1. class
  2. s9e
  3. \
  4. TextFormatter
  5. \
  6. Configurator
  7. \
  8. TemplateChecks
  9. \
  10. AbstractDynamicContentCheck

AbstractDynamicContentCheck

abstract class AbstractDynamicContentCheck extends TemplateCheck

Constants

XMLNS_XSL

XSL namespace

Properties

protected bool $ignoreUnknownAttributes

Methods

void
check(DOMElement $template, Tag $tag)

Look for improperly-filtered dynamic content

array
getNodes(DOMElement $template)

Get the nodes targeted by this check

bool
isSafe(Attribute $attribute)

Return whether an attribute is considered safe

void
detectUnknownAttributes()

Configure this template check to detect unknown attributes

void
ignoreUnknownAttributes()

Configure this template check to ignore unknown attributes

void
checkAttribute(DOMNode $node, Tag $tag, string $attrName)

Test whether a tag attribute is safe

void
checkAttributeExpression(DOMNode $node, Tag $tag, string $expr)

Test whether an attribute expression is safe

void
checkAttributeNode(DOMAttr $attribute, Tag $tag)

Test whether an attribute node is safe

void
checkContext(DOMNode $node)

Test whether a node's context can be safely assessed

void
checkCopyOfNode(DOMElement $node, Tag $tag)

Test whether an node is safe

void
checkElementNode(DOMElement $element, Tag $tag)

Test whether an element node is safe

void
checkExpression(DOMNode $node, string $expr, Tag $tag)

Test the safety of an XPath expression

void
checkNode(DOMNode $node, Tag $tag)

Test whether a node is safe

void
checkVariable(DOMNode $node, Tag $tag, string $qname)

Check whether a variable is safe in context

void
checkVariableDeclaration(DOMNode $node, Tag $tag, string $query)

Check whether a variable declaration is safe in context

void
checkSelectNode(DOMAttr $select, Tag $tag)

Test whether a select attribute of a node is safe

bool
isExpressionSafe(string $expr)

Test whether given expression is safe in context

bool
tagFiltersAttributes(Tag $tag)

Test whether given tag filters attribute values

Details

at line 50
void check(DOMElement $template, Tag $tag)

Look for improperly-filtered dynamic content

Parameters

DOMElement $template

node
Tag $tag

Tag this template belongs to

Return Value

void

at line 33
abstract protected array getNodes(DOMElement $template)

Get the nodes targeted by this check

Parameters

DOMElement $template

node

Return Value

array

Array of DOMElement instances

at line 41
abstract protected bool isSafe(Attribute $attribute)

Return whether an attribute is considered safe

Parameters

Attribute $attribute Attribute

Return Value

bool

at line 64
void detectUnknownAttributes()

Configure this template check to detect unknown attributes

Return Value

void

at line 74
void ignoreUnknownAttributes()

Configure this template check to ignore unknown attributes

Return Value

void

at line 87
protected void checkAttribute(DOMNode $node, Tag $tag, string $attrName)

Test whether a tag attribute is safe

Parameters

DOMNode $node

Context node
Tag $tag

Source tag
string $attrName

Name of the attribute

Return Value

void

at line 115
protected void checkAttributeExpression(DOMNode $node, Tag $tag, string $expr)

Test whether an attribute expression is safe

Parameters

DOMNode $node

Context node
Tag $tag

Source tag
string $expr

XPath expression that evaluates to one or multiple named attributes

Return Value

void

at line 131
protected void checkAttributeNode(DOMAttr $attribute, Tag $tag)

Test whether an attribute node is safe

Parameters

DOMAttr $attribute

Attribute node
Tag $tag

Reference tag

Return Value

void

at line 149
protected void checkContext(DOMNode $node)

Test whether a node's context can be safely assessed

Parameters

DOMNode $node

Source node

Return Value

void

at line 168
protected void checkCopyOfNode(DOMElement $node, Tag $tag)

Test whether an node is safe

Parameters

DOMElement $node

node
Tag $tag

Reference tag

Return Value

void

at line 180
protected void checkElementNode(DOMElement $element, Tag $tag)

Test whether an element node is safe

Parameters

DOMElement $element Element
Tag $tag

Reference tag

Return Value

void

at line 214
protected void checkExpression(DOMNode $node, string $expr, Tag $tag)

Test the safety of an XPath expression

Parameters

DOMNode $node

Source node
string $expr

XPath expression
Tag $tag

Source tag

Return Value

void

at line 241
protected void checkNode(DOMNode $node, Tag $tag)

Test whether a node is safe

Parameters

DOMNode $node

Source node
Tag $tag

Reference tag

Return Value

void

at line 268
protected void checkVariable(DOMNode $node, Tag $tag, string $qname)

Check whether a variable is safe in context

Parameters

DOMNode $node

Context node
Tag $tag

Source tag
string $qname

Name of the variable

Return Value

void

at line 283
protected void checkVariableDeclaration(DOMNode $node, Tag $tag, string $query)

Check whether a variable declaration is safe in context

Parameters

DOMNode $node

Context node
Tag $tag

Source tag
string $query

XPath query

Return Value

void

at line 311
protected void checkSelectNode(DOMAttr $select, Tag $tag)

Test whether a select attribute of a node is safe

Parameters

DOMAttr $select

Select attribute node
Tag $tag

Reference tag

Return Value

void

at line 322
protected bool isExpressionSafe(string $expr)

Test whether given expression is safe in context

Parameters

string $expr

XPath expression

Return Value

bool

Whether the expression is safe in context

at line 333
protected bool tagFiltersAttributes(Tag $tag)

Test whether given tag filters attribute values

Parameters

Tag $tag

Return Value

bool