htmlpurifier 允许特定标签的方案

Question

$config->set('URI.AllowedSchemes', array('data' => true, 'http' => true));

$config->set('HTML.AllowedElements', array(
    'a', 'img'
));

$config->set('HTML.AllowedAttributes', array(
    'a.href', 'img.src'
));

我有一个像上面那样的 html 净化器配置。我希望 URI.AllowedSchemes 应用特定的 html 标签。例如 img 标签只能有数据，a 标签只能有 http。有什么办法可以实现吗？

Answer 1

这是我的解决方案；

过滤器；

class ImgSrcTransform extends HTMLPurifier_AttrTransform
{
    protected $parse;

    public function __construct(){
        $this->parser = new HTMLPurifier_URIParser();
    }
    public function transform($attr, $config, $context)
    {
        if(!isset($attr['src'])){
            return $attr;
        }

        $url = $this->parser->parse($attr['src']);
        if($url->scheme == 'http' || $url->scheme == 'https'){
            unset($attr['src']);
        }

        return $attr;
    }
}

class LinkHrefTransform extends HTMLPurifier_AttrTransform
{
    protected $parse;

    public function __construct(){
        $this->parser = new HTMLPurifier_URIParser();
    }
    public function transform($attr, $config, $context)
    {
        if(!isset($attr['href'])){
            return $attr;
        }

        $url = $this->parser->parse($attr['href']);


        if($url->scheme == 'data'){
            unset($attr['href']);
        }

        return $attr;
    }
}

使用过滤器；

$config = HTMLPurifier_Config::createDefault();
$config->set('URI.AllowedSchemes', array('data' => true, 'http' => true, 'https' => true));
$config->set('HTML.AllowedElements', $elements);
$config->set('HTML.AllowedAttributes', $attributes);

$htmlDef = $config->getHTMLDefinition(true);

$img = $htmlDef->addBlankElement('img');
$img->attr_transform_pre[] = new ImgSrcTransform();

$anchor = $htmlDef->addBlankElement('a');
$anchor->attr_transform_pre[] = new LinkHrefTransform();

$purifier = new HTMLPurifier($config);