mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-19 06:23:12 +01:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
17 lines
645 B
Plaintext
Executable File
17 lines
645 B
Plaintext
Executable File
Attr.EnableID
|
|
TYPE: bool
|
|
DEFAULT: false
|
|
VERSION: 1.2.0
|
|
--DESCRIPTION--
|
|
Allows the ID attribute in HTML. This is disabled by default due to the
|
|
fact that without proper configuration user input can easily break the
|
|
validation of a webpage by specifying an ID that is already on the
|
|
surrounding HTML. If you don't mind throwing caution to the wind, enable
|
|
this directive, but I strongly recommend you also consider blacklisting IDs
|
|
you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
|
|
(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of
|
|
pre-1.2.0 versions.
|
|
--ALIASES--
|
|
HTML.EnableAttrID
|
|
--# vim: et sw=4 sts=4
|