constructor __construct [line 124]
Constructor for kses.
This sets a default collection of protocols allowed in links, and creates an empty set of allowed HTML tags.
Tags:
method AddHTML [line 448]
bool AddHTML(
[string
$tag = ""], [array
$attribs = array()])
|
|
Adds valid (X)HTML with corresponding attributes that will be kept when stripping 'evil scripts'.
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
Tags:
Parameters:
method AddProtocol [line 240]
bool AddProtocol(
[string
$protocol = ""])
|
|
Adds a single protocol to $this->allowed_protocols.
This method accepts a string argument and adds it to the list of allowed protocols to keep when performing Parse().
Tags:
Parameters:
method AddProtocols [line 177]
bool AddProtocols(
mixed
0)
|
|
Allows for single/batch addition of protocols
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
The argument will be processed, and each string will be added via AddProtocol().
Tags:
Parameters:
method checkAttributeValue [line 989]
bool checkAttributeValue(
string
$value, string
$vless, string
$checkname, string
$checkvalue)
|
|
Controller method for performing checks on attribute values.
This method calls the appropriate method as specified by $checkname with the parameters $value, $vless, and $checkvalue, and returns the result of the call.
This method's functionality can be expanded by creating new methods that would match checkAttributeValue[$checkname].
Current checks implemented are: "maxlen", "minlen", "maxval", "minval" and "valueless"
Tags:
Parameters:
method checkAttributeValueMaxlen [line 1015]
bool checkAttributeValueMaxlen(
string
$value, int
$checkvalue)
|
|
Helper method invoked by checkAttributeValue().
The maxlen check makes sure that the attribute value has a length not greater than the given value. This can be used to avoid Buffer Overflows in WWW clients and various Internet servers.
Tags:
Parameters:
method checkAttributeValueMaxval [line 1063]
bool checkAttributeValueMaxval(
int
$value, int
$checkvalue)
|
|
Helper method invoked by checkAttributeValue().
The maxval check does two things: it checks that the attribute value is an integer from 0 and up, without an excessive amount of zeroes or whitespace (to avoid Buffer Overflows). It also checks that the attribute value is not greater than the given value.
This check can be used to avoid Denial of Service attacks.
Tags:
Parameters:
method checkAttributeValueMinlen [line 1037]
bool checkAttributeValueMinlen(
string
$value, int
$checkvalue)
|
|
Helper method invoked by checkAttributeValue().
The minlen check makes sure that the attribute value has a length not smaller than the given value.
Tags:
Parameters:
method checkAttributeValueMinval [line 1089]
bool checkAttributeValueMinval(
int
$value, int
$checkvalue)
|
|
Helper method invoked by checkAttributeValue().
The minval check checks that the attribute value is a positive integer, and that it is not smaller than the given value.
Tags:
Parameters:
method checkAttributeValueValueless [line 1119]
bool checkAttributeValueValueless(
int
$value, mixed
$checkvalue, string
$vless)
|
|
Helper method invoked by checkAttributeValue().
The valueless check checks if the attribute has a value (like <a href="blah">) or not (<option selected>). If the given value is a "y" or a "Y", the attribute must not have a value.
If the given value is an "n" or an "N", the attribute must have one.
Tags:
Parameters:
method combAttributes [line 796]
array combAttributes(
string
$attr)
|
|
This method combs through an attribute list string and returns an associative array of attributes and values.
This method does a lot of work. It parses an attribute list into an array with attribute data, and tries to do the right thing even if it gets weird input. It will add quotes around attribute values that don't have any quotes or apostrophes around them, to make it easier to produce HTML code that will conform to W3C's HTML specification. It will also remove bad URL protocols from attribute values.
Tags:
Parameters:
method decodeEntities [line 1140]
string decodeEntities(
$string, string
$value)
|
|
Decodes numeric HTML entities
This method decodes numeric HTML entities (A and A). It doesn't do anything with other entities like ä, but we don't need them in the URL protocol white listing system anyway.
Tags:
Parameters:
method DumpElements [line 430]
Raw dump of allowed (X)HTML elements
This returns an indexed array of allowed (X)HTML elements and attributes for a particular KSES instantiation.
