*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace HtmlSanitizer\Extension\Basic\Sanitizer;
use HtmlSanitizer\Sanitizer\UrlSanitizerTrait;
/**
* @internal
*/
class AHrefSanitizer
{
use UrlSanitizerTrait;
private $allowedSchemes;
private $allowedHosts;
private $allowMailTo;
private $allowRelativeLinks;
private $forceHttps;
public function __construct(array $allowedSchemes, ?array $allowedHosts, bool $allowMailTo, bool $allowRelativeLinks, bool $forceHttps)
{
$this->allowedSchemes = $allowedSchemes;
$this->allowedHosts = $allowedHosts;
$this->allowMailTo = $allowMailTo;
$this->allowRelativeLinks = $allowRelativeLinks;
$this->forceHttps = $forceHttps;
}
public function sanitize(?string $input): ?string
{
$allowedSchemes = $this->allowedSchemes;
$allowedHosts = $this->allowedHosts;
if ($this->allowMailTo) {
$allowedSchemes[] = 'mailto';
if (\is_array($this->allowedHosts)) {
$allowedHosts[] = null;
}
}
if ($this->allowRelativeLinks) {
$allowedSchemes[] = null;
if (\is_array($this->allowedHosts)) {
$allowedHosts[] = null;
}
}
if (!$sanitized = $this->sanitizeUrl($input, $allowedSchemes, $allowedHosts, $this->forceHttps)) {
return null;
}
// Basic validation that it's an e-mail
if (0 === strpos($sanitized, 'mailto:') && (false === strpos($sanitized, '@') || false === strpos($sanitized, '.'))) {
return null;
}
return $sanitized;
}
}