system system.base system.caching system.caching.dependencies system.collections system.console system.db system.db.ar system.db.schema system.db.schema.mssql system.db.schema.mysql system.db.schema.oci system.db.schema.pgsql system.db.schema.sqlite system.i18n system.i18n.gettext system.logging system.utils system.validators system.web system.web.actions system.web.auth system.web.filters system.web.helpers system.web.renderers system.web.services system.web.widgets system.web.widgets.captcha system.web.widgets.pagers

CHtmlPurifier

system.web.widgets
继承 class CHtmlPurifier » COutputProcessor » CFilterWidget » CWidget » CBaseController » CComponent
实现 IFilter
可用自 1.0
版本 $Id$
CHtmlPurifier is wrapper of HTML Purifier.

CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.

CHtmlPurifier can be used as either a widget or a controller filter.

Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.

公共属性

隐藏继承的属性

属性类型描述被定义在
actionPrefix string the prefix to the IDs of the actions. CWidget
controller CController the controller that this widget belongs to. CWidget
id string id of the widget. CWidget
isFilter boolean whether this widget is used as a filter. CFilterWidget
options mixed the options to be passed to {@link http://htmlpurifier. CHtmlPurifier
owner CBaseController owner/creator of this widget. CWidget
stopAction boolean whether to stop the action execution when this widget is used as a filter. CFilterWidget
viewPath string Returns the directory containing the view files for this widget. CWidget

公共方法

隐藏继承的方法

方法描述被定义在
__call() Calls the named method which is not a class method. CComponent
__construct() Constructor. CFilterWidget
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
actions() Returns a list of actions that are used by this widget. CWidget
asa() Returns the named behavior object. CComponent
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
beginCache() Begins fragment caching. CBaseController
beginClip() Begins recording a clip. CBaseController
beginContent() Begins the rendering of content that is to be decorated by the specified view. CBaseController
beginWidget() Creates a widget and executes it. CBaseController
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
createWidget() Creates a widget and initializes it. CBaseController
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
endCache() Ends fragment caching. CBaseController
endClip() Ends recording a clip. CBaseController
endContent() Ends the rendering of content. CBaseController
endWidget() Ends the execution of the named widget. CBaseController
filter() Performs the filtering. CFilterWidget
getController() CWidget
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
getId() CWidget
getIsFilter() CFilterWidget
getOwner() CWidget
getViewFile() Looks for the view script file according to the view name. CWidget
getViewPath() Returns the directory containing the view files for this widget. CWidget
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasProperty() Determines whether a property is defined. CComponent
init() Initializes the widget. COutputProcessor
onProcessOutput() Raised when the output has been captured. COutputProcessor
processOutput() Processes the captured output. CHtmlPurifier
purify() Purifies the HTML content by removing malicious code. CHtmlPurifier
raiseEvent() Raises an event. CComponent
render() Renders a view. CWidget
renderFile() Renders a view file. CBaseController
renderInternal() Renders a view file. CBaseController
run() Executes the widget. COutputProcessor
setId() CWidget
widget() Creates a widget and executes it. CBaseController

事件

隐藏继承的事件

事件描述被定义在
onProcessOutput Raised when the output has been captured. COutputProcessor

属性详情

options 属性
public mixed $options;

the options to be passed to HTML Purifier. This can be a HTMLPurifier_Config object, an array of directives (Namespace.Directive => Value) or the filename of an ini file.

方法详情

processOutput() 方法
public void processOutput(string $output)
$output string the captured output to be processed

Processes the captured output. This method purifies the output using HTML Purifier.

purify() 方法
public string purify(string $content)
$content string the content to be purified.
{return} string the purified content

Purifies the HTML content by removing malicious code.