aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-03-27 14:11:25 -0700
committerzotlabs <mike@macgirvin.com>2017-03-27 14:11:25 -0700
commit8292553a2087a412e0b10f5593d461d371169adb (patch)
tree2648714d80a19154ec19defa92aaa3229cae23c6 /include
parent5cbf60320355845e2abdec0422055d3fe321e84e (diff)
parent6375401e0af6c52d151dd2b944aa6a054b8ddc05 (diff)
downloadvolse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.tar.gz
volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.tar.bz2
volse-hubzilla-8292553a2087a412e0b10f5593d461d371169adb.zip
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into xdev_merge
Diffstat (limited to 'include')
-rw-r--r--include/text.php26
1 files changed, 22 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php
index 2b22df2ea..c1d71521f 100644
--- a/include/text.php
+++ b/include/text.php
@@ -121,13 +121,23 @@ function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
}
-
+/**
+ * @brief Use HTMLPurifier to get standards compliant HTML.
+ *
+ * Use the <a href="http://htmlpurifier.org/" target="_blank">HTMLPurifier</a>
+ * library to get filtered and standards compliant HTML.
+ *
+ * @see HTMLPurifier
+ *
+ * @param string $s raw HTML
+ * @param boolean $allow_position allow CSS position
+ * @return string standards compliant filtered HTML
+ */
function purify_html($s, $allow_position = false) {
- require_once('library/HTMLPurifier.auto.php');
- require_once('include/html2bbcode.php');
/**
* @FIXME this function has html output, not bbcode - so safely purify these
+ * require_once('include/html2bbcode.php');
* $s = html2bb_video($s);
* $s = oembed_html2bbcode($s);
*/
@@ -136,6 +146,15 @@ function purify_html($s, $allow_position = false) {
$config->set('Cache.DefinitionImpl', null);
$config->set('Attr.EnableID', true);
+ // If enabled, target=blank attributes are added to all links.
+ //$config->set('HTML.TargetBlank', true);
+ //$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
+ // restore old behavior of HTMLPurifier < 4.8, only used when targets allowed at all
+ // do not add rel="noreferrer" to all links with target attributes
+ //$config->set('HTML.TargetNoreferrer', false);
+ // do not add noopener rel attributes to links which have a target attribute associated with them
+ //$config->set('HTML.TargetNoopener', false);
+
//Allow some custom data- attributes used by built-in libs.
//In this way members which do not have allowcode set can still use the built-in js libs in webpages to some extent.
@@ -273,7 +292,6 @@ function purify_html($s, $allow_position = false) {
new HTMLPurifier_AttrDef_CSS_Length(),
new HTMLPurifier_AttrDef_CSS_Percentage()
));
-
}
$purifier = new HTMLPurifier($config);