DisallowUnsafeDynamicJS
class DisallowUnsafeDynamicJS extends AbstractDynamicContentCheck
Constants
XMLNS_XSL |
XSL namespace |
Properties
protected bool | $ignoreUnknownAttributes | from AbstractDynamicContentCheck |
Methods
Configure this template check to detect unknown attributes
Configure this template check to ignore unknown attributes
Test whether an attribute expression is safe
Check whether a variable declaration is safe in context
Test whether given expression is safe in context
Details
in
AbstractDynamicContentCheck at line 50
void
check(DOMElement $template, Tag $tag)
Look for improperly-filtered dynamic content
at line 20
protected array
getNodes(DOMElement $template)
Get the nodes targeted by this check
at line 36
protected bool
isSafe(Attribute $attribute)
Return whether an attribute is considered safe
in
AbstractDynamicContentCheck at line 64
void
detectUnknownAttributes()
Configure this template check to detect unknown attributes
in
AbstractDynamicContentCheck at line 74
void
ignoreUnknownAttributes()
Configure this template check to ignore unknown attributes
in
AbstractDynamicContentCheck at line 87
protected void
checkAttribute(DOMNode $node, Tag $tag, string $attrName)
Test whether a tag attribute is safe
in
AbstractDynamicContentCheck at line 115
protected void
checkAttributeExpression(DOMNode $node, Tag $tag, string $expr)
Test whether an attribute expression is safe
in
AbstractDynamicContentCheck at line 131
protected void
checkAttributeNode(DOMAttr $attribute, Tag $tag)
Test whether an attribute node is safe
in
AbstractDynamicContentCheck at line 149
protected void
checkContext(DOMNode $node)
Test whether a node's context can be safely assessed
in
AbstractDynamicContentCheck at line 168
protected void
checkCopyOfNode(DOMElement $node, Tag $tag)
Test whether an
in
AbstractDynamicContentCheck at line 180
protected void
checkElementNode(DOMElement $element, Tag $tag)
Test whether an element node is safe
in
AbstractDynamicContentCheck at line 214
protected void
checkExpression(DOMNode $node, string $expr, Tag $tag)
Test the safety of an XPath expression
in
AbstractDynamicContentCheck at line 241
protected void
checkNode(DOMNode $node, Tag $tag)
Test whether a node is safe
in
AbstractDynamicContentCheck at line 268
protected void
checkVariable(DOMNode $node, Tag $tag, string $qname)
Check whether a variable is safe in context
in
AbstractDynamicContentCheck at line 283
protected void
checkVariableDeclaration(DOMNode $node, Tag $tag, string $query)
Check whether a variable declaration is safe in context
in
AbstractDynamicContentCheck at line 311
protected void
checkSelectNode(DOMAttr $select, Tag $tag)
Test whether a select attribute of a node is safe
at line 28
protected bool
isExpressionSafe(string $expr)
Test whether given expression is safe in context
in
AbstractDynamicContentCheck at line 333
protected bool
tagFiltersAttributes(Tag $tag)
Test whether given tag filters attribute values