mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-05 22:30:42 +01:00
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
34 lines
912 B
PHP
Executable File
34 lines
912 B
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* A "safe" embed module. See SafeObject. This is a proprietary element.
|
|
*/
|
|
class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
|
|
{
|
|
|
|
public $name = 'SafeEmbed';
|
|
|
|
public function setup($config) {
|
|
|
|
$max = $config->get('HTML', 'MaxImgLength');
|
|
$embed = $this->addElement(
|
|
'embed', 'Inline', 'Empty', 'Common',
|
|
array(
|
|
'src*' => 'URI#embedded',
|
|
'type' => 'Enum#application/x-shockwave-flash',
|
|
'width' => 'Pixels#' . $max,
|
|
'height' => 'Pixels#' . $max,
|
|
'allowscriptaccess' => 'Enum#never',
|
|
'allownetworking' => 'Enum#internal',
|
|
'wmode' => 'Enum#window',
|
|
'name' => 'ID',
|
|
)
|
|
);
|
|
$embed->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeEmbed();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|