2 /* This program is free software. It comes without any warranty, to
3 * the extent permitted by applicable law. You can redistribute it
4 * and/or modify it under the terms of the Do What The Fuck You Want
5 * To Public License, Version 2, as published by Sam Hocevar. See
6 * http://sam.zoy.org/wtfpl/COPYING for more details. */
11 function htmlparse($data)
14 if function finds anything unsafe,it will return
15 FALSE and saves a reason info global variable $htmlparse
20 $data = StrToLower(" ".$data);
22 // tags, I don
\14 need to close
23 $unpaired = Array('br'=>1,
24 'br/'=>1, // fix later ;)
33 $allowed = Array('b'=>1,
59 'br/'=>1, // fix later
83 this part will go trought string and will ensure, if all tags are closed
86 $tok = StrTok($data, '<');
88 while(!($tok === FALSE)){
89 if(!StrStr($tok,'>')):
90 $htmlparse = 'Chyba HTML syntaxe!';
91 //$htmlparse = 'Wrong HTML syntax!';
93 elseif(StrStr($tok,"<")):
94 $htmlparse = 'Chyba HTML syntaxe!';
95 //$htmlparse = 'Wrong HTML syntax!';
102 main part of the function - it will check allowed tags, some parameters and so on...
105 $tok = StrTok($data, '<');
108 while(!($tok === FALSE)):
110 $tag = Split('>',$tok,2);
111 $attrib = Split("[[:space:]>]",$tag[0],2);
112 if($allowed[$attrib[0]] != 1 && $allowed[SubStr($attrib[0],1)] != 1): // if tag isn
\14 in allowed array
113 $htmlparse = 'Zakazany tag <'.$attrib[0].'>!';
114 //$htmlparse = 'Forbidden tag <'.$attrib[0].'>!';
117 if('/'.$tags[$j] == $attrib[0]): // closing tag for last opening tag
118 if($tags[$j] == 'table' && $opened_tables > 0):
122 elseif($tags[$j] == 'xmp'): // XMP tag...ignore eny other tags between them
124 if(SubStr($attrib[0],0,1) == '/' && $unpaired[$tags[$j]]): // do I need to close the tag?
127 elseif(SubStr($attrib[0],0,1) == '/'): // am I closing something, I didn
\14 open?
128 $htmlparse = 'Chyba u tagu <'.$tag[0].'>! Zavirate tag, ktery jste neotevrel!';
129 //$htmlparse = 'Error near tag <'.$tag[0].'>! Closing tag, that wasn
\14 opened!';
131 elseif(Ereg(' on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn
\14 suicide
132 $htmlparse = 'JavaScript je na hovno!';
133 //$htmlparse = 'JavaScript sux!';
135 elseif(Ereg('/on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn
\14 suicide
136 $htmlparse = 'z bezpecnostnych dovodov nieje povolene vkladat do tagov retazec "/on"';
141 elseif(Ereg(' style',' '.$attrib[1])): // styles are forbidden - don
\14 look at me THAT way ;)
142 $htmlparse = 'Ten "style" se mi tam nezda!';
143 //$htmlparse = '"styles" are forbidden!';
146 elseif(Ereg('://',' '.$attrib[1]) && $attrib[0] != "img" && $attrib[0] != "a"): // adresses in attributes (except A and IMG tags) are forbidden
147 $htmlparse = 'Neco se mi tam nelibi! To je hlaska HTML validace - nejedna se o nejakou cenzuru ;)';
148 //$htmlparse = 'Forbidden usage of adresses in tags!';
150 elseif((SubStr_Count($attrib[1],'"')%2) > 0): // are quotes closed? can do mess if they aren
\14
151 $htmlparse = 'Neuzavrel jste uvozovky uvnitr tagu <'.$attrib[0].'>!';
152 //$htmlparse = 'Close quotes in tag <'.$tag[0].'>!';
154 elseif(Ereg('\?',$attrib[1]) && $attrib[0] == 'img'): // don
\14 allow parameters in IMG tags
155 $htmlparse = 'Chyba u tagu <img> - nejsou povoleny parametry v adrese!';
156 //$htmlparse = 'Error in tag <img> - parameters in image adresses are forbidden!';
158 elseif(($attrib[0] == 'td' || $attrib[0] == 'tr') && $opened_tables == 0):
159 $htmlparse = 'Strkej si ty tagy do vlastni tabulky, jo?';
161 elseif($attrib[0] == 'table'):
165 $tags[$j] = $attrib[0];
173 just check, if all tags are properly closed
177 if($unpaired[$tags[$j]]):
181 $htmlparse = 'Neuzavrel jste tag <'.$tags[$j].'>!';
182 //$htmlparse = 'Tag <'.$tags[$j].'> wasn
\14 closed correctly!';