File Coverage

blib/lib/HTML/StripScripts/Parser.pm

Criterion	Covered	Total	%
statement	22	22	100.0
branch	1	2	50.0
condition			n/a
subroutine	7	7	100.0
pod	2	2	100.0
total	32	33	96.9

line	stmt	bran	sub	pod	time	code
1						package HTML::StripScripts::Parser;
2	4		4		138671	use strict;
	4				9
	4				187
3
4	4		4		24	use vars qw($VERSION);
	4				6
	4				288
5						$VERSION = '1.03';
6
7						=head1 NAME
8
9						HTML::StripScripts::Parser - XSS filter using HTML::Parser
10
11						=head1 SYNOPSIS
12
13						use HTML::StripScripts::Parser();
14
15						my $hss = HTML::StripScripts::Parser->new(
16
17						{
18						Context => 'Document', ## HTML::StripScripts configuration
19						Rules => { ... },
20						},
21
22						strict_comment => 1, ## HTML::Parser options
23						strict_names => 1,
24
25						);
26
27						$hss->parse_file("foo.html");
28
29						print $hss->filtered_document;
30
31						OR
32
33						print $hss->filter_html($html);
34
35						=head1 DESCRIPTION
36
37						This class provides an easy interface to C, using
38						C to parse the HTML.
39
40						See L for details of how to customise how the raw HTML is parsed
41						into tags, and L for details of how to customise the way
42						those tags are filtered.
43
44						=cut
45
46						=head1 CONSTRUCTORS
47
48						=over
49
50						=item new ( {CONFIG}, [PARSER_OPTIONS] )
51
52						Creates a new C object.
53
54						The CONFIG parameter has the same semantics as the CONFIG
55						parameter to the C constructor.
56
57						Any PARSER_OPTIONS supplied will be passed on to the L
58						init method, allowing you to influence the way the input is parsed.
59
60						You cannot use PARSER_OPTIONS to set the C event handlers
61						(see L) since C
62						uses all of the event hooks itself.
63						However, you can use C (see L) to customise
64						the handling of all tags and attributes.
65
66						=cut
67
68	4		4		5501	use HTML::StripScripts;
	4				76355
	4				242
69	4		4		7508	use HTML::Parser;
	4				42192
	4				335
70	4		4		45	use base qw(HTML::StripScripts HTML::Parser);
	4				6
	4				1475
71
72						sub hss_init {
73	6		6	1	1886	my ( $self, $cfg, @parser_options ) = @_;
74
75	6	50			162	$self->init(
76						@parser_options,
77
78						api_version => 3,
79						start_document_h => [ 'input_start_document', 'self' ],
80						start_h => [ 'input_start', 'self,text' ],
81						end_h => [ 'input_end', 'self,text' ],
82						text_h => [ 'input_text', 'self,text' ],
83						default_h => [ 'input_text', 'self,text' ],
84						declaration_h => [ 'input_declaration', 'self,text' ],
85						comment_h => [ 'input_comment', 'self,text' ],
86						process_h => [ 'input_process', 'self,text' ],
87						end_document_h => [ 'input_end_document', 'self' ],
88
89						# workaround for http://rt.cpan.org/NoAuth/Bug.html?id=3954
90						( $HTML::Parser::VERSION =~ /^3\.(29\|30\|31)$/
91						? ( strict_comment => 1 )
92						: ()
93						),
94						);
95
96	6				1465	$self->SUPER::hss_init($cfg);
97						}
98
99						=back
100
101						=head1 METHODS
102
103						See L for input methods, L for output
104						methods.
105
106						=head2 C
107
108						C is a convenience method for filtering HTML already loaded
109						into a scalar variable. It combines calls to C,
110						C and C.
111
112						$filtered_html = $hss->filter_html($html);
113
114
115						=cut
116
117						#===================================
118						sub filter_html {
119						#===================================
120	213		213	1	100611	my ( $self, $html ) = @_;
121	213				2211	$self->parse($html);
122	213				47198	$self->eof;
123	213				19067	return $self->filtered_document;
124						}
125
126						=head1 SUBCLASSING
127
128						The C class is subclassable. Filter objects
129						are plain hashes. The hss_init() method takes the same arguments as
130						new(), and calls the initialization methods of both C
131						and C.
132
133						See L and L.
134
135						=head1 SEE ALSO
136
137						L, L, L
138
139						=head1 BUGS
140
141						None reported.
142
143						Please report any bugs or feature requests to
144						bug-html-stripscripts-parser@rt.cpan.org, or through the web interface at
145						L.
146
147
148						=head1 AUTHOR
149
150						Original author Nick Cleaton Enick@cleaton.netE
151
152						New code added and module maintained by Clinton Gormley
153						Eclint@traveljury.comE
154
155						=head1 COPYRIGHT
156
157						Copyright (C) 2003 Nick Cleaton. All Rights Reserved.
158
159						Copyright (C) 2007 Clinton Gormley. All Rights Reserved.
160
161						=head1 LICENSE
162
163						This module is free software; you can redistribute it and/or modify it
164						under the same terms as Perl itself.
165
166						=cut
167
168						1;
169