		'Inputs'=>array(
			'html',
			'only_body',
			'error',
			'warnings',
			'filtered',
			'filter',
		),
		'Data'=>array(
			'error'=>'<tr><td>Error:</td><td class="invalid">'.HtmlSpecialChars($error).'</td></tr>',
			'warnings'=>'<tr><td>Warnings:</td><td class="invalid">'.nl2br(HtmlSpecialChars($warnings)).'</td></tr>'
		),
		'Properties'=>array(
			'filtered'=>array(
				'Visible'=>$done,
			),
			'error'=>array(
				'Visible'=>(strlen($error) && $done),
			),
			'warnings'=>array(
				'Visible'=>(strlen($warnings) && $done),
			),
			'only_body'=>array(
				'SwitchedPosition'=>1,
			),
		),
		'InvalidMark'=>'[Verify]',
	));

	if(!$done)
	{
		if(strlen($error_message))
		{
			Reset($verify);
			$focus=Key($verify);
		}
		else
			$focus='html';
		$form->ConnectFormToInput($focus, 'ONLOAD', 'Focus', array());
	}

	$onload=HtmlSpecialChars($form->PageLoad());

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test for Secure HTML parser and filter class</title>
<style type="text/css"><!--
.invalid { border-color: #ff0000; background-color: #ffcccc }
// --></style>
</head>
<body onload="<?php	echo $onload; ?>" bgcolor="#cccccc">
<center><h1>Test for Secure HTML parser and filter class</h1></center>
<div align="center">
<?php
	$form->StartLayoutCapture();
	$form->AddInputPart('layout');
	$form->EndLayoutCapture();
	$form->DisplayOutput();
?>
</div>
</body>
</html>
Return current item: Secure HTML parser and filter,XSS,CSRF