mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-13 13:42:59 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
12 lines
461 B
Plaintext
Executable File
12 lines
461 B
Plaintext
Executable File
CSS.AllowTricky
|
|
TYPE: bool
|
|
DEFAULT: false
|
|
VERSION: 3.1.0
|
|
--DESCRIPTION--
|
|
This parameter determines whether or not to allow "tricky" CSS properties and
|
|
values. Tricky CSS properties/values can drastically modify page layout or
|
|
be used for deceptive practices but do not directly constitute a security risk.
|
|
For example, <code>display:none;</code> is considered a tricky property that
|
|
will only be allowed if this directive is set to true.
|
|
--# vim: et sw=4 sts=4
|