aboutsummaryrefslogtreecommitdiffstats
path: root/library/HTMLPurifier/HTMLModule/Forms.php
diff options
context:
space:
mode:
Diffstat (limited to 'library/HTMLPurifier/HTMLModule/Forms.php')
-rw-r--r--library/HTMLPurifier/HTMLModule/Forms.php216
1 files changed, 144 insertions, 72 deletions
diff --git a/library/HTMLPurifier/HTMLModule/Forms.php b/library/HTMLPurifier/HTMLModule/Forms.php
index 44c22f6f8..6f7ddbc05 100644
--- a/library/HTMLPurifier/HTMLModule/Forms.php
+++ b/library/HTMLPurifier/HTMLModule/Forms.php
@@ -5,86 +5,142 @@
*/
class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
{
+ /**
+ * @type string
+ */
public $name = 'Forms';
+
+ /**
+ * @type bool
+ */
public $safe = false;
+ /**
+ * @type array
+ */
public $content_sets = array(
'Block' => 'Form',
'Inline' => 'Formctrl',
);
- public function setup($config) {
- $form = $this->addElement('form', 'Form',
- 'Required: Heading | List | Block | fieldset', 'Common', array(
- 'accept' => 'ContentTypes',
- 'accept-charset' => 'Charsets',
- 'action*' => 'URI',
- 'method' => 'Enum#get,post',
- // really ContentType, but these two are the only ones used today
- 'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data',
- ));
+ /**
+ * @param HTMLPurifier_Config $config
+ */
+ public function setup($config)
+ {
+ $form = $this->addElement(
+ 'form',
+ 'Form',
+ 'Required: Heading | List | Block | fieldset',
+ 'Common',
+ array(
+ 'accept' => 'ContentTypes',
+ 'accept-charset' => 'Charsets',
+ 'action*' => 'URI',
+ 'method' => 'Enum#get,post',
+ // really ContentType, but these two are the only ones used today
+ 'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data',
+ )
+ );
$form->excludes = array('form' => true);
- $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array(
- 'accept' => 'ContentTypes',
- 'accesskey' => 'Character',
- 'alt' => 'Text',
- 'checked' => 'Bool#checked',
- 'disabled' => 'Bool#disabled',
- 'maxlength' => 'Number',
- 'name' => 'CDATA',
- 'readonly' => 'Bool#readonly',
- 'size' => 'Number',
- 'src' => 'URI#embeds',
- 'tabindex' => 'Number',
- 'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
- 'value' => 'CDATA',
- ));
+ $input = $this->addElement(
+ 'input',
+ 'Formctrl',
+ 'Empty',
+ 'Common',
+ array(
+ 'accept' => 'ContentTypes',
+ 'accesskey' => 'Character',
+ 'alt' => 'Text',
+ 'checked' => 'Bool#checked',
+ 'disabled' => 'Bool#disabled',
+ 'maxlength' => 'Number',
+ 'name' => 'CDATA',
+ 'readonly' => 'Bool#readonly',
+ 'size' => 'Number',
+ 'src' => 'URI#embedded',
+ 'tabindex' => 'Number',
+ 'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
+ 'value' => 'CDATA',
+ )
+ );
$input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input();
- $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array(
- 'disabled' => 'Bool#disabled',
- 'multiple' => 'Bool#multiple',
- 'name' => 'CDATA',
- 'size' => 'Number',
- 'tabindex' => 'Number',
- ));
-
- $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array(
- 'disabled' => 'Bool#disabled',
- 'label' => 'Text',
- 'selected' => 'Bool#selected',
- 'value' => 'CDATA',
- ));
+ $this->addElement(
+ 'select',
+ 'Formctrl',
+ 'Required: optgroup | option',
+ 'Common',
+ array(
+ 'disabled' => 'Bool#disabled',
+ 'multiple' => 'Bool#multiple',
+ 'name' => 'CDATA',
+ 'size' => 'Number',
+ 'tabindex' => 'Number',
+ )
+ );
+
+ $this->addElement(
+ 'option',
+ false,
+ 'Optional: #PCDATA',
+ 'Common',
+ array(
+ 'disabled' => 'Bool#disabled',
+ 'label' => 'Text',
+ 'selected' => 'Bool#selected',
+ 'value' => 'CDATA',
+ )
+ );
// It's illegal for there to be more than one selected, but not
// be multiple. Also, no selected means undefined behavior. This might
// be difficult to implement; perhaps an injector, or a context variable.
