mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-27 09:09:04 +01:00
add a function to create a HTML-Purifier config to clean up HTML
This commit is contained in:
parent
871701d774
commit
e05db77a24
@ -215,7 +215,7 @@ class html
|
||||
// enable target attributes
|
||||
$config->set('Attr.AllowedFrameTargets','_blank,_top,_self,_parent');
|
||||
// actual allowed tags and attributes
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true, 'data'=>true));
|
||||
$config->set('AutoFormat.RemoveEmpty', true);
|
||||
$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,sub,sup,center,div[align|style],hr[class|style],'.
|
||||
'font[size|color],'.
|
||||
@ -251,14 +251,14 @@ class html
|
||||
$config->set('HTML.DefinitionID', 'deactivatelinks');
|
||||
$config->set('HTML.DefinitionRev', 1);
|
||||
// doctype and tidylevel
|
||||
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
|
||||
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
|
||||
$config->set('HTML.TidyLevel', 'light');
|
||||
// EnableID is needed for anchor tags
|
||||
$config->set('Attr.EnableID',true);
|
||||
// enable target attributes
|
||||
$config->set('Attr.AllowedFrameTargets','_blank,_top,_self,_parent');
|
||||
// actual allowed tags and attributes
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true, 'data'=>true));
|
||||
$config->set('AutoFormat.RemoveEmpty', true);
|
||||
$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,sub,sup,center,div[align|style],hr[class|style],'.
|
||||
'font[size|color],'.
|
||||
@ -1412,6 +1412,46 @@ class html
|
||||
return HTMLPurifier_Config::createDefault();
|
||||
}
|
||||
|
||||
/**
|
||||
* creates a HTMLPurifier default config for the needs of HTMLTidy
|
||||
*
|
||||
* @return HTMLPurifier_Config object
|
||||
*/
|
||||
static function purifyCreateHTMLTidyConfig()
|
||||
{
|
||||
$config = html::purifyCreateDefaultConfig();
|
||||
// maybe the two following lines are useful for caching???
|
||||
$config->set('HTML.DefinitionID', 'egroupwareHTMLTidyConfig');
|
||||
$config->set('HTML.DefinitionRev', 1);
|
||||
$config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8')); // doctype and tidylevel
|
||||
$config->set('Core.RemoveInvalidImg', false);
|
||||
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
|
||||
$config->set('HTML.TidyLevel', 'light');
|
||||
$config->set('Attr.EnableID',true);
|
||||
// enable target attributes
|
||||
$config->set('Attr.AllowedFrameTargets','_blank,_top,_self,_parent');
|
||||
// actual allowed tags and attributes
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
|
||||
$config->set('AutoFormat.RemoveEmpty', true);
|
||||
$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,sub,sup,center,div[align|style],hr[class|style],'.
|
||||
'font[size|color],'.
|
||||
'ul[type],ol[type|start],li,'.
|
||||
'h1,h2,h3,h4,h5,h6,'.
|
||||
'span[class|style],'.
|
||||
'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'.
|
||||
'tbody,thead,tfoot,colgroup,'.
|
||||
'col[width|span],'.
|
||||
'blockquote[class|cite|dir],'.
|
||||
'tr[class|style|align|bgcolor|align|valign],'.
|
||||
'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
|
||||
'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
|
||||
'a[href|target|name|title],'.
|
||||
'img[src|alt|title|align|style|width|height]');
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true, 'data'=>true));
|
||||
$config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir()));
|
||||
return $config;
|
||||
}
|
||||
|
||||
/**
|
||||
* Runs HTMLPurifier over supplied html to remove malicious code
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user