‪TYPO3CMS  ‪main
DefaultSanitizerBuilder.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Html;
19 
20 use ‪TYPO3\CMS\Core\SingletonInterface;
21 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
22 use ‪TYPO3\CMS\Core\Utility\PathUtility;
23 use TYPO3\HtmlSanitizer\Behavior;
24 use TYPO3\HtmlSanitizer\Builder\CommonBuilder;
25 use TYPO3\HtmlSanitizer\Sanitizer;
26 use TYPO3\HtmlSanitizer\Visitor\CommonVisitor;
27 
34 class ‪DefaultSanitizerBuilder extends CommonBuilder implements ‪SingletonInterface
35 {
36  private Behavior ‪$behavior;
37 
38  public function ‪__construct()
39  {
40  parent::__construct();
41  // + URL must be on local host, or is absolute URI path
42  $isOnCurrentHost = new Behavior\ClosureAttrValue(
43  static function (string $value): bool {
44  return ‪GeneralUtility::isValidUrl($value) && ‪GeneralUtility::isOnCurrentHost($value)
45  || ‪PathUtility::isAbsolutePath($value) && GeneralUtility::isAllowedAbsPath($value); // @todo incorrect abs path!
46  }
47  );
48  // + starting with `t3://`
49  $isTypo3Uri = new Behavior\RegExpAttrValue('#^t3://#');
50 
51  // extends common attributes for TYPO3-specific URIs
52  $this->srcAttr->addValues($isOnCurrentHost);
53  $this->srcsetAttr->addValues($isOnCurrentHost);
54  $this->hrefAttr->addValues($isOnCurrentHost, $isTypo3Uri);
55 
56  // @todo `style` used in Introduction Package, inline CSS should be removed
57  $this->globalAttrs[] = new Behavior\Attr('style');
58  }
59 
60  public function ‪build(): Sanitizer
61  {
62  ‪$behavior = $this->‪createBehavior();
63  $visitor = GeneralUtility::makeInstance(CommonVisitor::class, ‪$behavior);
64  return GeneralUtility::makeInstance(Sanitizer::class, ‪$behavior, $visitor);
65  }
66 
67  protected function ‪createBehavior(): Behavior
68  {
69  if (!isset($this->behavior)) {
70  $this->behavior = parent::createBehavior()->withName('default');
71  }
72  return ‪$this->behavior;
73  }
74 }
‪TYPO3\CMS\Core\Html
Definition: DefaultSanitizerBuilder.php:18
‪TYPO3\CMS\Core\Utility\PathUtility
Definition: PathUtility.php:27
‪TYPO3\CMS\Core\Utility\PathUtility\isAbsolutePath
‪static isAbsolutePath(string $path)
Definition: PathUtility.php:286
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder
Definition: DefaultSanitizerBuilder.php:35
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\__construct
‪__construct()
Definition: DefaultSanitizerBuilder.php:38
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\createBehavior
‪createBehavior()
Definition: DefaultSanitizerBuilder.php:67
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\$behavior
‪Behavior $behavior
Definition: DefaultSanitizerBuilder.php:36
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪TYPO3\CMS\Core\Utility\GeneralUtility\isValidUrl
‪static bool isValidUrl(string $url)
Definition: GeneralUtility.php:713
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Core\Utility\GeneralUtility\isOnCurrentHost
‪static bool isOnCurrentHost(string $url)
Definition: GeneralUtility.php:409
‪TYPO3\CMS\Core\Html\DefaultSanitizerBuilder\build
‪build()
Definition: DefaultSanitizerBuilder.php:60