diff options
Diffstat (limited to 'lib/htmlpurifier/docs/proposal-new-directives.txt')
| -rw-r--r-- | lib/htmlpurifier/docs/proposal-new-directives.txt | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/lib/htmlpurifier/docs/proposal-new-directives.txt b/lib/htmlpurifier/docs/proposal-new-directives.txt deleted file mode 100644 index f54ee2d8d..000000000 --- a/lib/htmlpurifier/docs/proposal-new-directives.txt +++ /dev/null @@ -1,44 +0,0 @@ - -Configuration Ideas - -Here are some theoretical configuration ideas that we could implement some -time. Note the naming convention: %Namespace.Directive. If you want one -implemented, give us a ring, and we'll move it up the priority chain. - -%Attr.RewriteFragments - if there's %Attr.IDPrefix we may want to transparently - rewrite the URLs we parse too. However, we can only do it when it's a pure - anchor link, so it's not foolproof - -%Attr.ClassBlacklist, -%Attr.ClassWhitelist, -%Attr.ClassPolicy - determines what classes are allowed. When - %Attr.ClassPolicy is set to Blacklist, only allow those not in - %Attr.ClassBlacklist. When it's Whitelist, only allow those in - %Attr.ClassWhitelist. - -%Attr.MaxWidth, -%Attr.MaxHeight - caps for width and height related checks. - (the hack in Pixels for an image crashing attack could be replaced by this) - -%URI.AddRelNofollow - will add rel="nofollow" to all links, preventing the - spread of ill-gotten pagerank - -%URI.HostBlacklistRegex - regexes that if matching the host are disallowed -%URI.HostWhitelist - domain names that are excluded from the host blacklist -%URI.HostPolicy - determines whether or not its reject all and then whitelist - or allow all in then do specific blacklists with whitelist intervening. - 'DenyAll' or 'AllowAll' (default) - -%URI.DisableIPHosts - URIs that have IP addresses for hosts are disallowed. - Be sure to also grab unusual encodings (dword, hex and octal), which may - be currently be caught by regular DNS -%URI.DisableIDN - Disallow raw internationalized domain names. Punycode - will still be permitted. - -%URI.ConvertUnusualIPHosts - transform dword/hex/octal IP addresses to the - regular form -%URI.ConvertAbsoluteDNS - Remove extra dots after host names that trigger - absolute DNS. While this is actually the preferred method according to - the RFC, most people opt to use a relative domain name relative to . (root). - - vim: et sw=4 sts=4 |