aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/ConfigSchema
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2015-01-01 22:18:27 -0800
committerfriendica <info@friendica.com>2015-01-01 22:18:27 -0800
commita0052f0176bd079e6a94baec59fea2ec5a8d651e (patch)
treec323edd823681bc2e8ca757e7eaf8354d42c7b51 /library/HTMLPurifier/ConfigSchema
parent545e47933a0816699c68d98a7742a03260d6a54f (diff)
downloadvolse-hubzilla-a0052f0176bd079e6a94baec59fea2ec5a8d651e.tar.gz
volse-hubzilla-a0052f0176bd079e6a94baec59fea2ec5a8d651e.tar.bz2
volse-hubzilla-a0052f0176bd079e6a94baec59fea2ec5a8d651e.zip
htmlpurifier update - compatibility issue with language library autoloader
Diffstat (limited to 'library/HTMLPurifier/ConfigSchema')
-rw-r--r--library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php8
-rw-r--r--library/HTMLPurifier/ConfigSchema/Builder/Xml.php94
-rw-r--r--library/HTMLPurifier/ConfigSchema/Interchange.php11
-rw-r--r--library/HTMLPurifier/ConfigSchema/Interchange/Directive.php28
-rw-r--r--library/HTMLPurifier/ConfigSchema/Interchange/Id.php33
-rw-r--r--library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php90
-rw-r--r--library/HTMLPurifier/ConfigSchema/Validator.php90
-rw-r--r--library/HTMLPurifier/ConfigSchema/ValidatorAtom.php108
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema.serbin13244 -> 15000 bytes
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt12
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt13
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt9
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt11
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt16
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt3
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt14
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt9
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt6
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt11
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt11
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt5
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt11
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt10
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt15
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt17
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt11
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt7
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt13
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt10
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt8
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt1
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt15
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt4
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt7
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt2
-rw-r--r--library/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt22
36 files changed, 602 insertions, 133 deletions
diff --git a/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php b/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
index c05668a70..d5906cd46 100644
--- a/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
+++ b/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
@@ -7,7 +7,12 @@
class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
{
- public function build($interchange) {
+ /**
+ * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+ * @return HTMLPurifier_ConfigSchema
+ */
+ public function build($interchange)
+ {
$schema = new HTMLPurifier_ConfigSchema();
foreach ($interchange->directives as $d) {
$schema->add(
@@ -38,7 +43,6 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
$schema->postProcess();
return $schema;
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/Builder/Xml.php b/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
index 244561a37..5fa56f7dd 100644
--- a/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
+++ b/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
@@ -7,10 +7,21 @@
class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
{
+ /**
+ * @type HTMLPurifier_ConfigSchema_Interchange
+ */
protected $interchange;
+
+ /**
+ * @type string
+ */
private $namespace;
- protected function writeHTMLDiv($html) {
+ /**
+ * @param string $html
+ */
+ protected function writeHTMLDiv($html)
+ {
$this->startElement('div');
$purifier = HTMLPurifier::getInstance();
@@ -21,12 +32,23 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->endElement(); // div
}
- protected function export($var) {
- if ($var === array()) return 'array()';
+ /**
+ * @param mixed $var
+ * @return string
+ */
+ protected function export($var)
+ {
+ if ($var === array()) {
+ return 'array()';
+ }
return var_export($var, true);
}
- public function build($interchange) {
+ /**
+ * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+ */
+ public function build($interchange)
+ {
// global access, only use as last resort
$this->interchange = $interchange;
@@ -39,19 +61,26 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->buildDirective($directive);
}
- if ($this->namespace) $this->endElement(); // namespace
+ if ($this->namespace) {
+ $this->endElement();
+ } // namespace
$this->endElement(); // configdoc
$this->flush();
}
- public function buildDirective($directive) {
-
+ /**
+ * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
+ */
+ public function buildDirective($directive)
+ {
// Kludge, although I suppose having a notion of a "root namespace"
// certainly makes things look nicer when documentation is built.
// Depends on things being sorted.
