21501721037

Committed 30 Jan 2026 02:00AM UTC coverage: 91.159% (-1.3%) from 92.426%

Build Type

push

github

Committed by

Commit Message

wip

Run Details

2681 of 2941 relevant lines covered (91.16%)

0.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

47.83

/src/Texy/Configurator.php

<?php

/**
 * This file is part of the Texy! (https://texy.nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

declare(strict_types=1);

namespace Texy;

use function is_array;


/**
 * Texy basic configurators.
 *
 * <code>
 * $texy = new Texy();
 * Configurator::safeMode($texy);
 * </code>
 */
class Configurator
{
        /** @var array<string, list<string>> */
        public static array $safeTags = [
                'a' => ['href', 'title'],
                'abbr' => ['title'],
                'b' => [],
                'br' => [],
                'cite' => [],
                'code' => [],
                'em' => [],
                'i' => [],
                'strong' => [],
                'sub' => [],
                'sup' => [],
                'q' => [],
                'small' => [],
        ];


        /**
         * static class.
         */
        final public function __construct()
        {
                throw new \LogicException('Cannot instantiate static class ' . static::class);
        }


        /**
         * Configure Texy! for web comments and other usages, where input text may insert attacker.
         */
        public static function safeMode(Texy $texy): void
        {
                $texy->allowedClasses = $texy::NONE; // no class or ID are allowed
                $texy->allowedStyles = $texy::NONE; // style modifiers are disabled
                $texy->htmlGenerator->allowedTags = self::$safeTags; // only some "safe" HTML tags and attributes are allowed
                $texy->urlSchemeFilters[$texy::FILTER_ANCHOR] = '~https?:|ftp:|mailto:~A';
                $texy->urlSchemeFilters[$texy::FILTER_IMAGE] = '~https?:~A';
                $texy->allowed[Syntax::Image] = false; // disable images
                $texy->allowed[Syntax::LinkDefinition] = false; // disable [ref]: URL reference definitions
                $texy->allowed[Syntax::HtmlComment] = false; // disable HTML comments
                $texy->htmlGenerator->linkNoFollow = true; // force rel="nofollow"
        }


        /**
         * Disable all links.
         */
        public static function disableLinks(Texy $texy): void
        {
                $texy->allowed[Syntax::AutolinkEmail] = false;
                $texy->allowed[Syntax::AutolinkUrl] = false;
                $texy->allowed[Syntax::LinkDefinition] = false;
                $texy->phraseModule->linksAllowed = false;

                if (is_array($texy->htmlGenerator->allowedTags)) {
                        unset($texy->htmlGenerator->allowedTags['a']);
                } // TODO: else...
        }


        /**
         * Disable all images.
         */
        public static function disableImages(Texy $texy): void
        {
                $texy->allowed[Syntax::Image] = false;
                $texy->allowed[Syntax::Figure] = false;
                $texy->allowed[Syntax::ImageDefinition] = false;

                if (is_array($texy->htmlGenerator->allowedTags)) {
                        unset($texy->htmlGenerator->allowedTags['img'], $texy->htmlGenerator->allowedTags['object'], $texy->htmlGenerator->allowedTags['embed'], $texy->htmlGenerator->allowedTags['applet']);
                } // TODO: else...
        }
}

1	<?php
2
3	/**
4	* This file is part of the Texy! (https://texy.nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	declare(strict_types=1);
9
10	namespace Texy;
11
12	use function is_array;
13
14
15	/**
16	* Texy basic configurators.
17	*
18	* <code>
19	* $texy = new Texy();
20	* Configurator::safeMode($texy);
21	* </code>
22	*/
23	class Configurator
24	{
25	/** @var array<string, list<string>> */
26	public static array $safeTags = [
27	'a' => ['href', 'title'],
28	'abbr' => ['title'],
29	'b' => [],
30	'br' => [],
31	'cite' => [],
32	'code' => [],
33	'em' => [],
34	'i' => [],
35	'strong' => [],
36	'sub' => [],
37	'sup' => [],
38	'q' => [],
39	'small' => [],
40	];
41
42
43	/**
44	* static class.
45	*/
46	final public function __construct()
47	{
48	throw new \LogicException('Cannot instantiate static class ' . static::class);	×
49	}
50
51
52	/**
53	* Configure Texy! for web comments and other usages, where input text may insert attacker.
54	*/
55	public static function safeMode(Texy $texy): void	1✔
56	{
57	$texy->allowedClasses = $texy::NONE; // no class or ID are allowed	1✔
58	$texy->allowedStyles = $texy::NONE; // style modifiers are disabled	1✔
59	$texy->htmlGenerator->allowedTags = self::$safeTags; // only some "safe" HTML tags and attributes are allowed	1✔
60	$texy->urlSchemeFilters[$texy::FILTER_ANCHOR] = '~https?:\|ftp:\|mailto:~A';	1✔
61	$texy->urlSchemeFilters[$texy::FILTER_IMAGE] = '~https?:~A';	1✔
62	$texy->allowed[Syntax::Image] = false; // disable images	1✔
63	$texy->allowed[Syntax::LinkDefinition] = false; // disable [ref]: URL reference definitions	1✔
64	$texy->allowed[Syntax::HtmlComment] = false; // disable HTML comments	1✔
65	$texy->htmlGenerator->linkNoFollow = true; // force rel="nofollow"	1✔
66	}	1✔
67
68
69	/**
70	* Disable all links.
71	*/
72	public static function disableLinks(Texy $texy): void
73	{
74	$texy->allowed[Syntax::AutolinkEmail] = false;	×
75	$texy->allowed[Syntax::AutolinkUrl] = false;	×
76	$texy->allowed[Syntax::LinkDefinition] = false;	×
77	$texy->phraseModule->linksAllowed = false;	×
78
79	if (is_array($texy->htmlGenerator->allowedTags)) {	×
80	unset($texy->htmlGenerator->allowedTags['a']);	×
81	} // TODO: else...
82	}
83
84
85	/**
86	* Disable all images.
87	*/
88	public static function disableImages(Texy $texy): void
89	{
90	$texy->allowed[Syntax::Image] = false;	×
91	$texy->allowed[Syntax::Figure] = false;	×
92	$texy->allowed[Syntax::ImageDefinition] = false;	×
93
94	if (is_array($texy->htmlGenerator->allowedTags)) {	×
95	unset($texy->htmlGenerator->allowedTags['img'], $texy->htmlGenerator->allowedTags['object'], $texy->htmlGenerator->allowedTags['embed'], $texy->htmlGenerator->allowedTags['applet']);	×
96	} // TODO: else...
97	}
98	}

dg / texy / 21501721037

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous