mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-20 04:48:50 +01:00
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
39 lines
1.1 KiB
PHP
Executable File
39 lines
1.1 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* XHTML 1.1 Edit Module, defines editing-related elements. Text Extension
|
|
* Module.
|
|
*/
|
|
class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule
|
|
{
|
|
|
|
public $name = 'Edit';
|
|
|
|
public function setup($config) {
|
|
$contents = 'Chameleon: #PCDATA | Inline ! #PCDATA | Flow';
|
|
$attr = array(
|
|
'cite' => 'URI',
|
|
// 'datetime' => 'Datetime', // not implemented
|
|
);
|
|
$this->addElement('del', 'Inline', $contents, 'Common', $attr);
|
|
$this->addElement('ins', 'Inline', $contents, 'Common', $attr);
|
|
}
|
|
|
|
// HTML 4.01 specifies that ins/del must not contain block
|
|
// elements when used in an inline context, chameleon is
|
|
// a complicated workaround to acheive this effect
|
|
|
|
// Inline context ! Block context (exclamation mark is
|
|
// separator, see getChildDef for parsing)
|
|
|
|
public $defines_child_def = true;
|
|
public function getChildDef($def) {
|
|
if ($def->content_model_type != 'chameleon') return false;
|
|
$value = explode('!', $def->content_model);
|
|
return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]);
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|