if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
- if ($this->namespace) $this->endElement(); // namespace
+ if ($this->namespace) {
+ $this->endElement();
+ } // namespace
$this->namespace = $directive->id->getRootNamespace();
$this->startElement('namespace');
$this->writeAttribute('id', $this->namespace);
@@ -64,43 +93,52 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->writeElement('name', $directive->id->getDirective());
$this->startElement('aliases');
- foreach ($directive->aliases as $alias) $this->writeElement('alias', $alias->toString());
+ foreach ($directive->aliases as $alias) {
+ $this->writeElement('alias', $alias->toString());
+ }
$this->endElement(); // aliases
$this->startElement('constraints');
- if ($directive->version) $this->writeElement('version', $directive->version);
- $this->startElement('type');
- if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes');
- $this->text($directive->type);
- $this->endElement(); // type
- if ($directive->allowed) {
- $this->startElement('allowed');
- foreach ($directive->allowed as $value => $x) $this->writeElement('value', $value);
- $this->endElement(); // allowed
+ if ($directive->version) {
+ $this->writeElement('version', $directive->version);
+ }
+ $this->startElement('type');
+ if ($directive->typeAllowsNull) {
+ $this->writeAttribute('allow-null', 'yes');
+ }
+ $this->text($directive->type);
+ $this->endElement(); // type
+ if ($directive->allowed) {
+ $this->startElement('allowed');
+ foreach ($directive->allowed as $value => $x) {
+ $this->writeElement('value', $value);
}
- $this->writeElement('default', $this->export($directive->default));
- $this->writeAttribute('xml:space', 'preserve');
- if ($directive->external) {
- $this->startElement('external');
- foreach ($directive->external as $project) $this->writeElement('project', $project);
- $this->endElement();
+ $this->endElement(); // allowed
+ }
+ $this->writeElement('default', $this->export($directive->default));
+ $this->writeAttribute('xml:space', 'preserve');
+ if ($directive->external) {
+ $this->startElement('external');
+ foreach ($directive->external as $project) {
+ $this->writeElement('project', $project);
}
+ $this->endElement();
+ }
$this->endElement(); // constraints
if ($directive->deprecatedVersion) {
$this->startElement('deprecated');
- $this->writeElement('version', $directive->deprecatedVersion);
- $this->writeElement('use', $directive->deprecatedUse->toString());
+ $this->writeElement('version', $directive->deprecatedVersion);
+ $this->writeElement('use', $directive->deprecatedUse->toString());
$this->endElement(); // deprecated
}
$this->startElement('description');
- $this->writeHTMLDiv($directive->description);
+ $this->writeHTMLDiv($directive->description);
$this->endElement(); // description
$this->endElement(); // directive
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/Interchange.php b/library/HTMLPurifier/ConfigSchema/Interchange.php
index 91a5aa730..0e08ae8fe 100644
--- a/library/HTMLPurifier/ConfigSchema/Interchange.php
+++ b/library/HTMLPurifier/ConfigSchema/Interchange.php
@@ -10,18 +10,23 @@ class HTMLPurifier_ConfigSchema_Interchange
/**
* Name of the application this schema is describing.
+ * @type string
*/
public $name;
/**
* Array of Directive ID => array(directive info)
+ * @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
*/
public $directives = array();
/**
* Adds a directive array to $directives
+ * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
+ * @throws HTMLPurifier_ConfigSchema_Exception
*/
- public function addDirective($directive) {
+ public function addDirective($directive)
+ {
if (isset($this->directives[$i = $directive->id->toString()])) {
throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
}
@@ -32,11 +37,11 @@ class HTMLPurifier_ConfigSchema_Interchange
* Convenience function to perform standard validation. Throws exception
* on failed validation.
*/
- public function validate() {
+ public function validate()
+ {
$validator = new HTMLPurifier_ConfigSchema_Validator();
return $validator->validate($this);
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php b/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
index ac8be0d97..127a39a67 100644
--- a/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
+++ b/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
@@ -7,71 +7,83 @@ class HTMLPurifier_ConfigSchema_Interchange_Directive
{
/**
- * ID of directive, instance of HTMLPurifier_ConfigSchema_Interchange_Id.
+ * ID of directive.
+ * @type HTMLPurifier_ConfigSchema_Interchange_Id
*/
public $id;
/**
- * String type, e.g. 'integer' or 'istring'.
+ * Type, e.g. 'integer' or 'istring'.
+ * @type string
*/
public $type;
/**
* Default value, e.g. 3 or 'DefaultVal'.
+ * @type mixed
*/
public $default;
/**
* HTML description.
+ * @type string
*/
public $description;
/**
- * Boolean whether or not null is allowed as a value.
+ * Whether or not null is allowed as a value.
+ * @type bool
*/
public $typeAllowsNull = false;
/**
- * Lookup table of allowed scalar values, e.g. array('allowed' => true).
+ * Lookup table of allowed scalar values.
+ * e.g. array('allowed' => true).
* Null if all values are allowed.
+ * @type array
*/
public $allowed;
/**
- * List of aliases for the directive,
+ * List of aliases for the directive.
* e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
+ * @type HTMLPurifier_ConfigSchema_Interchange_Id[]
*/
public $aliases = array();
/**
* Hash of value aliases, e.g. array('alt' => 'real'). Null if value
* aliasing is disabled (necessary for non-scalar types).
+ * @type array
*/
public $valueAliases;
/**
* Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
* Null if the directive has always existed.
+ * @type string
*/
public $version;
/**
- * ID of directive that supercedes this old directive, is an instance
- * of HTMLPurifier_ConfigSchema_Interchange_Id. Null if not deprecated.
+ * ID of directive that supercedes this old directive.
