Added HTMLPurifier (http://htmlpurifier.org/) Version 3.3.0

- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
2025-08-09 16:35:02 +02:00 · 2009-05-19 17:32:06 +00:00
parent 75850fd66b
commit 8f797be836
332 changed files with 25369 additions and 1 deletions
--- a/phpgwapi/inc/htmlpurifier/library/HTMLPurifier/HTMLModule/Object.php
+++ b/phpgwapi/inc/htmlpurifier/library/HTMLPurifier/HTMLModule/Object.php
@ -0,0 +1,47 @@
+<?php
+
+/**
+ * XHTML 1.1 Object Module, defines elements for generic object inclusion
+ * @warning Users will commonly use <embed> to cater to legacy browsers: this
+ *      module does not allow this sort of behavior
+ */
+class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
+{
+
+    public $name = 'Object';
+    public $safe = false;
+
+    public function setup($config) {
+
+        $this->addElement('object', 'Inline', 'Optional: #PCDATA | Flow | param', 'Common',
+            array(
+                'archive' => 'URI',
+                'classid' => 'URI',
+                'codebase' => 'URI',
+                'codetype' => 'Text',
+                'data' => 'URI',
+                'declare' => 'Bool#declare',
+                'height' => 'Length',
+                'name' => 'CDATA',
+                'standby' => 'Text',
+                'tabindex' => 'Number',
+                'type' => 'ContentType',
+                'width' => 'Length'
+            )
+        );
+
+        $this->addElement('param', false, 'Empty', false,
+            array(
+                'id' => 'ID',
+                'name*' => 'Text',
+                'type' => 'Text',
+                'value' => 'Text',
+                'valuetype' => 'Enum#data,ref,object'
+           )
+        );
+
+    }
+
+}
+
+// vim: et sw=4 sts=4