* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace HtmlSanitizer\Extension\Iframe\NodeVisitor; use HtmlSanitizer\Extension\Iframe\Node\IframeNode; use HtmlSanitizer\Model\Cursor; use HtmlSanitizer\Node\NodeInterface; use HtmlSanitizer\Extension\Iframe\Sanitizer\IframeSrcSanitizer; use HtmlSanitizer\Visitor\AbstractNodeVisitor; use HtmlSanitizer\Visitor\HasChildrenNodeVisitorTrait; use HtmlSanitizer\Visitor\NamedNodeVisitorInterface; /** * @author Titouan Galopin * * @final */ class IframeNodeVisitor extends AbstractNodeVisitor implements NamedNodeVisitorInterface { use HasChildrenNodeVisitorTrait; /** * @var IframeSrcSanitizer */ private $sanitizer; public function __construct(array $config = []) { parent::__construct($config); $this->sanitizer = new IframeSrcSanitizer( $this->config['allowed_schemes'], $this->config['allowed_hosts'], $this->config['allow_relative_links'], $this->config['force_https'] ); } protected function getDomNodeName(): string { return 'iframe'; } public function getDefaultAllowedAttributes(): array { return [ 'src', 'width', 'height', 'frameborder', 'title', // YouTube integration 'allow', 'allowfullscreen', ]; } public function getDefaultConfiguration(): array { return [ 'allowed_schemes' => ['http', 'https'], 'allowed_hosts' => null, 'allow_relative_links' => false, 'force_https' => false, ]; } protected function createNode(\DOMNode $domNode, Cursor $cursor): NodeInterface { $node = new IframeNode($cursor->node); $node->setAttribute('src', $this->sanitizer->sanitize($this->getAttribute($domNode, 'src'))); return $node; } }