+ * Null if not deprecated.
+ * @type HTMLPurifier_ConfigSchema_Interchange_Id
*/
public $deprecatedUse;
/**
* Version of HTML Purifier this directive was deprecated. Null if not
* deprecated.
+ * @type string
*/
public $deprecatedVersion;
/**
* List of external projects this directive depends on, e.g. array('CSSTidy').
+ * @type array
*/
public $external = array();
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/Interchange/Id.php b/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
index b9b3c6f5c..126f09d95 100644
--- a/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
+++ b/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
@@ -6,32 +6,53 @@
class HTMLPurifier_ConfigSchema_Interchange_Id
{
+ /**
+ * @type string
+ */
public $key;
- public function __construct($key) {
+ /**
+ * @param string $key
+ */
+ public function __construct($key)
+ {
$this->key = $key;
}
/**
+ * @return string
* @warning This is NOT magic, to ensure that people don't abuse SPL and
* cause problems for PHP 5.0 support.
*/
- public function toString() {
+ public function toString()
+ {
return $this->key;
}
- public function getRootNamespace() {
+ /**
+ * @return string
+ */
+ public function getRootNamespace()
+ {
return substr($this->key, 0, strpos($this->key, "."));
}
- public function getDirective() {
+ /**
+ * @return string
+ */
+ public function getDirective()
+ {
return substr($this->key, strpos($this->key, ".") + 1);
}
- public static function make($id) {
+ /**
+ * @param string $id
+ * @return HTMLPurifier_ConfigSchema_Interchange_Id
+ */
+ public static function make($id)
+ {
return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php b/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
index 785b72ce8..655e6dd1b 100644
--- a/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
+++ b/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
@@ -5,21 +5,39 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
/**
* Used for processing DEFAULT, nothing else.
+ * @type HTMLPurifier_VarParser
*/
protected $varParser;
- public function __construct($varParser = null) {
+ /**
+ * @param HTMLPurifier_VarParser $varParser
+ */
+ public function __construct($varParser = null)
+ {
$this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
}
- public static function buildFromDirectory($dir = null) {
- $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
+ /**
+ * @param string $dir
+ * @return HTMLPurifier_ConfigSchema_Interchange
+ */
+ public static function buildFromDirectory($dir = null)
+ {
+ $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
$interchange = new HTMLPurifier_ConfigSchema_Interchange();
return $builder->buildDir($interchange, $dir);
}
- public function buildDir($interchange, $dir = null) {
- if (!$dir) $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
+ /**
+ * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+ * @param string $dir
+ * @return HTMLPurifier_ConfigSchema_Interchange
+ */
+ public function buildDir($interchange, $dir = null)
+ {
+ if (!$dir) {
+ $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
+ }
if (file_exists($dir . '/info.ini')) {
$info = parse_ini_file($dir . '/info.ini');
$interchange->name = $info['name'];
@@ -39,24 +57,30 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
foreach ($files as $file) {
$this->buildFile($interchange, $dir . '/' . $file);
}
-
return $interchange;
}
- public function buildFile($interchange, $file) {
+ /**
+ * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+ * @param string $file
+ */
+ public function buildFile($interchange, $file)
+ {
$parser = new HTMLPurifier_StringHashParser();
$this->build(
$interchange,
- new HTMLPurifier_StringHash( $parser->parseFile($file) )
+ new HTMLPurifier_StringHash($parser->parseFile($file))
);
}
/**
* Builds an interchange object based on a hash.
- * @param $interchange HTMLPurifier_ConfigSchema_Interchange object to build
- * @param $hash HTMLPurifier_ConfigSchema_StringHash source data
+ * @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
+ * @param HTMLPurifier_StringHash $hash source data
+ * @throws HTMLPurifier_ConfigSchema_Exception
*/
- public function build($interchange, $hash) {
+ public function build($interchange, $hash)
+ {
if (!$hash instanceof HTMLPurifier_StringHash) {
$hash = new HTMLPurifier_StringHash($hash);
}
@@ -75,7 +99,13 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
$this->_findUnused($hash);
}
- public function buildDirective($interchange, $hash) {
+ /**
+ * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+ * @param HTMLPurifier_StringHash $hash
+ * @throws HTMLPurifier_ConfigSchema_Exception
+ */
+ public function buildDirective($interchange, $hash)
+ {
$directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
// These are required elements:
@@ -84,7 +114,9 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
if (isset($hash['TYPE'])) {
$type = explode('/', $hash->offsetGet('TYPE'));
- if (isset($type[1])) $directive->typeAllowsNull = true;
+ if (isset($type[1])) {
+ $directive->typeAllowsNull = true;
+ }
$directive->type = $type[0];
} else {
throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
@@ -92,7 +124,11 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
if (isset($hash['DEFAULT'])) {
try {
- $directive->default = $this->varParser->parse($hash->offsetGet('DEFAULT'), $directive->type, $directive->typeAllowsNull);
+ $directive->default = $this->varParser->parse(
+ $hash->offsetGet('DEFAULT'),
+ $directive->type,
+ $directive->typeAllowsNull
+ );
} catch (HTMLPurifier_VarParserException $e) {
throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
}
@@ -139,34 +175,45 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
/**
* Evaluates an array PHP code string without array() wrapper
+ * @param string $contents
*/
- protected function evalArray($contents) {
- return eval('return array('. $contents .');');
+ protected function evalArray($contents)
+ {
+ return eval('return array(' . $contents . ');');
}
/**
* Converts an array list into a lookup array.
