<?php
############### COPYLEFT GPLv3 LICENSE ###############
##
## Example.php
## Tag Filter - strip html tags and attributes by blacklist and whitelist
##
## Copyright 2009 GPLv3 - http://www.opensource.org/licenses/gpl-3.0.html
##
## Anthony Gallon
## [email protected]
##
## Permission is hereby granted to any person having a copy of this software
## to freely use and modify as required so long as the copyright notices
## and branding remain intact.
##
############### COPYLEFT GPLv3 LICENSE ###############
$dirname = str_replace(DIRECTORY_SEPARATOR, '/', dirname(__FILE__));
require_once($dirname.'/classes/PHPQuery/phpQuery.php');
require_once($dirname.'/classes/Antz/TagFilter.php');
$FILTER = new Antz_TagFilter;
$allowTags = array('p', 'a', 'img', 'script');
$denyTags = array('style');
$allowAtts = array('class', 'href', 'src', 'name');
$denyAtts = array('onmouseover');
$explicitDenyAtts = array(
array('script' => 'src', 'iframe' => 'src')
);
$explicitAllowAtts = array();
$FILTER->setTagnameWhitelist($allowTags);
$FILTER->setAttributeWhitelist($allowAtts);
$FILTER->setTagnameBlacklist($denyTags);
$FILTER->setAttributeBlacklist($denyAtts);
$FILTER->setExplicitWhitelist($explicitAllowAtts);
$FILTER->setExplicitBlacklist($explicitDenyAtts);
$code = <<<CODE
Some text to start...
<script type="text/javascript" src="malicious.example.com" />
<style type="text/css">
body{
background-color: red;
border: solid green 3px;
}
</style>
<div>
<iframe src="malicious.example.com" style="width: 0; height: 0; position: absolute; left: -1px; top: -1px;" />
</div>
<img src="malicious.example.com" />
<p class="bold yellow" name="restricted">This is some content in a paragraph</p>
<p><a href="hello.txt" onmouseover="javascript:$.getJSON(malicious.example.com)">Click here!</a></p>
And text to end :)
CODE;
echo '<h2>Original code</h2><pre>'.htmlentities($code).'</pre><hr />';
$code = $FILTER->process($code);
echo '<h2>Filtered code</h2><pre>'.htmlentities($code).'</pre><hr />';
|
Download
