Revision 792ae733
Von Moritz Bunkus vor mehr als 10 Jahren hinzugefügt
| SL/DB/Helper/AttrHTML.pm | ||
|---|---|---|
| 5 | 5 |
use parent qw(Exporter); |
| 6 | 6 |
our @EXPORT = qw(attr_html); |
| 7 | 7 |
|
| 8 |
use utf8; |
|
| 9 |
use Carp; |
|
| 10 |
use Encode (); |
|
| 11 |
use HTML::Restrict (); |
|
| 12 |
use HTML::Parser; |
|
| 13 |
|
|
| 14 |
my %stripper; |
|
| 15 |
|
|
| 16 |
sub _strip_html {
|
|
| 17 |
my ($value) = @_; |
|
| 18 |
|
|
| 19 |
if (!%stripper) {
|
|
| 20 |
%stripper = ( parser => HTML::Parser->new ); |
|
| 21 |
|
|
| 22 |
$stripper{parser}->handler(text => sub { $stripper{text} .= $_[1]; });
|
|
| 23 |
} |
|
| 24 |
|
|
| 25 |
$stripper{text} = '';
|
|
| 26 |
$stripper{parser}->parse($value);
|
|
| 27 |
$stripper{parser}->eof;
|
|
| 28 |
|
|
| 29 |
return delete $stripper{text};
|
|
| 30 |
} |
|
| 31 |
|
|
| 32 | 8 |
sub attr_html {
|
| 33 | 9 |
my ($package, $attributes, %params) = @_; |
| 34 | 10 |
|
| ... | ... | |
| 49 | 25 |
my ($package, $attribute, %params) = @_; |
| 50 | 26 |
|
| 51 | 27 |
no strict 'refs'; |
| 28 |
require SL::HTML::Util; |
|
| 52 | 29 |
|
| 53 | 30 |
*{ $package . '::' . $attribute . '_as_stripped_html' } = sub {
|
| 54 | 31 |
my ($self, $value) = @_; |
| 55 | 32 |
|
| 56 |
return $self->$attribute(_strip_html($value)) if @_ > 1;
|
|
| 57 |
return _strip_html($self->$attribute);
|
|
| 33 |
return $self->$attribute(SL::HTML::Util->strip($value)) if @_ > 1;
|
|
| 34 |
return SL::HTML::Util->strip($self->$attribute);
|
|
| 58 | 35 |
}; |
| 59 | 36 |
} |
| 60 | 37 |
|
| ... | ... | |
| 62 | 39 |
my ($package, $attribute, %params) = @_; |
| 63 | 40 |
|
| 64 | 41 |
no strict 'refs'; |
| 42 |
require SL::HTML::Restrict; |
|
| 65 | 43 |
|
| 66 |
my $cleaner = HTML::Restrict->new(rules => $params{allowed_tags});
|
|
| 44 |
my $cleaner = SL::HTML::Restrict->create(%params);
|
|
| 67 | 45 |
|
| 68 | 46 |
*{ $package . '::' . $attribute . '_as_restricted_html' } = sub {
|
| 69 | 47 |
my ($self, $value) = @_; |
| SL/HTML/Restrict.pm | ||
|---|---|---|
| 1 |
package SL::HTML::Restrict; |
|
| 2 |
|
|
| 3 |
use strict; |
|
| 4 |
use warnings; |
|
| 5 |
|
|
| 6 |
use HTML::Restrict (); |
|
| 7 |
|
|
| 8 |
sub create {
|
|
| 9 |
my ($class, %params) = @_; |
|
| 10 |
$params{allowed_tags} //= { map { ($_ => ['/']) } qw(b strong i em u ul ol li sub sup s strike br p div) };
|
|
| 11 |
|
|
| 12 |
return HTML::Restrict->new(rules => $params{allowed_tags});
|
|
| 13 |
} |
|
| 14 |
|
|
| 15 |
1; |
|
| 16 |
__END__ |
|
| 17 |
|
|
| 18 |
=pod |
|
| 19 |
|
|
| 20 |
=encoding utf8 |
|
| 21 |
|
|
| 22 |
=head1 NAME |
|
| 23 |
|
|
| 24 |
SL::HTML::Restrict - Restrict HTML tags to set of allowed tags |
|
| 25 |
|
|
| 26 |
=head1 SYNOPSIS |
|
| 27 |
|
|
| 28 |
my $cleaner = SL::HTML::Restrict->create; |
|
| 29 |
my $cleaned = $cleaner->process($unsafe_html); |
|
| 30 |
|
|
| 31 |
=head1 |
|
| 32 |
|
|
| 33 |
Often you want to allow a fixed set of well-known HTML tags to be used |
|
| 34 |
– but nothing else. This is a thin wrapper providing a default set of |
|
| 35 |
the following elements: |
|
| 36 |
|
|
| 37 |
C<b br div em i li ol p s strike strong sub sup u ul> |
|
| 38 |
|
|
| 39 |
This list can be overwritten. |
|
| 40 |
|
|
| 41 |
=head1 FUNCTIONS |
|
| 42 |
|
|
| 43 |
=over 4 |
|
| 44 |
|
|
| 45 |
=item C<create [%params]> |
|
| 46 |
|
|
| 47 |
Creates and returns a new instance of L<HTML::Restrict>. The optional |
|
| 48 |
parameter C<allowed_tags> must be an array reference of allowed tag |