+ * @param array $array
+ * @return array
*/
- protected function lookup($array) {
+ protected function lookup($array)
+ {
$ret = array();
- foreach ($array as $val) $ret[$val] = true;
+ foreach ($array as $val) {
+ $ret[$val] = true;
+ }
return $ret;
}
/**
* Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
* object based on a string Id.
+ * @param string $id
+ * @return HTMLPurifier_ConfigSchema_Interchange_Id
*/
- protected function id($id) {
+ protected function id($id)
+ {
return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
}
/**
* Triggers errors for any unused keys passed in the hash; such keys
* may indicate typos, missing values, etc.
- * @param $hash Instance of ConfigSchema_StringHash to check.
+ * @param HTMLPurifier_StringHash $hash Hash to check.
*/
- protected function _findUnused($hash) {
+ protected function _findUnused($hash)
+ {
$accessed = $hash->getAccessed();
foreach ($hash as $k => $v) {
if (!isset($accessed[$k])) {
@@ -174,7 +221,6 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
}
}
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/Validator.php b/library/HTMLPurifier/ConfigSchema/Validator.php
index f374f6a02..fb3127788 100644
--- a/library/HTMLPurifier/ConfigSchema/Validator.php
+++ b/library/HTMLPurifier/ConfigSchema/Validator.php
@@ -12,36 +12,48 @@ class HTMLPurifier_ConfigSchema_Validator
{
/**
- * Easy to access global objects.
+ * @type HTMLPurifier_ConfigSchema_Interchange
*/
- protected $interchange, $aliases;
+ protected $interchange;
+
+ /**
+ * @type array
+ */
+ protected $aliases;
/**
* Context-stack to provide easy to read error messages.
+ * @type array
*/
protected $context = array();
/**
- * HTMLPurifier_VarParser to test default's type.
+ * to test default's type.
+ * @type HTMLPurifier_VarParser
*/
protected $parser;
- public function __construct() {
+ public function __construct()
+ {
$this->parser = new HTMLPurifier_VarParser();
}
/**
- * Validates a fully-formed interchange object. Throws an
- * HTMLPurifier_ConfigSchema_Exception if there's a problem.
+ * Validates a fully-formed interchange object.
+ * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+ * @return bool
*/
- public function validate($interchange) {
+ public function validate($interchange)
+ {
$this->interchange = $interchange;
$this->aliases = array();
// PHP is a bit lax with integer <=> string conversions in
// arrays, so we don't use the identical !== comparison
foreach ($interchange->directives as $i => $directive) {
$id = $directive->id->toString();
- if ($i != $id) $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
+ if ($i != $id) {
+ $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
+ }
$this->validateDirective($directive);
}
return true;
@@ -49,8 +61,10 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
+ * @param HTMLPurifier_ConfigSchema_Interchange_Id $id
*/
- public function validateId($id) {
+ public function validateId($id)
+ {
$id_string = $id->toString();
$this->context[] = "id '$id_string'";
if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
@@ -67,8 +81,10 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
+ * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
- public function validateDirective($d) {
+ public function validateDirective($d)
+ {
$id = $d->id->toString();
$this->context[] = "directive '$id'";
$this->validateId($d->id);
@@ -108,9 +124,13 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Extra validation if $allowed member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+ * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
- public function validateDirectiveAllowed($d) {
- if (is_null($d->allowed)) return;
+ public function validateDirectiveAllowed($d)
+ {
+ if (is_null($d->allowed)) {
+ return;
+ }
$this->with($d, 'allowed')
->assertNotEmpty()
->assertIsLookup(); // handled by InterchangeBuilder
@@ -119,7 +139,9 @@ class HTMLPurifier_ConfigSchema_Validator
}
$this->context[] = 'allowed';
foreach ($d->allowed as $val => $x) {
- if (!is_string($val)) $this->error("value $val", 'must be a string');
+ if (!is_string($val)) {
+ $this->error("value $val", 'must be a string');
+ }
}
array_pop($this->context);
}
@@ -127,15 +149,23 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Extra validation if $valueAliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+ * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
- public function validateDirectiveValueAliases($d) {
- if (is_null($d->valueAliases)) return;
+ public function validateDirectiveValueAliases($d)
+ {
+ if (is_null($d->valueAliases)) {
+ return;
+ }
$this->with($d, 'valueAliases')
->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'valueAliases';
foreach ($d->valueAliases as $alias => $real) {
- if (!is_string($alias)) $this->error("alias $alias", 'must be a string');
- if (!is_string($real)) $this->error("alias target $real from alias '$alias'", 'must be a string');
+ if (!is_string($alias)) {
+ $this->error("alias $alias", 'must be a string');
+ }
+ if (!is_string($real)) {
+ $this->error("alias target $real from alias '$alias'", 'must be a string');
+ }
if ($alias === $real) {
$this->error("alias '$alias'", "must not be an alias to itself");
}
@@ -155,8 +185,10 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Extra validation if $aliases member variable of
* HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+ * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
*/
- public function validateDirectiveAliases($d) {
+ public function validateDirectiveAliases($d)
+ {
$this->with($d, 'aliases')
->assertIsArray(); // handled by InterchangeBuilder
$this->context[] = 'aliases';
@@ -180,27 +212,37 @@ class HTMLPurifier_ConfigSchema_Validator
/**
* Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
* for validating simple member variables of objects.
