3

有人可以指出我需要什么来允许这样的锚标记通过 htmlpurifier,不受影响?:

<a href="callto:+1-800-555-1212" class="callUsBtn" style="">...</a>

用我的配置。设置,该callto:...值不被识别为允许,因此整个href属性被剥离。我想我需要覆盖值的类型(<-- 或者叫什么?)href,从URICDATA(?),但不知道如何。我希望有一种比这里找到的方向更快/更简单的方法:http: //htmlpurifier.org/docs/enduser-customize.html(即使这样会导致解决方案?)。

4

2 回答 2

4

感谢爱德华的回答,我得到了它的工作。

试试这个:

在你相当于这里:
/htmlpurifier-4_4_0/library/HTMLPurifier/URIScheme/

添加一个名为:callto.php
...包含以下内容的文件:

<?php

// replicated this class/file from '../htmlpurifier-4_4_0/library/HTMLPurifier/URIScheme/mailto.php'

// VERY RELAXED! Shouldn't cause problems, ... but be careful!

/**
 * Validates 'callto:' phone number in URI to included only alphanumeric, hyphens, underscore, and optional leading "+"
 */

class HTMLPurifier_URIScheme_callto extends HTMLPurifier_URIScheme {

    public $browsable = false;
    public $may_omit_host = true;

    public function doValidate(&$uri, $config, $context) {
        $uri->userinfo = null;
        $uri->host     = null;
        $uri->port     = null;

        /* notes:
            where is the actual phone # parked?  Answer in $uri->path.  See here:

            echo '<pre style="color:pink;">';
            var_dump($uri);
            echo '</pre>';

            object(HTMLPurifier_URI)#490 (7) {
              ["scheme"]=>
              string(6) "callto"
              ["userinfo"]=>
              NULL
              ["host"]=>
              NULL
              ["port"]=>
              NULL
              ["path"]=>
              string(15) "+1-800-555-1212"
              ["query"]=>
              NULL
              ["fragment"]=>
              NULL
            }
        */

        // are the characters in the submitted <a> href's (URI) value (callto:)  from amongst a legal/allowed set?
            // my legal phone # chars:  alphanumeric, underscore, hyphen, optional "+" for the first character.  That's it.  But you can allow whatever you want.  Just change this:
            $validCalltoPhoneNumberPattern = '/^\+?[a-zA-Z0-9_-]+$/i'; // <---whatever pattern you want to force phone numbers to match
            $proposedPhoneNumber = $uri->path;
            if (preg_match($validCalltoPhoneNumberPattern, $proposedPhoneNumber) !== 1) {
                // submitted phone # inside the href attribute value looks bad; reject the phone number, and let HTMLpurifier remove the whole href attribute on the submitted <a> tag.
                return FALSE;
            } else {
                // submitted phone # inside the href attribute value looks OK; accept the phone number; HTMLpurifier should NOT strip the href attribute on the submitted <a> tag.
                return TRUE;
            }
    }

}

...并且不要忘记更新您的 HTMLpurifier 配置。从默认值开始,包括以下内容:

$config->set('URI.AllowedSchemes', array ('http' => true, 'https' => true, 'mailto' => true, 'ftp' => true, 'nntp' => true, 'news' => true, 'callto' => true,));
于 2012-05-06T00:30:18.887 回答
2

您需要实施一个新的HTMLPurifier_URIScheme. 中有大量示例library/HTMLPurifier/URIScheme,使用常规配置很容易添加自定义 URI 方案。

于 2012-05-05T08:19:37.557 回答