diff options
| author | zotlabs <mike@macgirvin.com> | 2017-03-27 14:11:25 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-03-27 14:11:25 -0700 |
| commit | 8292553a2087a412e0b10f5593d461d371169adb (patch) | |
| tree | 2648714d80a19154ec19defa92aaa3229cae23c6 /include/text.php | |
| parent | 5cbf60320355845e2abdec0422055d3fe321e84e (diff) | |
| parent | 6375401e0af6c52d151dd2b944aa6a054b8ddc05 (diff) | |
| download | volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.tar.gz volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.tar.bz2 volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.zip | |
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_merge
Diffstat (limited to 'include/text.php')
| -rw-r--r-- | include/text.php | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php index 2b22df2ea..c1d71521f 100644 --- a/include/text.php +++ b/include/text.php @@ -121,13 +121,23 @@ function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) { } - +/** + * @brief Use HTMLPurifier to get standards compliant HTML. + * + * Use the <a href="http://htmlpurifier.org/" target="_blank">HTMLPurifier</a> + * library to get filtered and standards compliant HTML. + * + * @see HTMLPurifier + * + * @param string $s raw HTML + * @param boolean $allow_position allow CSS position + * @return string standards compliant filtered HTML + */ function purify_html($s, $allow_position = false) { - require_once('library/HTMLPurifier.auto.php'); - require_once('include/html2bbcode.php'); /** * @FIXME this function has html output, not bbcode - so safely purify these + * require_once('include/html2bbcode.php'); * $s = html2bb_video($s); * $s = oembed_html2bbcode($s); */ @@ -136,6 +146,15 @@ function purify_html($s, $allow_position = false) { $config->set('Cache.DefinitionImpl', null); $config->set('Attr.EnableID', true); + // If enabled, target=blank attributes are added to all links. + //$config->set('HTML.TargetBlank', true); + //$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']); + // restore old behavior of HTMLPurifier < 4.8, only used when targets allowed at all + // do not add rel="noreferrer" to all links with target attributes + //$config->set('HTML.TargetNoreferrer', false); + // do not add noopener rel attributes to links which have a target attribute associated with them + //$config->set('HTML.TargetNoopener', false); + //Allow some custom data- attributes used by built-in libs. //In this way members which do not have allowcode set can still use the built-in js libs in webpages to some extent. @@ -273,7 +292,6 @@ function purify_html($s, $allow_position = false) { new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Percentage() )); - } $purifier = new HTMLPurifier($config); |