File Coverage

blib/lib/Template/Plugin/Filter/HTMLScrubber.pm

Criterion	Covered	Total	%
statement	46	52	88.4
branch	8	14	57.1
condition	3	6	50.0
subroutine	8	8	100.0
pod	2	2	100.0
total	67	82	81.7

line	stmt	bran	cond	sub	pod	time	code
1							package Template::Plugin::Filter::HTMLScrubber;
2
3	3			3		6985	use strict;
	3					11
	3					163
4	3			3		22	use warnings;
	3					9
	3					196
5
6							our $VERSION = '0.03';
7
8	3			3		12882	use Template::Plugin::Filter;
	3					2965
	3					185
9	3			3		31	use base qw( Template::Plugin::Filter );
	3					11
	3					24
10
11	3			3		24	use Carp;
	3					6
	3					414
12	3			3		4443	use HTML::Scrubber;
	3					59606
	3					2247
13
14							sub init {
15	3			3	1	52804	my ( $self, @args ) = @_;
16
17	3	50				17	my $config = ( ref $args[-1] eq 'HASH' ) ? pop @args : {};
18	3					8	my $_scrubber_map = {};
19
20	3	50				13	unless ( defined $config->{base} ) {
21
22							# do default setting
23	3					169	$_scrubber_map = {
24							base => {
25							allow => [qw\| br hr b a u del i \|],
26							rules => [
27							script => 0,
28							span => {
29							style => qr{^(?!(?:java)?script)}i,
30							class => qr{^(?!(?:java)?script)}i,
31							'*' => 0,
32							},
33							img => {
34							src => qr{^(?!(?:java)?script)}i,
35							alt => qr{^(?!(?:java)?script)}i,
36							title => qr{^(?!(?:java)?script)}i,
37							class => qr{^(?!(?:java)?script)}i,
38							'*' => 0,
39							},
40							],
41							default => [
42							0 => {
43							'*' => 1,
44							'href' => qr{^(?!(?:java)?script)}i,
45							'src' => qr{^(?!(?:java)?script)}i,
46							'cite' => '(?i-xsm:^(?!(?:java)?script))',
47							'language' => 1,
48							'name' => 1,
49							'onblur' => 0,
50							'onchange' => 0,
51							'onclick' => 0,
52							'ondblclick' => 0,
53							'onerror' => 0,
54							'onfocus' => 0,
55							'onkeydown' => 0,
56							'onkeypress' => 0,
57							'onkeyup' => 0,
58							'onload' => 0,
59							'onmousedown' => 0,
60							'onmousemove' => 0,
61							'onmouseout' => 0,
62							'onmouseover' => 0,
63							'onmouseup' => 0,
64							'onreset' => 0,
65							'onselect' => 0,
66							'onsubmit' => 0,
67							'onunload' => 0,
68							'src' => 0,
69							'type' => 0,
70							}
71							],
72							comment => 1,
73							process => 0,
74							}
75							};
76							}
77							else {
78	0					0	foreach my $type ( keys %$config ) {
79	0					0	$_scrubber_map->{$type} = $config->{$type};
80							}
81							}
82
83	3					31	$_scrubber_map->{$_} = HTML::Scrubber->new( %{ $_scrubber_map->{$_} } )
84	3					19	foreach ( keys %$_scrubber_map );
85
86	3					743	$self->{_DYNAMIC} = 1;
87	3					8	$self->{_SCRUBBER_MAP} = $_scrubber_map;
88
89	3					33	$self->install_filter('html_scrubber');
90
91	3					143	return $self;
92							}
93
94							sub filter {
95	3			3	1	276	my ( $self, $text, $params ) = @_;
96
97	3					7	my $level;
98	3					7	my $attr = [];
99
100	3	50	33			43	if ( $params->[1] and ( ref $params->[1] eq 'ARRAY' ) ) {
		100	66
		50
101	0					0	$attr = $params->[1];
102	0					0	$level = $params->[0];
103							}
104							elsif ( $params->[0] and ( ref $params->[0] eq 'ARRAY' ) ) {
105	1					2	$attr = $params->[0];
106	1					4	$level = 'base';
107							}
108							elsif ( $params->[0] ) {
109	0					0	$level = $params->[0];
110							}
111							else {
112	2					4	$level = 'base';
113							}
114
115	3					9	my @allow_tags = ();
116	3					6	my @deny_tags = ();
117
118	3					10	foreach (@$attr) {
119	1	50				12	if ( $_ =~ m/^\+([0-9a-zA-Z]+)/ ) { push @allow_tags, $1 }
	0	50				0
120	1					6	elsif ( $_ =~ m/^\-([0-9a-zA-Z]+)/ ) { push @deny_tags, $1 }
121							}
122
123	3					9	my $scrubber = $self->{_SCRUBBER_MAP}->{$level};
124	3					12	$scrubber->allow(@allow_tags);
125	3					31	$scrubber->deny(@deny_tags);
126
127	3					37	my $result = $scrubber->scrub($text);
128
129	3					653	return $result;
130							}
131
132							1;
133
134							__END__
135
136							=head1 NAME
137
138							Template::Plugin::Filter::HTMLScrubber - Filter Plugin for using HTML::Scrubber in Template , and some additional function;
139
140							=head1 VERSION
141
142							0.03
143
144							=head1 SYNOPSIS
145
146							[% USE Filter.HTMLScrubber %]
147							[% html_text \| html_scrubber %]
148							[% html_text \| html_scrubber(['-img']) %]
149
150							=head1 DESCRIPTION
151
152							This plugin provides an HTML::Scrubber::scrub method to Template Toolkit Filter ,
153							and enables to specify the scrub level and tags at every parts.
154
155							The default usage.
156
157							my $html_text = q[
158							<img src="http://your.favorite.photo.jpg" />
159							<hr>
160							<script>alert('NyanPome!')</script>
161							];
162
163							[% USE Filter.HTMLScrubber %]
164							[% html_text \| html_scrubber %]
165
166							Another function of this plugin module enable you to specify allow/deny tags at every part.
167
168							#deny 'img' tag from default scrub level.
169							[% html_text_deny_image \| html_scrubber(['-img']) %]
170
171							#allow 'script' and 'style' tags to default scrub level.
172							[% html_text_loose \| html_scrubber(['+script' , '+style']) %]
173
174							You can setup the scrubbed tags, then should set "base" config.
175
176							my $setup = {
177							base => {
178							allow => [qw\| br hr b a u del i \|],
179							rules => [
180							script => 0,
181							span => {
182							style => qr{^(?!(?:java)?script)}i,
183							class => qr{^(?!(?:java)?script)}i,
184							'*' => 0,
185							},
186							img => {
187							src => qr{^(?!(?:java)?script)}i,
188							alt => qr{^(?!(?:java)?script)}i,
189							title => qr{^(?!(?:java)?script)}i,
190							class => qr{^(?!(?:java)?script)}i,
191							'*' => 0,
192							},
193							],
194							default => [
195							0 => {
196							'*' => 1,
197							'href' => qr{^(?!(?:java)?script)}i,
198							'src' => qr{^(?!(?:java)?script)}i,
199							}
200							],
201							}
202							};
203
204							[% USE Filter.HTMLScrubber setup %]
205							[% html_text \| html_scrubber %]
206
207							Furthermore, you can specify various level of scrubbing.
208							When you call html_scrubber,you code the level.
209
210							my $setup = {
211							base => .....,
212							strict => .....
213							loose => .....
214							};
215
216							[% USE Filter.HTMLScrubber setup %]
217							[% html_text1 \| html_scrubber('strict') %]
218							[% html_text2 \| html_scrubber('loose',['-img']) %]
219
220							=head1 METHODS
221
222							=head2 init
223
224							Overrided method.
225							See more detail L<Template::Plugin::Filter>
226
227							=head2 filter
228
229							Overrided method.
230							See more detail L<Template::Plugin::Filter>
231
232							=head1 CONFIGURATION AND ENVIRONMENT
233
234							Template::Plugin::Filter::HTMLScrubber requires no configuration files or environment variables.
235
236							=head1 BUGS AND LIMITATIONS
237
238							No bugs have been reported.
239
240							Please report any bugs or feature requests to
241							C<bug-template-plugin-filter-htmlscrubber@rt.cpan.org>, or through the web interface at
242							L<http://rt.cpan.org>.
243
244							=head1 SEE ALSO
245
246							L<HTML::Scrubber>, L<HTML::Plugin::Filter>
247
248							=cut
249
250							=head1 AUTHOR
251
252							Yu Isobe C<< <yupug at cpan.org> >>
253
254							=head1 THANKS
255
256							Toru Yamaguchi
257
258							=head1 LICENCE AND COPYRIGHT
259
260							Copyright (c) 2006, Yu Isobe C<< <yupug at cpan.org> >>. All rights reserved.
261
262							This module is free software; you can redistribute it and/or
263							modify it under the same terms as Perl itself. See L<perlartistic>.
264
265