+ * @param $obj
+ * @param $member
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
*/
- protected function with($obj, $member) {
+ protected function with($obj, $member)
+ {
return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
}
/**
* Emits an error, providing helpful context.
+ * @throws HTMLPurifier_ConfigSchema_Exception
*/
- protected function error($target, $msg) {
- if ($target !== false) $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
- else $prefix = ucfirst($this->getFormattedContext());
+ protected function error($target, $msg)
+ {
+ if ($target !== false) {
+ $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
+ } else {
+ $prefix = ucfirst($this->getFormattedContext());
+ }
throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
}
/**
* Returns a formatted context string.
+ * @return string
*/
- protected function getFormattedContext() {
+ protected function getFormattedContext()
+ {
return implode(' in ', array_reverse($this->context));
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php b/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php
index b95aea18c..c9aa3644a 100644
--- a/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php
+++ b/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php
@@ -8,59 +8,123 @@
*/
class HTMLPurifier_ConfigSchema_ValidatorAtom
{
+ /**
+ * @type string
+ */
+ protected $context;
- protected $context, $obj, $member, $contents;
+ /**
+ * @type object
+ */
+ protected $obj;
- public function __construct($context, $obj, $member) {
- $this->context = $context;
- $this->obj = $obj;
- $this->member = $member;
- $this->contents =& $obj->$member;
+ /**
+ * @type string
+ */
+ protected $member;
+
+ /**
+ * @type mixed
+ */
+ protected $contents;
+
+ public function __construct($context, $obj, $member)
+ {
+ $this->context = $context;
+ $this->obj = $obj;
+ $this->member = $member;
+ $this->contents =& $obj->$member;
}
- public function assertIsString() {
- if (!is_string($this->contents)) $this->error('must be a string');
+ /**
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+ */
+ public function assertIsString()
+ {
+ if (!is_string($this->contents)) {
+ $this->error('must be a string');
+ }
return $this;
}
- public function assertIsBool() {
- if (!is_bool($this->contents)) $this->error('must be a boolean');
+ /**
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+ */
+ public function assertIsBool()
+ {
+ if (!is_bool($this->contents)) {
+ $this->error('must be a boolean');
+ }
return $this;
}
- public function assertIsArray() {
- if (!is_array($this->contents)) $this->error('must be an array');
+ /**
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+ */
+ public function assertIsArray()
+ {
+ if (!is_array($this->contents)) {
+ $this->error('must be an array');
+ }
return $this;
}
- public function assertNotNull() {
- if ($this->contents === null) $this->error('must not be null');
+ /**
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+ */
+ public function assertNotNull()
+ {
+ if ($this->contents === null) {
+ $this->error('must not be null');
+ }
return $this;
}
- public function assertAlnum() {
+ /**
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+ */
+ public function assertAlnum()
+ {
$this->assertIsString();
- if (!ctype_alnum($this->contents)) $this->error('must be alphanumeric');
+ if (!ctype_alnum($this->contents)) {
+ $this->error('must be alphanumeric');
+ }
return $this;
}
- public function assertNotEmpty() {
- if (empty($this->contents)) $this->error('must not be empty');
+ /**
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+ */
+ public function assertNotEmpty()
+ {
+ if (empty($this->contents)) {
+ $this->error('must not be empty');
+ }
return $this;
}
- public function assertIsLookup() {
+ /**
+ * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+ */
+ public function assertIsLookup()
+ {
$this->assertIsArray();
foreach ($this->contents as $v) {
- if ($v !== true) $this->error('must be a lookup array');
+ if ($v !== true) {
+ $this->error('must be a lookup array');
+ }
}
return $this;
}
- protected function error($msg) {
+ /**
+ * @param string $msg
+ * @throws HTMLPurifier_ConfigSchema_Exception
+ */
+ protected function error($msg)
+ {
throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
}
-
}
// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser
index 22b8d54a5..22ea32185 100644
--- a/library/HTMLPurifier/ConfigSchema/schema.ser
+++ b/library/HTMLPurifier/ConfigSchema/schema.ser
Binary files differ
diff --git a/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt b/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
new file mode 100644
index 000000000..3fd465406
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
@@ -0,0 +1,12 @@
+CSS.AllowedFonts
+TYPE: lookup/null
+VERSION: 4.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+ Allows you to manually specify a set of allowed fonts. If
+ <code>NULL</code>, all fonts are allowed. This directive
