diff options
| author | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-18 17:50:05 +0100 |
|---|---|---|
| committer | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-26 00:41:27 +0100 |
| commit | f718e2b0db0fe3477212a8dd6c3ec067f4432862 (patch) | |
| tree | 8dfbd3b3d4bdcd967b50f1ee4655440bcdef5bb8 /vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php | |
| parent | 2115eb26a7fd2ca937286bd4e98ab74c7d6e9525 (diff) | |
| download | volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.gz volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.tar.bz2 volse-hubzilla-f718e2b0db0fe3477212a8dd6c3ec067f4432862.zip | |
:arrow_up: Update HTML Purifier library.
Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility.
Used composer to manage this library.
Diffstat (limited to 'vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php')
| -rw-r--r-- | vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php new file mode 100644 index 000000000..8b28a7b7e --- /dev/null +++ b/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php @@ -0,0 +1,73 @@ +<?php + +/* + +WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING +INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!! + +*/ + +/** + * XHTML 1.1 Scripting module, defines elements that are used to contain + * information pertaining to executable scripts or the lack of support + * for executable scripts. + * @note This module does not contain inline scripting elements + */ +class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule +{ + /** + * @type string + */ + public $name = 'Scripting'; + + /** + * @type array + */ + public $elements = array('script', 'noscript'); + + /** + * @type array + */ + public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript'); + + /** + * @type bool + */ + public $safe = false; + + /** + * @param HTMLPurifier_Config $config + */ + public function setup($config) + { + // TODO: create custom child-definition for noscript that + // auto-wraps stray #PCDATA in a similar manner to + // blockquote's custom definition (we would use it but + // blockquote's contents are optional while noscript's contents + // are required) + + // TODO: convert this to new syntax, main problem is getting + // both content sets working + + // In theory, this could be safe, but I don't see any reason to + // allow it. + $this->info['noscript'] = new HTMLPurifier_ElementDef(); + $this->info['noscript']->attr = array(0 => array('Common')); + $this->info['noscript']->content_model = 'Heading | List | Block'; + $this->info['noscript']->content_model_type = 'required'; + + $this->info['script'] = new HTMLPurifier_ElementDef(); + $this->info['script']->attr = array( + 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')), + 'src' => new HTMLPurifier_AttrDef_URI(true), + 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript')) + ); + $this->info['script']->content_model = '#PCDATA'; + $this->info['script']->content_model_type = 'optional'; + $this->info['script']->attr_transform_pre[] = + $this->info['script']->attr_transform_post[] = + new HTMLPurifier_AttrTransform_ScriptRequired(); + } +} + +// vim: et sw=4 sts=4 |