22262589061

Committed 21 Feb 2026 07:04PM UTC coverage: 92.991% (+1.8%) from 91.178%

Build Type

push

github

Committed by

Commit Message

LinkModule: deprecated label and modifiers in link definitions

Coverage Stats

3 of 3 new or added lines in 1 file covered. (100.0%)

126 existing lines in 22 files now uncovered.

2083 of 2240 relevant lines covered (92.99%)

0.93 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

47.83

/src/Texy/Configurator.php

<?php declare(strict_types=1);

/**
 * This file is part of the Texy! (https://texy.nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

namespace Texy;

use function is_array;


/**
 * Texy basic configurators.
 *
 * <code>
 * $texy = new Texy();
 * Configurator::safeMode($texy);
 * </code>
 */
class Configurator
{
        /** @var array<string, list<string>> */
        public static array $safeTags = [
                'a' => ['href', 'title'],
                'abbr' => ['title'],
                'b' => [],
                'br' => [],
                'cite' => [],
                'code' => [],
                'em' => [],
                'i' => [],
                'strong' => [],
                'sub' => [],
                'sup' => [],
                'q' => [],
                'small' => [],
        ];


        /**
         * static class.
         */
        final public function __construct()
        {
                throw new \LogicException('Cannot instantiate static class ' . static::class);
        }


        /**
         * Configure Texy! for web comments and other usages, where input text may insert attacker.
         */
        public static function safeMode(Texy $texy): void
        {
                $texy->allowedClasses = $texy::NONE; // no class or ID are allowed
                $texy->allowedStyles = $texy::NONE; // style modifiers are disabled
                $texy->allowedTags = self::$safeTags; // only some "safe" HTML tags and attributes are allowed
                $texy->urlSchemeFilters[$texy::FILTER_ANCHOR] = '~https?:|ftp:|mailto:~A';
                $texy->urlSchemeFilters[$texy::FILTER_IMAGE] = '~https?:~A';
                $texy->allowed['image'] = false; // disable images
                $texy->allowed['link/definition'] = false; // disable [ref]: URL reference definitions
                $texy->allowed['html/comment'] = false; // disable HTML comments
                $texy->linkModule->forceNoFollow = true; // force rel="nofollow"
        }


        /**
         * Disable all links.
         */
        public static function disableLinks(Texy $texy): void
        {
                $texy->allowed['link/email'] = false;
                $texy->allowed['link/url'] = false;
                $texy->allowed['link/definition'] = false;
                $texy->phraseModule->linksAllowed = false;

                if (is_array($texy->allowedTags)) {
                        unset($texy->allowedTags['a']);
                } // TODO: else...
        }


        /**
         * Disable all images.
         */
        public static function disableImages(Texy $texy): void
        {
                $texy->allowed['image'] = false;
                $texy->allowed['figure'] = false;
                $texy->allowed['image/definition'] = false;

                if (is_array($texy->allowedTags)) {
                        unset($texy->allowedTags['img'], $texy->allowedTags['object'], $texy->allowedTags['embed'], $texy->allowedTags['applet']);
                } // TODO: else...
        }
}

1	<?php declare(strict_types=1);
2
3	/**
4	* This file is part of the Texy! (https://texy.nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	namespace Texy;
9
10	use function is_array;
11
12
13	/**
14	* Texy basic configurators.
15	*
16	* <code>
17	* $texy = new Texy();
18	* Configurator::safeMode($texy);
19	* </code>
20	*/
21	class Configurator
22	{
23	/** @var array<string, list<string>> */
24	public static array $safeTags = [
25	'a' => ['href', 'title'],
26	'abbr' => ['title'],
27	'b' => [],
28	'br' => [],
29	'cite' => [],
30	'code' => [],
31	'em' => [],
32	'i' => [],
33	'strong' => [],
34	'sub' => [],
35	'sup' => [],
36	'q' => [],
37	'small' => [],
38	];
39
40
41	/**
42	* static class.
43	*/
44	final public function __construct()
45	{
UNCOV 46	throw new \LogicException('Cannot instantiate static class ' . static::class);	×
47	}
48
49
50	/**
51	* Configure Texy! for web comments and other usages, where input text may insert attacker.
52	*/
53	public static function safeMode(Texy $texy): void	1✔
54	{
55	$texy->allowedClasses = $texy::NONE; // no class or ID are allowed	1✔
56	$texy->allowedStyles = $texy::NONE; // style modifiers are disabled	1✔
57	$texy->allowedTags = self::$safeTags; // only some "safe" HTML tags and attributes are allowed	1✔
58	$texy->urlSchemeFilters[$texy::FILTER_ANCHOR] = '~https?:\|ftp:\|mailto:~A';	1✔
59	$texy->urlSchemeFilters[$texy::FILTER_IMAGE] = '~https?:~A';	1✔
60	$texy->allowed['image'] = false; // disable images	1✔
61	$texy->allowed['link/definition'] = false; // disable [ref]: URL reference definitions	1✔
62	$texy->allowed['html/comment'] = false; // disable HTML comments	1✔
63	$texy->linkModule->forceNoFollow = true; // force rel="nofollow"	1✔
64	}	1✔
65
66
67	/**
68	* Disable all links.
69	*/
70	public static function disableLinks(Texy $texy): void
71	{
UNCOV 72	$texy->allowed['link/email'] = false;	×
UNCOV 73	$texy->allowed['link/url'] = false;	×
74	$texy->allowed['link/definition'] = false;	×
75	$texy->phraseModule->linksAllowed = false;	×
76
77	if (is_array($texy->allowedTags)) {	×
UNCOV 78	unset($texy->allowedTags['a']);	×
79	} // TODO: else...
80	}
81
82
83	/**
84	* Disable all images.
85	*/
86	public static function disableImages(Texy $texy): void
87	{
UNCOV 88	$texy->allowed['image'] = false;	×
UNCOV 89	$texy->allowed['figure'] = false;	×
90	$texy->allowed['image/definition'] = false;	×
91
92	if (is_array($texy->allowedTags)) {	×
UNCOV 93	unset($texy->allowedTags['img'], $texy->allowedTags['object'], $texy->allowedTags['embed'], $texy->allowedTags['applet']);	×
94	} // TODO: else...
95	}
96	}

dg / texy / 22262589061

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous