aboutsummaryrefslogtreecommitdiffstats
path: root/include/text.php
diff options
context:
space:
mode:
authorKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2017-03-18 17:50:05 +0100
committerKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2017-03-26 00:41:27 +0100
commitf718e2b0db0fe3477212a8dd6c3ec067f4432862 (patch)
tree8dfbd3b3d4bdcd967b50f1ee4655440bcdef5bb8 /include/text.php
parent2115eb26a7fd2ca937286bd4e98ab74c7d6e9525 (diff)
downloadvolse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.gz
volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.bz2
volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.zip
:arrow_up: Update HTML Purifier library.
Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility. Used composer to manage this library.
Diffstat (limited to 'include/text.php')
-rw-r--r--include/text.php26
1 files changed, 22 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php
index 224ba17d0..911334a15 100644
--- a/include/text.php
+++ b/include/text.php
@@ -122,13 +122,23 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
}
-
+/**
+ * @brief Use HTMLPurifier to get standards compliant HTML.
+ *
+ * Use the <a href="http://htmlpurifier.org/" target="_blank">HTMLPurifier</a>
+ * library to get filtered and standards compliant HTML.
+ *
+ * @see HTMLPurifier
+ *
+ * @param string $s raw HTML
+ * @param boolean $allow_position allow CSS position
+ * @return string standards compliant filtered HTML
+ */
function purify_html($s, $allow_position = false) {
- require_once('library/HTMLPurifier.auto.php');
- require_once('include/html2bbcode.php');
/**
* @FIXME this function has html output, not bbcode - so safely purify these
+ * require_once('include/html2bbcode.php');
* $s = html2bb_video($s);
* $s = oembed_html2bbcode($s);
*/
@@ -137,6 +147,15 @@ function purify_html($s, $allow_position = false) {
$config->set('Cache.DefinitionImpl', null);
$config->set('Attr.EnableID', true);
+ // If enabled, target=blank attributes are added to all links.
+ //$config->set('HTML.TargetBlank', true);
+ //$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
+ // restore old behavior of HTMLPurifier < 4.8, only used when targets allowed at all
+ // do not add rel="noreferrer" to all links with target attributes
+ //$config->set('HTML.TargetNoreferrer', false);
+ // do not add noopener rel attributes to links which have a target attribute associated with them
+ //$config->set('HTML.TargetNoopener', false);
+
//Allow some custom data- attributes used by built-in libs.
//In this way members which do not have allowcode set can still use the built-in js libs in webpages to some extent.
@@ -274,7 +293,6 @@ function purify_html($s, $allow_position = false) {
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
-
}
$purifier = new HTMLPurifier($config);