+ affects generic names (serif, sans-serif, monospace, cursive,
+ fantasy) as well as specific font families.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt b/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
new file mode 100644
index 000000000..f1f5c5f12
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
@@ -0,0 +1,13 @@
+CSS.ForbiddenProperties
+TYPE: lookup
+VERSION: 4.2.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+ This is the logical inverse of %CSS.AllowedProperties, and it will
+ override that directive or any other directive. If possible,
+ %CSS.AllowedProperties is recommended over this directive,
+ because it can sometimes be difficult to tell whether or not you've
+ forbidden all of the CSS properties you truly would like to disallow.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt b/library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
new file mode 100644
index 000000000..e733a61e8
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
@@ -0,0 +1,9 @@
+CSS.Trusted
+TYPE: bool
+VERSION: 4.2.1
+DEFAULT: false
+--DESCRIPTION--
+Indicates whether or not the user's CSS input is trusted or not. If the
+input is trusted, a more expansive set of allowed properties. See
+also %HTML.Trusted.
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt b/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
new file mode 100644
index 000000000..b2b83d9ab
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
@@ -0,0 +1,11 @@
+Cache.SerializerPermissions
+TYPE: int
+VERSION: 4.3.0
+DEFAULT: 0755
+--DESCRIPTION--
+
+<p>
+ Directory permissions of the files and directories created inside
+ the DefinitionCache/Serializer or other custom serializer path.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt b/library/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
new file mode 100644
index 000000000..2c910cc7d
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
@@ -0,0 +1,16 @@
+Core.AllowHostnameUnderscore
+TYPE: bool
+VERSION: 4.6.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+ By RFC 1123, underscores are not permitted in host names.
+ (This is in contrast to the specification for DNS, RFC
+ 2181, which allows underscores.)
+ However, most browsers do the right thing when faced with
+ an underscore in the host name, and so some poorly written
+ websites are written with the expectation this should work.
+ Setting this parameter to true relaxes our allowed character
+ check so that underscores are permitted.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt b/library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
index 08b381d34..c572c14ec 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
@@ -24,5 +24,6 @@ array (
--DESCRIPTION--
Lookup array of color names to six digit hexadecimal number corresponding
-to color, with preceding hash mark. Used when parsing colors.
+to color, with preceding hash mark. Used when parsing colors. The lookup
+is done in a case-insensitive manner.
--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt b/library/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
new file mode 100644
index 000000000..1cd4c2c96
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
@@ -0,0 +1,14 @@
+Core.DisableExcludes
+TYPE: bool
+DEFAULT: false
+VERSION: 4.5.0
+--DESCRIPTION--
+<p>
+ This directive disables SGML-style exclusions, e.g. the exclusion of
+ <code>&lt;object&gt;</code> in any descendant of a
+ <code>&lt;pre&gt;</code> tag. Disabling excludes will allow some
+ invalid documents to pass through HTML Purifier, but HTML Purifier
+ will also be less likely to accidentally remove large documents during
+ processing.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt b/library/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
new file mode 100644
index 000000000..ce243c35d
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
@@ -0,0 +1,9 @@
+Core.EnableIDNA
+TYPE: bool
+DEFAULT: false
+VERSION: 4.4.0
+--DESCRIPTION--
+Allows international domain names in URLs. This configuration option
+requires the PEAR Net_IDNA2 module to be installed. It operates by
+punycoding any internationalized host names for maximum portability.
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt b/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
index 4d5b5055c..a3881be75 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
@@ -2,9 +2,11 @@ Core.EscapeInvalidChildren
TYPE: bool
DEFAULT: false
--DESCRIPTION--
-When true, a child is found that is not allowed in the context of the
+<p><strong>Warning:</strong> this configuration option is no longer does anything as of 4.6.0.</p>
+
+<p>When true, a child is found that is not allowed in the context of the
parent element will be transformed into text as if it were ASCII. When
false, that element and all internal tags will be dropped, though text will
be preserved. There is no option for dropping the element but preserving
-child nodes.