- $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array(
- 'accesskey' => 'Character',
- 'cols*' => 'Number',
- 'disabled' => 'Bool#disabled',
- 'name' => 'CDATA',
- 'readonly' => 'Bool#readonly',
- 'rows*' => 'Number',
- 'tabindex' => 'Number',
- ));
+ $textarea = $this->addElement(
+ 'textarea',
+ 'Formctrl',
+ 'Optional: #PCDATA',
+ 'Common',
+ array(
+ 'accesskey' => 'Character',
+ 'cols*' => 'Number',
+ 'disabled' => 'Bool#disabled',
+ 'name' => 'CDATA',
+ 'readonly' => 'Bool#readonly',
+ 'rows*' => 'Number',
+ 'tabindex' => 'Number',
+ )
+ );
$textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea();
- $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array(
- 'accesskey' => 'Character',
- 'disabled' => 'Bool#disabled',
- 'name' => 'CDATA',
- 'tabindex' => 'Number',
- 'type' => 'Enum#button,submit,reset',
- 'value' => 'CDATA',
- ));
+ $button = $this->addElement(
+ 'button',
+ 'Formctrl',
+ 'Optional: #PCDATA | Heading | List | Block | Inline',
+ 'Common',
+ array(
+ 'accesskey' => 'Character',
+ 'disabled' => 'Bool#disabled',
+ 'name' => 'CDATA',
+ 'tabindex' => 'Number',
+ 'type' => 'Enum#button,submit,reset',
+ 'value' => 'CDATA',
+ )
+ );
// For exclusions, ideally we'd specify content sets, not literal elements
$button->excludes = $this->makeLookup(
- 'form', 'fieldset', // Form
- 'input', 'select', 'textarea', 'label', 'button', // Formctrl
- 'a' // as per HTML 4.01 spec, this is omitted by modularization
+ 'form',
+ 'fieldset', // Form
+ 'input',
+ 'select',
+ 'textarea',
+ 'label',
+ 'button', // Formctrl
+ 'a', // as per HTML 4.01 spec, this is omitted by modularization
+ 'isindex',
+ 'iframe' // legacy items
);
// Extra exclusion: img usemap="" is not permitted within this element.
@@ -94,24 +150,40 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
// This is HIGHLY user-unfriendly; we need a custom child-def for this
$this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common');
- $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array(
- 'accesskey' => 'Character',
- // 'for' => 'IDREF', // IDREF not implemented, cannot allow
- ));
+ $label = $this->addElement(
+ 'label',
+ 'Formctrl',
+ 'Optional: #PCDATA | Inline',
+ 'Common',
+ array(
+ 'accesskey' => 'Character',
+ // 'for' => 'IDREF', // IDREF not implemented, cannot allow
+ )
+ );
$label->excludes = array('label' => true);
- $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array(
- 'accesskey' => 'Character',
- ));
-
- $this->addElement('optgroup', false, 'Required: option', 'Common', array(
- 'disabled' => 'Bool#disabled',
- 'label*' => 'Text',
- ));
+ $this->addElement(
+ 'legend',
+ false,
+ 'Optional: #PCDATA | Inline',
+ 'Common',
+ array(
+ 'accesskey' => 'Character',
+ )
+ );
+ $this->addElement(
+ 'optgroup',
+ false,
+ 'Required: option',
+ 'Common',
+ array(
+ 'disabled' => 'Bool#disabled',
+ 'label*' => 'Text',
+ )
+ );
// Don't forget an injector for <isindex>. This one's a little complex
// because it maps to multiple elements.
-
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 16:22:18 +0000