Tags:
method DumpProtocols [line 415]
Raw dump of allowed protocols
This returns an indexed array of allowed protocols for a particular KSES instantiation.
Tags:
method filterKsesTextHook [line 592]
string filterKsesTextHook(
string
$string)
|
|
Allows for additional user defined modifications to text.
This method allows for additional modifications to be performed on a string that's being run through Parse(). Currently, it returns the input string 'as is'.
This method is provided for users to extend the kses class for their own requirements.
Tags:
Parameters:
method filterProtocols [line 947]
string filterProtocols(
string
$string)
|
|
Helper method used by removeBadProtocols()
This function processes URL protocols, checks to see if they're in the white- list or not, and returns different data depending on the answer.
Tags:
Parameters:
method makeArrayKeysLowerCase [line 619]
array makeArrayKeysLowerCase(
array
$in_array)
|
|
This method goes through an array, and changes the keys to all lower case.
Tags:
Parameters:
method normalizeEntities [line 522]
string normalizeEntities(
string
$string)
|
|
Normalizes HTML entities
This function normalizes HTML entities. It will convert "AT&T" to the correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on.
Tags:
Parameters:
method normalizeEntities16bit [line 571]
string normalizeEntities16bit(
string
$i)
|
|
Helper method used by normalizeEntites()
This method helps normalizeEntities() to only accept 16 bit values and nothing more for &#number; entities.
This method helps normalize_entities() during a preg_replace() where a &#(0)*XXXXX; occurs. The '(0)*XXXXXX' value is converted to a number and the result is returned as a numeric entity if the number is less than 65536. Otherwise, the value is returned 'as is'.
Tags:
Parameters:
method Parse [line 147]
string Parse(
[string
$string = ""])
|
|
Basic task of kses - parses $string and strips it as required.
This method strips all the disallowed (X)HTML tags, attributes and protocols from the input $string.
Tags:
Parameters:
method Protocols [line 216]
Allows for single/batch addition of protocols
Tags:
method removeBadProtocols [line 921]
string removeBadProtocols(
string
$string)
|
|
This method removes disallowed protocols.
This method removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like "javascript:javascript:alert(57)".
Tags:
Parameters:
method removeNulls [line 504]
string removeNulls(
string
$string)
|
|
This method removes any NULL characters in $string.
Tags:
Parameters:
method RemoveProtocol [line 282]
bool RemoveProtocol(
[string
$protocol = ""])
|
|
Removes a single protocol from $this->allowed_protocols.
This method accepts a string argument and removes it from the list of allowed protocols to keep when performing Parse().
Tags:
Parameters:
method RemoveProtocols [line 328]
bool RemoveProtocols(
mixed
0)
|
|
Allows for single/batch removal of protocols
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
The argument will be processed, and each string will be removed via RemoveProtocol().
Tags:
Parameters:
method SetProtocols [line 372]
bool SetProtocols(
mixed
0)
|
|
Allows for single/batch replacement of protocols
This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored.
Existing protocols will be removed, then the argument will be processed, and each string will be added via AddProtocol().
Tags:
Parameters:
method stripAttributes [line 711]
string stripAttributes(
string
$element, string
$attr)
|
|
This method strips out disallowed attributes for (X)HTML tags.
This method removes all attributes if none are allowed for this element. If some are allowed it calls combAttributes() to split them further, and then it builds up new HTML code from the data that combAttributes() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well.
Tags:
Parameters:
method stripTags [line 657]
string stripTags(
string
$string)
|
|
This method strips out disallowed and/or mangled (X)HTML tags along with assigned attributes.
This method does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string if the element isn't allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an allowed attribute list.
Tags:
Parameters:
method Version [line 1160]
Returns PHP5 OOP version # of kses.
Since this class has been refactored and documented and proven to work, I'm fixing the version number at 1.0.0.
This version is syntax compatible with the PHP4 OOP version 0.0.2. Future versions may not be syntax compatible.
Tags:
method _hook [line 606]
string _hook(
string
$string)
|
|
Allows for additional user defined modifications to text.
Tags:
Parameters:
