\JFilterInput

JFilterInput is a class for filtering input from any data source

Forked from the php input filter library by: Daniel Morris <dan@rootcube.com>
Original Contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.

Synopsis

class JFilterInput {

• // members
• protected  $instances;
• public  $tagsArray;
• public  $attrArray;
• public  $tagsMethod;
• public  $attrMethod;
• public  $xssAuto;
• public  $tagBlacklist;
• public  $attrBlacklist;
• // methods
• public void __construct()
• public static JFilterInput getInstance()
• public mixed clean()
• public static boolean checkAttribute()
• protected string _remove()
• protected string _cleanTags()
• protected array _cleanAttributes()
• protected string _decode()
• protected string _escapeAttributeValues()
• protected string _stripCSSExpressions()
}


Members

protected

• $instances — array
  A container for JFilterInput instances.

public

• $attrArray — array
  The array of permitted tag attributes (white list).
• $attrBlacklist — array
  The list of the default blacklisted tag attributes. All event handlers implicit.
• $attrMethod — integer
  The method for sanitising attributes: WhiteList method = 0 (default), BlackList method = 1
• $tagBlacklist — array
  The list of the default blacklisted tags.
• $tagsArray — array
  The array of permitted tags (white list).
• $tagsMethod — integer
  The method for sanitising tags: WhiteList method = 0 (default), BlackList method = 1
• $xssAuto — integer
  A flag for XSS checks. Only auto clean essentials = 0, Allow clean blacklisted tags/attr = 1

Methods

protected

• _cleanAttributes() — Internal method to strip a tag of certain attributes
• _cleanTags() — Internal method to strip a string of certain tags
• _decode() — Try to convert to plaintext
• _escapeAttributeValues() — Escape < > and " inside attribute values
• _remove() — Internal method to iteratively remove all unwanted tags and attributes
• _stripCSSExpressions() — Remove CSS Expressions in the form of <property>:expression(...)

public

• __construct() — Constructor for inputFilter class. Only first parameter is required.
• checkAttribute() — Function to determine if contents of an attribute are safe
• clean() — Method to be called by another php script. Processes for XSS and specified bad code.
• getInstance() — Returns an input filter object, only creating it if it doesn't already exist.