mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-13 13:42:59 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
18 lines
611 B
Plaintext
Executable File
18 lines
611 B
Plaintext
Executable File
URI.MungeResources
|
|
TYPE: bool
|
|
VERSION: 3.1.1
|
|
DEFAULT: false
|
|
--DESCRIPTION--
|
|
<p>
|
|
If true, any URI munging directives like %URI.Munge
|
|
will also apply to embedded resources, such as <code><img src=""></code>.
|
|
Be careful enabling this directive if you have a redirector script
|
|
that does not use the <code>Location</code> HTTP header; all of your images
|
|
and other embedded resources will break.
|
|
</p>
|
|
<p>
|
|
<strong>Warning:</strong> It is strongly advised you use this in conjunction
|
|
%URI.MungeSecretKey to mitigate the security risk of an open redirector.
|
|
</p>
|
|
--# vim: et sw=4 sts=4
|