DisallowUnsafeDynamicURL
class DisallowUnsafeDynamicURL extends AbstractDynamicContentCheck
This primary use of this check is to ensure that dynamic content cannot be used to create javascript: links
Constants
XMLNS_XSL |
XSL namespace |
Properties
protected bool | $ignoreUnknownAttributes | from AbstractDynamicContentCheck | |
protected string | $safeUrlRegexp |
Methods
Configure this template check to detect unknown attributes
Configure this template check to ignore unknown attributes
Test whether an attribute expression is safe
Check whether a variable declaration is safe in context
Test whether given expression is safe in context
Test whether every branch of a given xsl:choose element contains a known-safe URL
Test whether given URL is known to be safe
Details
in
AbstractDynamicContentCheck at line 50
void
check(DOMElement $template, Tag $tag)
Look for improperly-filtered dynamic content
at line 33
protected array
getNodes(DOMElement $template)
Get the nodes targeted by this check
at line 41
protected bool
isSafe(Attribute $attribute)
Return whether an attribute is considered safe
in
AbstractDynamicContentCheck at line 64
void
detectUnknownAttributes()
Configure this template check to detect unknown attributes
in
AbstractDynamicContentCheck at line 74
void
ignoreUnknownAttributes()
Configure this template check to ignore unknown attributes
in
AbstractDynamicContentCheck at line 87
protected void
checkAttribute(DOMNode $node, Tag $tag, string $attrName)
Test whether a tag attribute is safe
in
AbstractDynamicContentCheck at line 115
protected void
checkAttributeExpression(DOMNode $node, Tag $tag, string $expr)
Test whether an attribute expression is safe
at line 49
protected void
checkAttributeNode(DOMAttr $attribute, Tag $tag)
Test whether an attribute node is safe
in
AbstractDynamicContentCheck at line 149
protected void
checkContext(DOMNode $node)
Test whether a node's context can be safely assessed
in
AbstractDynamicContentCheck at line 168
protected void
checkCopyOfNode(DOMElement $node, Tag $tag)
Test whether an
at line 60
protected void
checkElementNode(DOMElement $element, Tag $tag)
Test whether an element node is safe
in
AbstractDynamicContentCheck at line 214
protected void
checkExpression(DOMNode $node, string $expr, Tag $tag)
Test the safety of an XPath expression
in
AbstractDynamicContentCheck at line 241
protected void
checkNode(DOMNode $node, Tag $tag)
Test whether a node is safe
in
AbstractDynamicContentCheck at line 268
protected void
checkVariable(DOMNode $node, Tag $tag, string $qname)
Check whether a variable is safe in context
in
AbstractDynamicContentCheck at line 283
protected void
checkVariableDeclaration(DOMNode $node, Tag $tag, string $query)
Check whether a variable declaration is safe in context
in
AbstractDynamicContentCheck at line 311
protected void
checkSelectNode(DOMAttr $select, Tag $tag)
Test whether a select attribute of a node is safe
in
AbstractDynamicContentCheck at line 322
protected bool
isExpressionSafe(string $expr)
Test whether given expression is safe in context
in
AbstractDynamicContentCheck at line 333
protected bool
tagFiltersAttributes(Tag $tag)
Test whether given tag filters attribute values
at line 74
protected bool
chooseHasSafeUrl(DOMElement $choose)
Test whether every branch of a given xsl:choose element contains a known-safe URL
at line 99
protected bool
elementHasSafeUrl(DOMElement $element)
Test whether given element contains a known-safe URL
at line 115
protected bool
isSafeUrl(string $url)
Test whether given URL is known to be safe