81ea0f8117
HTMLPurifier defangs arbitrary submitted HTML. We're using it in the OStatus plugin, but it may be valuable for other parts of the codebase (I think OEmbed might benefit, for example).
35 lines
972 B
PHP
35 lines
972 B
PHP
<?php
|
|
|
|
/**
|
|
* Decorator that, depending on a token, switches between two definitions.
|
|
*/
|
|
class HTMLPurifier_AttrDef_Switch
|
|
{
|
|
|
|
protected $tag;
|
|
protected $withTag, $withoutTag;
|
|
|
|
/**
|
|
* @param string $tag Tag name to switch upon
|
|
* @param HTMLPurifier_AttrDef $with_tag Call if token matches tag
|
|
* @param HTMLPurifier_AttrDef $without_tag Call if token doesn't match, or there is no token
|
|
*/
|
|
public function __construct($tag, $with_tag, $without_tag) {
|
|
$this->tag = $tag;
|
|
$this->withTag = $with_tag;
|
|
$this->withoutTag = $without_tag;
|
|
}
|
|
|
|
public function validate($string, $config, $context) {
|
|
$token = $context->get('CurrentToken', true);
|
|
if (!$token || $token->name !== $this->tag) {
|
|
return $this->withoutTag->validate($string, $config, $context);
|
|
} else {
|
|
return $this->withTag->validate($string, $config, $context);
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|