|
| 49 |
names. If it's missing then the default set will be used (see above). |
|
| 50 |
|
|
| 51 |
Returns an instance of L<HTML::Restrict>. |
|
| 52 |
|
|
| 53 |
=back |
|
| 54 |
|
|
| 55 |
=head1 BUGS |
|
| 56 |
|
|
| 57 |
Nothing here yet. |
|
| 58 |
|
|
| 59 |
=head1 AUTHOR |
|
| 60 |
|
|
| 61 |
Moritz Bunkus E<lt>m.bunkus@linet-services.deE<gt> |
|
| 62 |
|
|
| 63 |
=cut |
|
| SL/HTML/Util.pm | ||
|---|---|---|
| 1 |
package SL::HTML::Util; |
|
| 2 |
|
|
| 3 |
use strict; |
|
| 4 |
use warnings; |
|
| 5 |
|
|
| 6 |
use HTML::Parser; |
|
| 7 |
|
|
| 8 |
my %stripper; |
|
| 9 |
|
|
| 10 |
sub strip {
|
|
| 11 |
my ($class_or_value) = @_; |
|
| 12 |
|
|
| 13 |
my $value = !ref($class_or_value) && (($class_or_value // '') eq 'SL::HTML::Util') ? $_[1] : $class_or_value; |
|
| 14 |
|
|
| 15 |
if (!%stripper) {
|
|
| 16 |
%stripper = ( parser => HTML::Parser->new ); |
|
| 17 |
|
|
| 18 |
$stripper{parser}->handler(text => sub { $stripper{text} .= $_[1]; });
|
|
| 19 |
} |
|
| 20 |
|
|
| 21 |
$stripper{text} = '';
|
|
| 22 |
$stripper{parser}->parse($value);
|
|
| 23 |
$stripper{parser}->eof;
|
|
| 24 |
|
|
| 25 |
return delete $stripper{text};
|
|
| 26 |
} |
|
| 27 |
|
|
| 28 |
1; |
|
| 29 |
__END__ |
|
| 30 |
|
|
| 31 |
=pod |
|
| 32 |
|
|
| 33 |
=encoding utf8 |
|
| 34 |
|
|
| 35 |
=head1 NAME |
|
| 36 |
|
|
| 37 |
SL::HTML::Util - Utility functions dealing with HTML |
|
| 38 |
|
|
| 39 |
=head1 SYNOPSIS |
|
| 40 |
|
|
| 41 |
my $plain_text = SL::HTML::Util->strip('<h1>Hello World</h1>');
|
|
| 42 |
|
|
| 43 |
=head1 FUNCTIONS |
|
| 44 |
|
|
| 45 |
=over 4 |
|
| 46 |
|
|
| 47 |
=item C<strip $html_content> |
|
| 48 |
|
|
| 49 |
Removes all HTML elements and tags from C<$html_content> and returns |
|
| 50 |
the remaining plain text. |
|
| 51 |
|
|
| 52 |
=back |
|
| 53 |
|
|
| 54 |
=head1 BUGS |
|
| 55 |
|
|
| 56 |
Nothing here yet. |
|
| 57 |
|
|
| 58 |
=head1 AUTHOR |
|
| 59 |
|
|
| 60 |
Moritz Bunkus E<lt>m.bunkus@linet-services.deE<gt> |
|
| 61 |
|
|
| 62 |
=cut |
|
| SL/Presenter/Tag.pm | ||
|---|---|---|
| 2 | 2 |
|
| 3 | 3 |
use strict; |
| 4 | 4 |
|
| 5 |
use SL::HTML::Restrict; |
|
| 6 |
|
|
| 5 | 7 |
use parent qw(Exporter); |
| 6 | 8 |
|
| 7 | 9 |
use Exporter qw(import); |
| 8 |
our @EXPORT = qw(html_tag input_tag man_days_tag name_to_id select_tag stringify_attributes); |
|
| 10 |
our @EXPORT = qw(html_tag input_tag man_days_tag name_to_id select_tag stringify_attributes restricted_html);
|
|
| 9 | 11 |
|
| 10 | 12 |
use Carp; |
| 11 | 13 |
|
| ... | ... | |
| 195 | 197 |
return %{ $attributes };
|
| 196 | 198 |
} |
| 197 | 199 |
|
| 200 |
my $html_restricter; |
|
| 201 |
|
|
| 202 |
sub restricted_html {
|
|
| 203 |
my ($self, $value) = @_; |
|
| 204 |
|
|
| 205 |
$html_restricter ||= SL::HTML::Restrict->create; |
|
| 206 |
return $html_restricter->process($value); |
|
| 207 |
} |
|
| 208 |
|
|
| 198 | 209 |
1; |
| 199 | 210 |
__END__ |
| 200 | 211 |
|
| ... | ... | |
| 264 | 275 |
HTML tag attributes. Keys and values are HTML escaped even though keys |
| 265 | 276 |
must not contain non-ASCII characters for browsers to accept them. |
| 266 | 277 |
|
| 278 |
=item C<restricted_html $html> |
|
| 279 |
|
|
| 280 |
Returns HTML stripped of unknown tags. See L<SL::HTML::Restrict>. |
|
| 281 |
|
|
| 267 | 282 |
=back |
| 268 | 283 |
|
| 269 | 284 |
=head2 HIGH-LEVEL FUNCTIONS |
Auch abrufbar als: Unified diff
Refactoring: {strip,restrict}_html in eigene Module ausgelagert