diff options
| author | friendica <info@friendica.com> | 2012-05-12 17:57:41 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-07-18 20:40:31 +1000 |
| commit | 7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a (patch) | |
| tree | a9c3d91209cff770bb4b613b1b95e61a7bbc5a2b /lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php | |
| parent | cd727cb26b78a1dade09d510b071446898477356 (diff) | |
| download | volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.gz volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.bz2 volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.zip | |
some important stuff we'll need
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php')
| -rw-r--r-- | lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php new file mode 100644 index 000000000..cecdea6c3 --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php @@ -0,0 +1,54 @@ +<?php + +/* + +WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING +INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!! + +*/ + +/** + * XHTML 1.1 Scripting module, defines elements that are used to contain + * information pertaining to executable scripts or the lack of support + * for executable scripts. + * @note This module does not contain inline scripting elements + */ +class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule +{ + public $name = 'Scripting'; + public $elements = array('script', 'noscript'); + public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript'); + public $safe = false; + + public function setup($config) { + // TODO: create custom child-definition for noscript that + // auto-wraps stray #PCDATA in a similar manner to + // blockquote's custom definition (we would use it but + // blockquote's contents are optional while noscript's contents + // are required) + + // TODO: convert this to new syntax, main problem is getting + // both content sets working + + // In theory, this could be safe, but I don't see any reason to + // allow it. + $this->info['noscript'] = new HTMLPurifier_ElementDef(); + $this->info['noscript']->attr = array( 0 => array('Common') ); + $this->info['noscript']->content_model = 'Heading | List | Block'; + $this->info['noscript']->content_model_type = 'required'; + + $this->info['script'] = new HTMLPurifier_ElementDef(); + $this->info['script']->attr = array( + 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')), + 'src' => new HTMLPurifier_AttrDef_URI(true), + 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript')) + ); + $this->info['script']->content_model = '#PCDATA'; + $this->info['script']->content_model_type = 'optional'; + $this->info['script']->attr_transform_pre['type'] = + $this->info['script']->attr_transform_post['type'] = + new HTMLPurifier_AttrTransform_ScriptRequired(); + } +} + +// vim: et sw=4 sts=4 |