Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 71
- Log:
Start of upgrade to Typo 4.0.0, the latest stable release since
2.6.0. Note test/mocks/themes/azure changes from a file to a
directory, so the file has been removed in this revision and
the directory will be added in the next revision.
- Author:
- adh
- Date:
- Mon Aug 07 22:18:11 +0100 2006
- Size:
- 3113 Bytes
1 | # |
2 | # $Id: sanitize.rb 3 2005-04-05 12:51:14Z dwight $ |
3 | # |
4 | # Copyright (c) 2005 Dwight Shih |
5 | # A derived work of the Perl version: |
6 | # Copyright (c) 2002 Brad Choate, bradchoate.com |
7 | # |
8 | # Permission is hereby granted, free of charge, to |
9 | # any person obtaining a copy of this software and |
10 | # associated documentation files (the "Software"), to |
11 | # deal in the Software without restriction, including |
12 | # without limitation the rights to use, copy, modify, |
13 | # merge, publish, distribute, sublicense, and/or sell |
14 | # copies of the Software, and to permit persons to |
15 | # whom the Software is furnished to do so, subject to |
16 | # the following conditions: |
17 | # |
18 | # The above copyright notice and this permission |
19 | # notice shall be included in all copies or |
20 | # substantial portions of the Software. |
21 | # |
22 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY |
23 | # OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
24 | # LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
25 | # FITNESS FOR A PARTICULAR PURPOSE AND |
26 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
27 | # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES |
28 | # OR OTHER LIABILITY, WHETHER IN AN ACTION OF |
29 | # CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF |
30 | # OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
31 | # OTHER DEALINGS IN THE SOFTWARE. |
32 | # |
33 | |
34 | def sanitize( html, okTags='a href, b, br, i, p' ) |
35 | # no closing tag necessary for these |
36 | soloTags = ["br","hr"] |
37 | |
38 | # Build hash of allowed tags with allowed attributes |
39 | tags = okTags.downcase().split(',').collect!{ |s| s.split(' ') } |
40 | allowed = Hash.new |
41 | tags.each do |s| |
42 | key = s.shift |
43 | allowed[key] = s |
44 | end |
45 | |
46 | # Analyze all <> elements |
47 | stack = Array.new |
48 | result = html.gsub( /(<.*?>)/m ) do | element | |
49 | if element =~ /\A<\/(\w+)/ then |
50 | # </tag> |
51 | tag = $1.downcase |
52 | if allowed.include?(tag) && stack.include?(tag) then |
53 | # If allowed and on the stack |
54 | # Then pop down the stack |
55 | top = stack.pop |
56 | out = "</#{top}>" |
57 | until top == tag do |
58 | top = stack.pop |
59 | out << "</#{top}>" |
60 | end |
61 | out |
62 | end |
63 | elsif element =~ /\A<(\w+)\s*\/>/ |
64 | # <tag /> |
65 | tag = $1.downcase |
66 | if allowed.include?(tag) then |
67 | "<#{tag} />" |
68 | end |
69 | elsif element =~ /\A<(\w+)/ then |
70 | # <tag ...> |
71 | tag = $1.downcase |
72 | if allowed.include?(tag) then |
73 | if ! soloTags.include?(tag) then |
74 | stack.push(tag) |
75 | end |
76 | if allowed[tag].length == 0 then |
77 | # no allowed attributes |
78 | "<#{tag}>" |
79 | else |
80 | # allowed attributes? |
81 | out = "<#{tag}" |
82 | while ( $' =~ /(\w+)=("[^"]+")/ ) |
83 | attr = $1.downcase |
84 | valu = $2 |
85 | if allowed[tag].include?(attr) then |
86 | out << " #{attr}=#{valu}" |
87 | end |
88 | end |
89 | out << ">" |
90 | end |
91 | end |
92 | end |
93 | end |
94 | |
95 | # eat up unmatched leading > |
96 | while result.sub!(/\A([^<]*)>/m) { $1 } do end |
97 | |
98 | # eat up unmatched trailing < |
99 | while result.sub!(/<([^>]*)\Z/m) { $1 } do end |
100 | |
101 | # clean up the stack |
102 | if stack.length > 0 then |
103 | result << "</#{stack.reverse.join('></')}>" |
104 | end |
105 | |
106 | result |
107 | end |