‪TYPO3CMS  11.5
DefaultSanitizerBuilder.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 project.
7  *
8  * It is free software; you can redistribute it and/or modify it under the terms
9  * of the MIT License (MIT). For the full copyright and license information,
10  * please read the LICENSE file that was distributed with this source code.
11  *
12  * The TYPO3 project - inspiring people to share!
13  */
14 
15 namespace ‪TYPO3\CMS\Core\Html;
16 
17 use ‪TYPO3\CMS\Core\SingletonInterface;
18 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
19 use ‪TYPO3\CMS\Core\Utility\PathUtility;
20 use TYPO3\HtmlSanitizer\Behavior;
21 use TYPO3\HtmlSanitizer\Builder\CommonBuilder;
22 use TYPO3\HtmlSanitizer\Sanitizer;
23 use TYPO3\HtmlSanitizer\Visitor\CommonVisitor;
24 
31 class ‪DefaultSanitizerBuilder extends CommonBuilder implements ‪SingletonInterface
32 {
33  private Behavior ‪$behavior;
34 
35  public function ‪__construct()
36  {
37  parent::__construct();
38  // + URL must be on local host, or is absolute URI path
39  $isOnCurrentHost = new Behavior\ClosureAttrValue(
40  static function (string $value): bool {
41  return ‪GeneralUtility::isValidUrl($value) && GeneralUtility::isOnCurrentHost($value)
42  || ‪PathUtility::isAbsolutePath($value) && GeneralUtility::isAllowedAbsPath($value); // @todo incorrect abs path!
43  }
44  );
45  // + starting with `t3://`
46  $isTypo3Uri = new Behavior\RegExpAttrValue('#^t3://#');
47  // + TYPO3 spam protected email address using JavaScript
48  // @deprecated Only used in f:uri.email view-helper, which is deprecated and will be removed in TYPO3 v12.0
49  $isSpamProtectedEmailUri = new Behavior\RegExpAttrValue('#^javascript:linkTo_UnCryptMailto#');
50 
51  // extends common attributes for TYPO3-specific URIs
52  $this->srcAttr->addValues($isOnCurrentHost);
53  $this->srcsetAttr->addValues($isOnCurrentHost);
54  $this->hrefAttr->addValues($isOnCurrentHost, $isTypo3Uri, $isSpamProtectedEmailUri);
55 
56  // @todo `style` used in Introduction Package, inline CSS should be removed
57  $this->globalAttrs[] = new Behavior\Attr('style');
58  }
59 
60  public function ‪build(): Sanitizer
61  {
62  ‪$behavior = $this->‪createBehavior();
63  $visitor = GeneralUtility::makeInstance(CommonVisitor::class, ‪$behavior);
64  return GeneralUtility::makeInstance(Sanitizer::class, ‪$behavior, $visitor);
65  }
66 
67  protected function ‪createBehavior(): Behavior
68  {
69  if (!isset($this->behavior)) {
70  $this->behavior = parent::createBehavior()->withName('default');
71  }
72  return ‪$this->behavior;
73  }
74 }
‪TYPO3\CMS\Core\Html
Definition: DefaultSanitizerBuilder.php:15
‪TYPO3\CMS\Core\Utility\PathUtility
Definition: PathUtility.php:25
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder
Definition: DefaultSanitizerBuilder.php:32
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\__construct
‪__construct()
Definition: DefaultSanitizerBuilder.php:35
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\createBehavior
‪createBehavior()
Definition: DefaultSanitizerBuilder.php:67
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\$behavior
‪Behavior $behavior
Definition: DefaultSanitizerBuilder.php:33
‪TYPO3\CMS\Core\Utility\PathUtility\isAbsolutePath
‪static bool isAbsolutePath($path)
Definition: PathUtility.php:296
‪TYPO3\CMS\Core\Utility\GeneralUtility\isValidUrl
‪static bool isValidUrl($url)
Definition: GeneralUtility.php:883
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\build
‪build()
Definition: DefaultSanitizerBuilder.php:60