+child nodes.</p>
--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt b/library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
new file mode 100644
index 000000000..d77f5360d
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
@@ -0,0 +1,11 @@
+Core.NormalizeNewlines
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+ Whether or not to normalize newlines to the operating
+ system default. When <code>false</code>, HTML Purifier
+ will attempt to preserve mixed newline files.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt b/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
new file mode 100644
index 000000000..3397d9f71
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
@@ -0,0 +1,11 @@
+Core.RemoveProcessingInstructions
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+Instead of escaping processing instructions in the form <code>&lt;? ...
+?&gt;</code>, remove it out-right. This may be useful if the HTML
+you are validating contains XML processing instruction gunk, however,
+it can also be user-unfriendly for people attempting to post PHP
+snippets.
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt b/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
index 7fa6536b2..321eaa2d8 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
@@ -4,6 +4,11 @@ VERSION: 3.1.0
DEFAULT: false
--DESCRIPTION--
<p>
+ <strong>Warning:</strong> Deprecated in favor of %HTML.SafeObject and
+ %Output.FlashCompat (turn both on to allow YouTube videos and other
+ Flash content).
+</p>
+<p>
This directive enables YouTube video embedding in HTML Purifier. Check
<a href="http://htmlpurifier.org/docs/enduser-youtube.html">this document
on embedding videos</a> for more information on what this filter does.
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
index 3e231d2d1..0b2c106da 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
@@ -5,11 +5,14 @@ DEFAULT: NULL
--DESCRIPTION--
<p>
- This is a convenience directive that rolls the functionality of
- %HTML.AllowedElements and %HTML.AllowedAttributes into one directive.
+ This is a preferred convenience directive that combines
+ %HTML.AllowedElements and %HTML.AllowedAttributes.
Specify elements and attributes that are allowed using:
- <code>element1[attr1|attr2],element2...</code>. You can also use
- newlines instead of commas to separate elements.
+ <code>element1[attr1|attr2],element2...</code>. For example,
+ if you would like to only allow paragraphs and links, specify
+ <code>a[href],p</code>. You can specify attributes that apply
+ to all elements using an asterisk, e.g. <code>*[lang]</code>.
+ You can also use newlines instead of commas to separate elements.
</p>
<p>
<strong>Warning</strong>:
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
new file mode 100644
index 000000000..140e21423
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
@@ -0,0 +1,10 @@
+HTML.AllowedComments
+TYPE: lookup
+VERSION: 4.4.0
+DEFAULT: array()
+--DESCRIPTION--
+A whitelist which indicates what explicit comment bodies should be
+allowed, modulo leading and trailing whitespace. See also %HTML.AllowedCommentsRegexp
+(these directives are union'ed together, so a comment is considered
+valid if any directive deems it valid.)
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
new file mode 100644
index 000000000..f22e977d4
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
@@ -0,0 +1,15 @@
+HTML.AllowedCommentsRegexp
+TYPE: string/null
+VERSION: 4.4.0
+DEFAULT: NULL
+--DESCRIPTION--
+A regexp, which if it matches the body of a comment, indicates that
+it should be allowed. Trailing and leading spaces are removed prior
+to running this regular expression.
+<strong>Warning:</strong> Make sure you specify
+correct anchor metacharacters <code>^regex$</code>, otherwise you may accept
+comments that you did not mean to! In particular, the regex <code>/foo|bar/</code>
+is probably not sufficiently strict, since it also allows <code>foobar</code>.
+See also %HTML.AllowedComments (these directives are union'ed together,
+so a comment is considered valid if any directive deems it valid.)
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
index 888d55819..1d3fa7907 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
@@ -4,12 +4,17 @@ VERSION: 1.3.0
DEFAULT: NULL
--DESCRIPTION--
<p>
- If HTML Purifier's tag set is unsatisfactory for your needs, you
- can overload it with your own list of tags to allow. Note that this
- method is subtractive: it does its job by taking away from HTML Purifier
- usual feature set, so you cannot add a tag that HTML Purifier never
- supported in the first place (like embed, form or head). If you
- change this, you probably also want to change %HTML.AllowedAttributes.
+ If HTML Purifier's tag set is unsatisfactory for your needs, you can
+ overload it with your own list of tags to allow. If you change
+ this, you probably also want to change %HTML.AllowedAttributes; see
+ also %HTML.Allowed which lets you set allowed elements and
+ attributes at the same time.
+</p>
+<p>
+ If you attempt to allow an element that HTML Purifier does not know
+ about, HTML Purifier will raise an error. You will need to manually
+ tell HTML Purifier about this element by using the
+ <a href="http://htmlpurifier.org/docs/enduser-customize.html">advanced customization features.</a>
</p>
<p>
<strong>Warning:</strong> If another directive conflicts with the
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
new file mode 100644
index 000000000..7878dc0bf
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
@@ -0,0 +1,11 @@
+HTML.FlashAllowFullScreen
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+ Whether or not to permit embedded Flash content from
+ %HTML.SafeObject to expand to the full screen. Corresponds to
+ the <code>allowFullScreen</code> parameter.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
new file mode 100644
index 000000000..700b30924
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
@@ -0,0 +1,7 @@
+HTML.Nofollow
+TYPE: bool
+VERSION: 4.3.0
+DEFAULT: FALSE
+--DESCRIPTION--
+If enabled, nofollow rel attributes are added to all outgoing links.
