22262497275

Committed 21 Feb 2026 07:01PM UTC coverage: 93.057% (+0.7%) from 92.367%

Build Type

push

github

Committed by

Commit Message

added CLAUDE.md

Coverage Stats

2426 of 2607 relevant lines covered (93.06%)

0.93 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

45.83

/src/Texy/Configurator.php

<?php declare(strict_types=1);

/**
 * This file is part of the Texy! (https://texy.nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

namespace Texy;

use function is_array;


/**
 * Texy basic configurators.
 *
 * <code>
 * $texy = new Texy();
 * Configurator::safeMode($texy);
 * </code>
 */
class Configurator
{
        /** @var array<string, list<string>> */
        public static array $safeTags = [
                'a' => ['href', 'title'],
                'abbr' => ['title'],
                'b' => [],
                'br' => [],
                'cite' => [],
                'code' => [],
                'em' => [],
                'i' => [],
                'strong' => [],
                'sub' => [],
                'sup' => [],
                'q' => [],
                'small' => [],
        ];


        /**
         * static class.
         */
        final public function __construct()
        {
                throw new \LogicException('Cannot instantiate static class ' . static::class);
        }


        /**
         * Configure Texy! for web comments and other usages, where input text may insert attacker.
         */
        public static function safeMode(Texy $texy): void
        {
                $texy->allowedClasses = $texy::NONE; // no class or ID are allowed
                $texy->allowedStyles = $texy::NONE; // style modifiers are disabled
                $texy->allowedTags = self::$safeTags; // only some "safe" HTML tags and attributes are allowed
                $texy->urlSchemeFilters[$texy::FILTER_ANCHOR] = '#https?:|ftp:|mailto:#A';
                $texy->urlSchemeFilters[$texy::FILTER_IMAGE] = '#https?:#A';
                $texy->allowed['image'] = false; // disable images
                $texy->allowed['link/definition'] = false; // disable [ref]: URL reference definitions
                $texy->allowed['html/comment'] = false; // disable HTML comments
                $texy->linkModule->forceNoFollow = true; // force rel="nofollow"
        }


        /**
         * Disable all links.
         */
        public static function disableLinks(Texy $texy): void
        {
                $texy->allowed['link/reference'] = false;
                $texy->allowed['link/email'] = false;
                $texy->allowed['link/url'] = false;
                $texy->allowed['link/definition'] = false;
                $texy->phraseModule->linksAllowed = false;

                if (is_array($texy->allowedTags)) {
                        unset($texy->allowedTags['a']);
                } // TODO: else...
        }


        /**
         * Disable all images.
         */
        public static function disableImages(Texy $texy): void
        {
                $texy->allowed['image'] = false;
                $texy->allowed['figure'] = false;
                $texy->allowed['image/definition'] = false;

                if (is_array($texy->allowedTags)) {
                        unset($texy->allowedTags['img'], $texy->allowedTags['object'], $texy->allowedTags['embed'], $texy->allowedTags['applet']);
                } // TODO: else...
        }
}

1	<?php declare(strict_types=1);
2
3	/**
4	* This file is part of the Texy! (https://texy.nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	namespace Texy;
9
10	use function is_array;
11
12
13	/**
14	* Texy basic configurators.
15	*
16	* <code>
17	* $texy = new Texy();
18	* Configurator::safeMode($texy);
19	* </code>
20	*/
21	class Configurator
22	{
23	/** @var array<string, list<string>> */
24	public static array $safeTags = [
25	'a' => ['href', 'title'],
26	'abbr' => ['title'],
27	'b' => [],
28	'br' => [],
29	'cite' => [],
30	'code' => [],
31	'em' => [],
32	'i' => [],
33	'strong' => [],
34	'sub' => [],
35	'sup' => [],
36	'q' => [],
37	'small' => [],
38	];
39
40
41	/**
42	* static class.
43	*/
44	final public function __construct()
45	{
46	throw new \LogicException('Cannot instantiate static class ' . static::class);	×
47	}
48
49
50	/**
51	* Configure Texy! for web comments and other usages, where input text may insert attacker.
52	*/
53	public static function safeMode(Texy $texy): void	1✔
54	{
55	$texy->allowedClasses = $texy::NONE; // no class or ID are allowed	1✔
56	$texy->allowedStyles = $texy::NONE; // style modifiers are disabled	1✔
57	$texy->allowedTags = self::$safeTags; // only some "safe" HTML tags and attributes are allowed	1✔
58	$texy->urlSchemeFilters[$texy::FILTER_ANCHOR] = '#https?:\|ftp:\|mailto:#A';	1✔
59	$texy->urlSchemeFilters[$texy::FILTER_IMAGE] = '#https?:#A';	1✔
60	$texy->allowed['image'] = false; // disable images	1✔
61	$texy->allowed['link/definition'] = false; // disable [ref]: URL reference definitions	1✔
62	$texy->allowed['html/comment'] = false; // disable HTML comments	1✔
63	$texy->linkModule->forceNoFollow = true; // force rel="nofollow"	1✔
64	}	1✔
65
66
67	/**
68	* Disable all links.
69	*/
70	public static function disableLinks(Texy $texy): void
71	{
72	$texy->allowed['link/reference'] = false;	×
73	$texy->allowed['link/email'] = false;	×
74	$texy->allowed['link/url'] = false;	×
75	$texy->allowed['link/definition'] = false;	×
76	$texy->phraseModule->linksAllowed = false;	×
77
78	if (is_array($texy->allowedTags)) {	×
79	unset($texy->allowedTags['a']);	×
80	} // TODO: else...
81	}
82
83
84	/**
85	* Disable all images.
86	*/
87	public static function disableImages(Texy $texy): void
88	{
89	$texy->allowed['image'] = false;	×
90	$texy->allowed['figure'] = false;	×
91	$texy->allowed['image/definition'] = false;	×
92
93	if (is_array($texy->allowedTags)) {	×
94	unset($texy->allowedTags['img'], $texy->allowedTags['object'], $texy->allowedTags['embed'], $texy->allowedTags['applet']);	×
95	} // TODO: else...
96	}
97	}

dg / texy / 22262497275

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous