diff options
Diffstat (limited to 'library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt')
-rw-r--r-- | library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt b/library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt new file mode 100644 index 000000000..6440d2103 --- /dev/null +++ b/library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt @@ -0,0 +1,16 @@ +Attr.EnableID +TYPE: bool +DEFAULT: false +VERSION: 1.2.0 +--DESCRIPTION-- +Allows the ID attribute in HTML. This is disabled by default due to the +fact that without proper configuration user input can easily break the +validation of a webpage by specifying an ID that is already on the +surrounding HTML. If you don't mind throwing caution to the wind, enable +this directive, but I strongly recommend you also consider blacklisting IDs +you use (%Attr.IDBlacklist) or prefixing all user supplied IDs +(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of +pre-1.2.0 versions. +--ALIASES-- +HTML.EnableAttrID +--# vim: et sw=4 sts=4 |