diff options
| author | Klaus <Klaus.Weidenbach@gmx.net> | 2017-03-27 21:39:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-27 21:39:02 +0200 |
| commit | 6375401e0af6c52d151dd2b944aa6a054b8ddc05 (patch) | |
| tree | 982ab84421ffa8ee2c48f38cc2d1eef11853dbf6 /include/text.php | |
| parent | b6b62506c5f4ed5bc354d548702538bda36aff36 (diff) | |
| parent | f718e2b0db0fe3477212a8dd6c3ec067f4432862 (diff) | |
| download | volse-hubzilla-6375401e0af6c52d151dd2b944aa6a054b8ddc05.tar.gz volse-hubzilla-6375401e0af6c52d151dd2b944aa6a054b8ddc05.tar.bz2 volse-hubzilla-6375401e0af6c52d151dd2b944aa6a054b8ddc05.zip | |
Merge pull request #701 from dawnbreak/HTMLpurifier
HTMLPurifier library update
Diffstat (limited to 'include/text.php')
| -rw-r--r-- | include/text.php | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php index 224ba17d0..911334a15 100644 --- a/include/text.php +++ b/include/text.php @@ -122,13 +122,23 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') { } - +/** + * @brief Use HTMLPurifier to get standards compliant HTML. + * + * Use the <a href="http://htmlpurifier.org/" target="_blank">HTMLPurifier</a> + * library to get filtered and standards compliant HTML. + * + * @see HTMLPurifier + * + * @param string $s raw HTML + * @param boolean $allow_position allow CSS position + * @return string standards compliant filtered HTML + */ function purify_html($s, $allow_position = false) { - require_once('library/HTMLPurifier.auto.php'); - require_once('include/html2bbcode.php'); /** * @FIXME this function has html output, not bbcode - so safely purify these + * require_once('include/html2bbcode.php'); * $s = html2bb_video($s); * $s = oembed_html2bbcode($s); */ @@ -137,6 +147,15 @@ function purify_html($s, $allow_position = false) { $config->set('Cache.DefinitionImpl', null); $config->set('Attr.EnableID', true); + // If enabled, target=blank attributes are added to all links. + //$config->set('HTML.TargetBlank', true); + //$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']); + // restore old behavior of HTMLPurifier < 4.8, only used when targets allowed at all + // do not add rel="noreferrer" to all links with target attributes + //$config->set('HTML.TargetNoreferrer', false); + // do not add noopener rel attributes to links which have a target attribute associated with them + //$config->set('HTML.TargetNoopener', false); + //Allow some custom data- attributes used by built-in libs. //In this way members which do not have allowcode set can still use the built-in js libs in webpages to some extent. @@ -274,7 +293,6 @@ function purify_html($s, $allow_position = false) { new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Percentage() )); - } $purifier = new HTMLPurifier($config); |