1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
<?php
# filter - simple example script for kses
# Copyright (C) 2003, 2005 Ulf Harnhammar
#
# This program is free software and open source software; you can redistribute
# it and/or modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the License,
# or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA or visit
# http://www.gnu.org/licenses/gpl.html
#
# *** CONTACT INFORMATION ***
#
# E-mail: metaur at users dot sourceforge dot net
# Web page: http://sourceforge.net/projects/kses
# Paper mail: Ulf Harnhammar
# Ymergatan 17 C
# 753 25 Uppsala
# SWEDEN
# *** INCLUDE kses, DEFINE ELEMENTS+ATTRIBUTES, STRIP MAGIC QUOTES ***
include '../kses.php';
$allowed = array('b' => array(),
'i' => array(),
'a' => array('href' => array('minlen' => 3, 'maxlen' => 50),
'title' => array('valueless' => 'n')),
'p' => array('align' => 1,
'dummy' => array('valueless' => 'y')),
'img' => array('src' => 1), # FIXME
'font' => array('size' =>
array('minval' => 4, 'maxval' => 20)),
'br' => array());
$val = $_POST['val'];
if (get_magic_quotes_gpc())
$val = stripslashes($val);
# *** PRINT SOME HTML CODE ***
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>kses example: HTML filter</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body>
<?php
# *** SHOW THE USER'S INPUT ***
?>
<h1>Input</h1>
<pre><?= htmlspecialchars($val); ?></pre>
<?php
# *** SHOW IT AFTER FILTERING ***
?>
<h1>Output</h1>
<pre><?php
$val = kses($val, $allowed, array('http', 'https'));
# The filtering takes place on the line above.
echo htmlspecialchars($val);
?></pre>
<?php
# *** DISPLAY A TEXTAREA FOR THE USER TO TYPE IN ***
?>
<h1>Type something</h1>
<form method="POST" action="filter.php">
<textarea name="val" rows=5 cols=50><?= htmlspecialchars($val); ?></textarea>
<br>
<input type="submit" value="Send it!">
</form>
<?php
# *** SHOW ALLOWED ELEMENTS+ATTRIBUTES ***
?>
<p>
Only the following HTML elements and attributes are allowed:
</p>
<p>
<?php
$first = 1;
foreach ($allowed as $htmlkey => $htmlval)
{
if (!$first)
echo ' ';
$first = 0;
echo "<$htmlkey"; # element
foreach ($htmlval as $html2key => $html2val)
echo " <i>$html2key=</i>"; # attribute
echo ">";
}
?>
</p>
<p>
<a href=> must have a length in the range 3 to 50.<br>
<a title=> must not be valueless.<br>
<p dummy> must be valueless.<br>
<font size=> must have a value in the range 4 to 20.<br>
Only the URL protocols "http" and "https" are allowed.
</p>
</body>
</html>
|
