addFilter('Callback', [[$this, 'filterHtml']]); } public function filterHtml($html) { /** * ั„ั–ะบั XSS (http://www.exploit-db.com/exploits/25493/) */ if ($html && false !== stripos($html, ']+\>.*<\s*\/iframe\s*>/imU', $html, $matches)) { $matches = reset($matches); $matches = array_unique($matches); foreach ($matches as $match) { $decoded = rawurldecode($match); if (false !== stripos($decoded, 'setScriptOption('width', $width); return $this; } public function getWidth() { return $this->getScriptOption('width'); } public function setHeight($height) { $this->setScriptOption('height', $height); return $this; } public function getHeight() { return $this->getScriptOption('height'); } public function setMode($mode) { $this->_mode = $mode; return $this; } public function getMode() { if (null === $this->_mode) { $this->_mode = Qs_Form_Element_HtmlEditor::$_defaultMode; } return $this->_mode; } /** * Set list of placeholders that will be shown in editors footer and take part in validation * @param array $placeholders * @return $this */ public function setTemplatePlaceholders(array $placeholders) { $this->setScriptOption('templatePlaceholders', $placeholders); return $this; } public function setEditorDecorator($name) { $this->_editorDecorator = $name; return $this; } public function getEditorDecorator() { return $this->_editorDecorator; } public function setBodyClass($class) { $this->setScriptOption('bodyClass', $class); return $this; } public function setToolbar($name) { $this->setScriptOption('toolbar', $name); return $this; } public function getToolbar() { return $this->getScriptOption('toolbar'); } public function setHasMsWordNote($value) { $this->_hasMsWordNote = (bool) $value; } public function getHasMsWordNote() { return $this->_hasMsWordNote; } public function loadDefaultDecorators() { if ($this->loadDefaultDecoratorsIsDisabled()) { return; } $decorators = $this->getDecorators(); if (empty($decorators)) { $this->addDecorator('ViewHelper') ->addDecorator($this->getEditorDecorator()) ->addDecorator('Errors') ->addDecorator('Description', ['tag' => 'p', 'class' => 'description']) ->addDecorator('HtmlTag', ['tag' => 'dd', 'id' => $this->getName() . '-element']) ->addDecorator('Label', ['tag' => 'dt']); } } public function setScriptOptions($options) { $this->_scriptOptions = array_merge($this->_scriptOptions, $options); return $this; } public function getScriptOptions() { if (!isset($this->_scriptOptions['toolbar'])) { $this->_scriptOptions['toolbar'] = Qs_Form_Element_HtmlEditor::$_defaultToolbar; } if (!isset($this->_scriptOptions['height'])) { $this->_scriptOptions['height'] = Qs_Form_Element_HtmlEditor::$_defaultHeight; } return $this->_scriptOptions; } public function setScriptOption($name, $value) { $this->_scriptOptions[$name] = $value; return $this; } public function getScriptOption($name) { return Qs_Array::get($this->_scriptOptions, $name); } }