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
new file mode 100644
index 000000000..5eb6ec2b5
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
@@ -0,0 +1,13 @@
+HTML.SafeIframe
+TYPE: bool
+VERSION: 4.4.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+ Whether or not to permit iframe tags in untrusted documents. This
+ directive must be accompanied by a whitelist of permitted iframes,
+ such as %URI.SafeIframeRegexp, otherwise it will fatally error.
+ This directive has no effect on strict doctypes, as iframes are not
+ valid.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
new file mode 100644
index 000000000..5ebc7a19d
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
@@ -0,0 +1,10 @@
+HTML.SafeScripting
+TYPE: lookup
+VERSION: 4.5.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+ Whether or not to permit script tags to external scripts in documents.
+ Inline scripting is not allowed, and the script must match an explicit whitelist.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
new file mode 100644
index 000000000..587a16778
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
@@ -0,0 +1,8 @@
+HTML.TargetBlank
+TYPE: bool
+VERSION: 4.4.0
+DEFAULT: FALSE
+--DESCRIPTION--
+If enabled, <code>target=blank</code> attributes are added to all outgoing links.
+(This includes links from an HTTPS version of a page to an HTTP version.)
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
index 89133b1a3..1db9237e9 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
@@ -5,4 +5,5 @@ DEFAULT: false
--DESCRIPTION--
Indicates whether or not the user input is trusted or not. If the input is
trusted, a more expansive set of allowed tags and attributes will be used.
+See also %CSS.Trusted.
--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt b/library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
new file mode 100644
index 000000000..d6f0d9f29
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
@@ -0,0 +1,15 @@
+Output.FixInnerHTML
+TYPE: bool
+VERSION: 4.3.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+ If true, HTML Purifier will protect against Internet Explorer's
+ mishandling of the <code>innerHTML</code> attribute by appending
+ a space to any attribute that does not contain angled brackets, spaces
+ or quotes, but contains a backtick. This slightly changes the
+ semantics of any given attribute, so if this is unacceptable and
+ you do not use <code>innerHTML</code> on any of your pages, you can
+ turn this directive off.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt b/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
index ae3a913f2..666635a5f 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
@@ -12,6 +12,6 @@ array (
--DESCRIPTION--
Whitelist that defines the schemes that a URI is allowed to have. This
prevents XSS attacks from using pseudo-schemes like javascript or mocha.
-There is also support for the <code>data</code> URI scheme, but it is not
-enabled by default.
+There is also support for the <code>data</code> and <code>file</code>
+URI schemes, but they are not enabled by default.
--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt b/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
index 51e6ea91f..f891de499 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
@@ -1,12 +1,15 @@
URI.DisableResources
TYPE: bool
-VERSION: 1.3.0
+VERSION: 4.2.0
DEFAULT: false
--DESCRIPTION--
-
<p>
Disables embedding resources, essentially meaning no pictures. You can
still link to them though. See %URI.DisableExternalResources for why
this might be a good idea.
</p>
+<p>
+ <em>Note:</em> While this directive has been available since 1.3.0,
+ it didn't actually start doing anything until 4.2.0.
+</p>
--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt b/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
index 0d00f62ea..1e17c1d46 100644
--- a/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
@@ -11,7 +11,7 @@ DEFAULT: NULL
to check if a URI has passed through HTML Purifier with this line:
</p>
-<pre>$checksum === sha1($secret_key . ':' . $url)</pre>
+<pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>
<p>
If the output is TRUE, the redirector script should accept the URI.
diff --git a/library/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt b/library/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
new file mode 100644
index 000000000..79084832b
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
@@ -0,0 +1,22 @@
+URI.SafeIframeRegexp
+TYPE: string/null
+VERSION: 4.4.0
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+ A PCRE regular expression that will be matched against an iframe URI. This is
+ a relatively inflexible scheme, but works well enough for the most common
+ use-case of iframes: embedded video. This directive only has an effect if
+ %HTML.SafeIframe is enabled. Here are some example values:
+</p>
+<ul>
+ <li><code>%^http://www.youtube.com/embed/%</code> - Allow YouTube videos</li>
+ <li><code>%^http://player.vimeo.com/video/%</code> - Allow Vimeo videos</li>
+ <li><code>%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%</code> - Allow both</li>
+</ul>
+<p>
+ Note that this directive does not give you enough granularity to, say, disable
+ all <code>autoplay</code> videos. Pipe up on the HTML Purifier forums if this
+ is a capability you want.
+</p>
+--# vim: et sw=4 sts=4