File: system/dependencies/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt

Recommend this page to a friend!
  Classes of Dimitri Sitchet  >  dframework  >  system/dependencies/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt  >  Download  
File: system/dependencies/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
Role: Documentation
Content type: text/plain
Description: Documentation
Class: dframework
Framework to build PHP applications
Author: By
Last change:
Date: 5 months ago
Size: 2,758 bytes


Class file image Download
TYPE: bool
VERSION: 3.1.0
DEFAULT: false
  This directive turns on the style block extraction filter, which removes
  <code>style</code> blocks from input HTML, cleans them up with CSSTidy,
  and places them in the <code>StyleBlocks</code> context variable, for further
  use by you, usually to be placed in an external stylesheet, or a
  <code>style</code> block in the <code>head</code> of your document.
  Sample usage:
    header('Content-type: text/html; charset=utf-8');
    echo '<?xml version="1.0" encoding="UTF-8"?>';
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="" lang="en" xml:lang="en">
    require_once '/path/to/library/';
    require_once '/path/to/csstidy.class.php';

    $dirty = '<style>body {color:#F00;}</style> Some text';

    $config = HTMLPurifier_Config::createDefault();
    $config->set('Filter', 'ExtractStyleBlocks', true);
    $purifier = new HTMLPurifier($config);

    $html = $purifier->purify($dirty);

    // This implementation writes the stylesheets to the styles/ directory.
    // You can also echo the styles inside the document, but it's a bit
    // more difficult to make sure they get interpreted properly by
    // browsers; try the usual CSS armoring techniques.
    $styles = $purifier->context->get('StyleBlocks');
    $dir = 'styles/';
    if (!is_dir($dir)) mkdir($dir);
    $hash = sha1($_GET['html']);
    foreach ($styles as $i => $style) {
        file_put_contents($name = $dir . $hash . "_$i");
        echo '<link rel="stylesheet" type="text/css" href="'.$name.'" />';
    <?php echo $html; ?>
  <strong>Warning:</strong> It is possible for a user to mount an
  imagecrash attack using this CSS. Counter-measures are difficult;
  it is not simply enough to limit the range of CSS lengths (using
  relative lengths with many nesting levels allows for large values
  to be attained without actually specifying them in the stylesheet),
  and the flexible nature of selectors makes it difficult to selectively
  disable lengths on image tags (HTML Purifier, however, does disable
  CSS width and height in inline styling). There are probably two effective
  counter measures: an explicit width and height set to auto in all
  images in your document (unlikely) or the disabling of width and
  height (somewhat reasonable). Whether or not these measures should be
  used is left to the reader.
--# vim: et sw=4 sts=4
For more information send a message to info at phpclasses dot org.