PRADO Component Framework for PHP 5
  • Home
  • About
  • Testimonials
  • Demos
  • Download
  • Documentation
  • Forum
  • Development
  • Tutorials
  • Class Docs
  • API Manual
  • Wiki

Packages

  • None
  • System
    • Caching
    • Collections
    • Data
      • ActiveRecord
        • Relations
        • Scaffold
          • InputBuilder
      • Commom
        • Sqlite
      • Common
        • Mssql
        • Mysql
        • Oracle
        • Pgsql
        • Sqlite
      • DataGateway
      • SqlMap
        • Configuration
        • Statements
    • Exceptions
    • I18N
    • IO
    • Security
    • Util
    • Web
      • Javascripts
      • Services
      • UI
        • ActiveControls
        • WebControls
    • Xml
  • Wsat
    • pages
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo

Class TSafeHtml

TSafeHtml class

TSafeHtml is a control that strips down all potentially dangerous HTML content. It is mainly a wrapper of SafeHTML project. According to the SafeHTML project, it tries to safeguard the following situations when the string is to be displayed to end-users,

  • Opening tag without its closing tag
  • closing tag without its opening tag
  • any of these tags: base, basefont, head, html, body, applet, object, iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link, meta, style, title, blink, xml, etc.
  • any of these attributes: on*, data*, dynsrc
  • javascript:/vbscript:/about: etc. protocols
  • expression/behavior etc. in styles
  • any other active content.

To use TSafeHtml, simply enclose the content to be secured within the body of TSafeHtml in a template.

If the content is encoded in UTF-7, you'll need to enable the setRepackUTF7 RepackUTF7 property to ensure the contents gets parsed correctly.

TComponent
Extended by TApplicationComponent
Extended by TControl implements IRenderable, IBindable
Extended by TSafeHtml
Package: System\Web\UI\WebControls
Copyright: Copyright © 2005-2014 PradoSoft
License: http://www.pradosoft.com/license/
Author: Wei Zhuo <weizhuo[at]gmail[dot]com>
Since: 3.0
Located at Web/UI/WebControls/TSafeHtml.php
Methods summary
public
# setRepackUTF7( boolean $value )

Sets whether to parse the contents as UTF-7. This property enables a routine that repacks the content as UTF-7 before parsing it. Defaults to false.

Sets whether to parse the contents as UTF-7. This property enables a routine that repacks the content as UTF-7 before parsing it. Defaults to false.

Parameters

$value
boolean
whether to parse the contents as UTF-7
public boolean
# getRepackUTF7( )

Returns

boolean
whether to parse the contents as UTF-7. Defaults to false.
public
# render( THtmlWriter $writer )

Renders body content. This method overrides parent implementation by removing malicious javascript code from the body content

Renders body content. This method overrides parent implementation by removing malicious javascript code from the body content

Parameters

$writer
THtmlWriter
writer

Overrides

TControl::render()
protected string
# parseSafeHtml( string $text )

Use SafeHTML to remove malicous javascript from the HTML content.

Use SafeHTML to remove malicous javascript from the HTML content.

Parameters

$text
string
HTML content

Returns

string
safer HTML content
Methods inherited from TControl
__construct(), __get(), addParsedObject(), addToPostDataLoader(), addedControl(), applyStyleSheetSkin(), autoBindProperty(), autoDataBindProperties(), bindProperty(), broadcastEvent(), bubbleEvent(), clearChildState(), clearControlState(), clearNamingContainer(), clearViewState(), convertUniqueIdToClientId(), createChildControls(), createControlCollection(), dataBind(), dataBindChildren(), dataBindProperties(), ensureChildControls(), findControl(), findControlsByID(), findControlsByType(), focus(), getAdapter(), getAllowChildControls(), getAttribute(), getAttributes(), getChildControlsCreated(), getClientID(), getControlStage(), getControlState(), getControls(), getCustomData(), getEnableTheming(), getEnableViewState(), getEnabled(), getHasAdapter(), getHasAttributes(), getHasChildInitialized(), getHasControls(), getHasInitialized(), getHasLoaded(), getHasLoadedPostData(), getHasPreRendered(), getID(), getIsSkinApplied(), getNamingContainer(), getPage(), getParent(), getRegisteredObject(), getSkinID(), getSourceTemplateControl(), getTemplateControl(), getUniqueID(), getViewState(), getVisible(), hasAttribute(), initRecursive(), isDescendentOf(), isObjectRegistered(), loadRecursive(), loadState(), loadStateRecursive(), onDataBinding(), onInit(), onLoad(), onPreRender(), onUnload(), preRenderRecursive(), raiseBubbleEvent(), registerObject(), removeAttribute(), removedControl(), renderChildren(), renderControl(), saveState(), saveStateRecursive(), setAdapter(), setAttribute(), setChildControlsCreated(), setControlStage(), setControlState(), setCustomData(), setEnableTheming(), setEnableViewState(), setEnabled(), setID(), setPage(), setSkinID(), setTemplateControl(), setViewState(), setVisible(), trackViewState(), traverseChildControls(), unbindProperty(), unloadRecursive(), unregisterObject()
Methods inherited from TApplicationComponent
getApplication(), getRequest(), getResponse(), getService(), getSession(), getUser(), publishAsset(), publishFilePath()
Methods inherited from TComponent
__call(), __destruct(), __isset(), __set(), __sleep(), __unset(), __wakeup(), asa(), attachBehavior(), attachBehaviors(), attachClassBehavior(), attachEventHandler(), canGetProperty(), canSetProperty(), clearBehaviors(), createdOnTemplate(), detachBehavior(), detachBehaviors(), detachClassBehavior(), detachEventHandler(), disableBehavior(), disableBehaviors(), enableBehavior(), enableBehaviors(), evaluateExpression(), evaluateStatements(), fxAttachClassBehavior(), fxDetachClassBehavior(), getAutoGlobalListen(), getBehaviorsEnabled(), getClassHierarchy(), getEventHandlers(), getListeningToGlobalEvents(), getSubProperty(), hasEvent(), hasEventHandler(), hasProperty(), isa(), listen(), raiseEvent(), setSubProperty(), unlisten()
Constants inherited from TControl
AUTOMATIC_ID_PREFIX, CLIENT_ID_SEPARATOR, CS_CHILD_INITIALIZED, CS_CONSTRUCTED, CS_INITIALIZED, CS_LOADED, CS_PRERENDERED, CS_STATE_LOADED, ID_FORMAT, ID_SEPARATOR, IS_CHILD_CREATED, IS_CREATING_CHILD, IS_DISABLE_THEMING, IS_DISABLE_VIEWSTATE, IS_ID_SET, IS_SKIN_APPLIED, IS_STYLESHEET_APPLIED, RF_ADAPTER, RF_AUTO_BINDINGS, RF_CHILD_STATE, RF_CONTROLS, RF_CONTROLSTATE, RF_DATA_BINDINGS, RF_EVENTS, RF_NAMED_CONTROLS, RF_NAMED_CONTROLS_ID, RF_NAMED_OBJECTS, RF_SKIN_ID
Constants inherited from TComponent
GLOBAL_RAISE_EVENT_LISTENER
Terms of Service | Contact Us
PRADO v3.2.4 API Manual API documentation generated by ApiGen 2.8.0
Copyright © 2006-2014 by the PRADO Group.
Powered by PRADO