mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-29 18:18:56 +01:00
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
34 lines
1.2 KiB
Plaintext
Executable File
34 lines
1.2 KiB
Plaintext
Executable File
HTML.DefinitionID
|
|
TYPE: string/null
|
|
DEFAULT: NULL
|
|
VERSION: 2.0.0
|
|
--DESCRIPTION--
|
|
|
|
<p>
|
|
Unique identifier for a custom-built HTML definition. If you edit
|
|
the raw version of the HTMLDefinition, introducing changes that the
|
|
configuration object does not reflect, you must specify this variable.
|
|
If you change your custom edits, you should change this directive, or
|
|
clear your cache. Example:
|
|
</p>
|
|
<pre>
|
|
$config = HTMLPurifier_Config::createDefault();
|
|
$config->set('HTML', 'DefinitionID', '1');
|
|
$def = $config->getHTMLDefinition();
|
|
$def->addAttribute('a', 'tabindex', 'Number');
|
|
</pre>
|
|
<p>
|
|
In the above example, the configuration is still at the defaults, but
|
|
using the advanced API, an extra attribute has been added. The
|
|
configuration object normally has no way of knowing that this change
|
|
has taken place, so it needs an extra directive: %HTML.DefinitionID.
|
|
If someone else attempts to use the default configuration, these two
|
|
pieces of code will not clobber each other in the cache, since one has
|
|
an extra directive attached to it.
|
|
</p>
|
|
<p>
|
|
You <em>must</em> specify a value to this directive to use the
|
|
advanced API features.
|
|
</p>
|
|
--# vim: et sw=4 sts=4
|