[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 Filter.ExtractStyleBlocks 2 TYPE: bool 3 VERSION: 3.1.0 4 DEFAULT: false 5 EXTERNAL: CSSTidy 6 --DESCRIPTION-- 7 <p> 8 This directive turns on the style block extraction filter, which removes 9 <code>style</code> blocks from input HTML, cleans them up with CSSTidy, 10 and places them in the <code>StyleBlocks</code> context variable, for further 11 use by you, usually to be placed in an external stylesheet, or a 12 <code>style</code> block in the <code>head</code> of your document. 13 </p> 14 <p> 15 Sample usage: 16 </p> 17 <pre><![CDATA[ 18 <?php 19 header('Content-type: text/html; charset=utf-8'); 20 echo '<?xml version="1.0" encoding="UTF-8"?>'; 21 ?> 22 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 23 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 24 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> 25 <head> 26 <title>Filter.ExtractStyleBlocks</title> 27 <?php 28 require_once '/path/to/library/HTMLPurifier.auto.php'; 29 require_once '/path/to/csstidy.class.php'; 30 31 $dirty = '<style>body {color:#F00;}</style> Some text'; 32 33 $config = HTMLPurifier_Config::createDefault(); 34 $config->set('Filter', 'ExtractStyleBlocks', true); 35 $purifier = new HTMLPurifier($config); 36 37 $html = $purifier->purify($dirty); 38 39 // This implementation writes the stylesheets to the styles/ directory. 40 // You can also echo the styles inside the document, but it's a bit 41 // more difficult to make sure they get interpreted properly by 42 // browsers; try the usual CSS armoring techniques. 43 $styles = $purifier->context->get('StyleBlocks'); 44 $dir = 'styles/'; 45 if (!is_dir($dir)) mkdir($dir); 46 $hash = sha1($_GET['html']); 47 foreach ($styles as $i => $style) { 48 file_put_contents($name = $dir . $hash . "_$i"); 49 echo '<link rel="stylesheet" type="text/css" href="'.$name.'" />'; 50 } 51 ?> 52 </head> 53 <body> 54 <div> 55 <?php echo $html; ?> 56 </div> 57 </b]]><![CDATA[ody> 58 </html> 59 ]]></pre> 60 <p> 61 <strong>Warning:</strong> It is possible for a user to mount an 62 imagecrash attack using this CSS. Counter-measures are difficult; 63 it is not simply enough to limit the range of CSS lengths (using 64 relative lengths with many nesting levels allows for large values 65 to be attained without actually specifying them in the stylesheet), 66 and the flexible nature of selectors makes it difficult to selectively 67 disable lengths on image tags (HTML Purifier, however, does disable 68 CSS width and height in inline styling). There are probably two effective 69 counter measures: an explicit width and height set to auto in all 70 images in your document (unlikely) or the disabling of width and 71 height (somewhat reasonable). Whether or not these measures should be 72 used is left to the reader. 73 </p> 74 --# vim: et sw=4 sts=4
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |