1. class
  2. s9e
  3. \
  4. TextFormatter
  5. \
  6. Parser
  7. \
  8. AttributeFilters
  9. \
  10. UrlFilter

UrlFilter

class UrlFilter

Methods

static mixed
filter(mixed $attrValue, array $urlConfig, Logger|null $logger = null)

Filter a URL

static array
parseUrl(string $url)

Parse a URL and return its components

static string
rebuildUrl(array $p)

Rebuild a parsed URL

static string
sanitizeUrl(string $url)

Sanitize a URL for safe use regardless of context

static string|null
validateUrl(array $urlConfig, array $p)

Validate a parsed URL

Details

at line 22
static mixed filter(mixed $attrValue, array $urlConfig, Logger|null $logger = null)

Filter a URL

Parameters

mixed $attrValue

Original URL
array $urlConfig

URL config
Logger|null $logger

Parser's logger

Return Value

mixed

Cleaned up URL if valid, FALSE otherwise

at line 53
static protected array parseUrl(string $url)

Parse a URL and return its components

Similar to PHP's own parse_url() except that all parts are always returned

Parameters

string $url

Original URL

Return Value

array

at line 98
static protected string rebuildUrl(array $p)

Rebuild a parsed URL

Parameters

array $p

Parsed URL

Return Value

string

at line 195
static string sanitizeUrl(string $url)

Sanitize a URL for safe use regardless of context

This method URL-encodes some sensitive characters in case someone would want to use the URL in some JavaScript thingy, or in CSS. We also encode characters that are not allowed in the path of a URL as defined in RFC 3986 appendix A, including percent signs that are not immediately followed by two hex digits.

" and ' to prevent breaking out of quotes (JavaScript or otherwise) ( and ) to prevent the use of functions in JavaScript (eval()) or CSS (expression()) < and > to prevent breaking out of