81ea0f8117
HTMLPurifier defangs arbitrary submitted HTML. We're using it in the OStatus plugin, but it may be valuable for other parts of the codebase (I think OEmbed might benefit, for example).
31 lines
955 B
PHP
31 lines
955 B
PHP
<?php
|
|
|
|
/**
|
|
* @file
|
|
* Emulation layer for code that used kses(), substituting in HTML Purifier.
|
|
*/
|
|
|
|
require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
|
|
|
|
function kses($string, $allowed_html, $allowed_protocols = null) {
|
|
$config = HTMLPurifier_Config::createDefault();
|
|
$allowed_elements = array();
|
|
$allowed_attributes = array();
|
|
foreach ($allowed_html as $element => $attributes) {
|
|
$allowed_elements[$element] = true;
|
|
foreach ($attributes as $attribute => $x) {
|
|
$allowed_attributes["$element.$attribute"] = true;
|
|
}
|
|
}
|
|
$config->set('HTML.AllowedElements', $allowed_elements);
|
|
$config->set('HTML.AllowedAttributes', $allowed_attributes);
|
|
$allowed_schemes = array();
|
|
if ($allowed_protocols !== null) {
|
|
$config->set('URI.AllowedSchemes', $allowed_protocols);
|
|
}
|
|
$purifier = new HTMLPurifier($config);
|
|
return $purifier->purify($string);
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|