constructor kses4 [line 99]
Constructor for kses.
This sets a default collection of protocols allowed in links, and creates an empty set of allowed HTML tags.
Tags:
method AddHTML [line 332]
bool AddHTML(
[string
$tag = ""], [array
$attribs = array()])
|
|
Adds valid (X)HTML with corresponding attributes that will be kept when stripping 'evil scripts'.
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
Tags:
Parameters:
method AddProtocol [line 213]
bool AddProtocol(
[string
$protocol = ""])
|
|
Adds a single protocol to $this->allowed_protocols.
This method accepts a string argument and adds it to the list of allowed protocols to keep when performing Parse().
Tags:
Parameters:
method AddProtocols [line 150]
bool AddProtocols(
mixed
0)
|
|
Allows for single/batch addition of protocols
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
The argument will be processed, and each string will be added via AddProtocol().
Tags:
Parameters:
method DumpElements [line 315]
Raw dump of allowed (X)HTML elements
This returns an indexed array of allowed (X)HTML elements and attributes for a particular KSES instantiation.
Tags:
method DumpProtocols [line 300]
Raw dump of allowed protocols
This returns an indexed array of allowed protocols for a particular KSES instantiation.
Tags:
method filterKsesTextHook [line 573]
string filterKsesTextHook(
string
$string)
|
|
Allows for additional user defined modifications to text.
This method allows for additional modifications to be performed on a string that's being run through Parse(). Currently, it returns the input string 'as is'.
This method is provided for users to extend the kses class for their own requirements.
Tags:
Parameters:
method Parse [line 122]
string Parse(
[string
$string = ""])
|
|
Basic task of kses - parses $string and strips it as required.
This method strips all the disallowed (X)HTML tags, attributes and protocols from the input $string.
Tags:
Parameters:
method Protocols [line 189]
Allows for single/batch addition of protocols
Tags:
method RemoveProtocol [line 392]
bool RemoveProtocol(
[string
$protocol = ""])
|
|
Removes a single protocol from $this->allowed_protocols.
This method accepts a string argument and removes it from the list of allowed protocols to keep when performing Parse().
Tags:
Parameters:
method RemoveProtocols [line 438]
bool RemoveProtocols(
mixed
0)
|
|
Allows for single/batch removal of protocols
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
The argument will be processed, and each string will be removed via RemoveProtocol().
Tags:
Parameters:
method SetProtocols [line 257]
bool SetProtocols(
mixed
0)
|
|
Allows for single/batch replacement of protocols
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
Existing protocols will be removed, then the argument will be processed, and each string will be added via AddProtocol().
Tags:
Parameters:
method _array_lc [line 586]
array _array_lc(
$inarray, array
$in_array)
|
|
This method goes through an array, and changes the keys to all lower case.
Tags:
Parameters:
method _attr [line 699]
string _attr(
string
$element, string
$attr)
|
|
This method strips out disallowed attributes for (X)HTML tags.
This method removes all attributes if none are allowed for this element. If some are allowed it calls $this->_hair() to split them further, and then it builds up new HTML code from the data that $this->_hair() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well.
Tags:
Parameters:
method _bad_protocol [line 914]
string _bad_protocol(
string
$string)
|
|
This method removes disallowed protocols.
This method removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like "javascript:javascript:alert(57)".
Tags:
Parameters:
method _bad_protocol_once [line 942]
string _bad_protocol_once(
string
$string)
|
|
Helper method used by _bad_protocol()
This function searches for URL protocols at the beginning of $string, while handling whitespace and HTML entities. Function updated to fix security vulnerability (see http://projects.dokeos.com/index.php?do=details&task_id=2312)
Tags:
Parameters:
method _bad_protocol_once2 [line 964]
string _bad_protocol_once2(
string
$string)
|
|
Helper method used by _bad_protocol_once() regex
This function processes URL protocols, checks to see if they're in the white- list or not, and returns different data depending on the answer.
Tags:
Parameters:
method _check_attr_val [line 1009]
bool _check_attr_val(
string
$value, string
$vless, string
$checkname, string
$checkvalue)
|
|
This function performs different checks for attribute values.
The currently implemented checks are "maxlen", "minlen", "maxval", "minval" and "valueless" with even more checks to come soon.
Tags:
Parameters:
method _decode_entities [line 1136]
string _decode_entities(
$string, string
$value)
|
|
Decodes numeric HTML entities
This method decodes numeric HTML entities (A and A). It doesn't do anything with other entities like ä, but we don't need them in the URL protocol white listing system anyway.
Tags:
Parameters:
method _hair [line 789]
array _hair(
string
$attr)
|
|
This method combs through an attribute list string and returns an associative array of attributes and values.
This method does a lot of work. It parses an attribute list into an array with attribute data, and tries to do the right thing even if it gets weird input. It will add quotes around attribute values that don't have any quotes or apostrophes around them, to make it easier to produce HTML code that will conform to W3C's HTML specification. It will also remove bad URL protocols from attribute values.
Tags:
Parameters:
method _hook [line 552]
string _hook(
string
$string)
|
|
Allows for additional user defined modifications to text.
Tags:
Parameters:
method _html_error [line 1119]
string _html_error(
string
$string)
|
|
helper method for _hair()
This function deals with parsing errors in _hair(). The general plan is to remove everything to and including some whitespace, but it deals with quotes and apostrophes as well.
Tags:
Parameters:
method _js_entities [line 491]
string _js_entities(
string
$string)
|
|
This function removes the HTML JavaScript entities found in early versions of Netscape 4.
Tags:
Parameters:
method _normalize_entities [line 507]
string _normalize_entities(
string
$string)
|
|
Normalizes HTML entities
This function normalizes HTML entities. It will convert "AT&T" to the correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on.
Tags:
Parameters:
method _normalize_entities2 [line 538]
string _normalize_entities2(
string
$i)
|
|
Helper method used by normalizeEntites()
This method helps normalizeEntities() to only accept 16 bit values and nothing more for &#number; entities.
This method helps normalize_entities() during a preg_replace() where a &#(0)*XXXXX; occurs. The '(0)*XXXXXX' value is converted to a number and the result is returned as a numeric entity if the number is less than 65536. Otherwise, the value is returned 'as is'.
Tags:
Parameters:
method _no_null [line 475]
string _no_null(
string
$string)
|
|
This method removes any NULL or characters in $string.
Tags:
Parameters:
method _split [line 620]
string _split(
string
$string)
|
|
This method searched for HTML tags, no matter how malformed. It also matches stray ">" characters.
Tags:
Parameters:
method _split2 [line 644]
string _split2(
string
$string)
|
|
This method strips out disallowed and/or mangled (X)HTML tags along with assigned attributes.
This method does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string if the element isn't allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an allowed attribute list.
Tags:
Parameters:
method _stripslashes [line 1101]
string _stripslashes(
string
$string)
|
|
Changes \" to "
This function changes the character sequence \" to just " It leaves all other slashes alone. It's really weird, but the quoting from preg_replace(//e) seems to require this.
Tags:
Parameters:
method _version [line 1153]
Returns PHP4 OOP version # of kses.
Since this class has been refactored and documented and proven to work, I'm syncing the version number to procedural kses.
Tags:
