forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
48 lines
1.3 KiB
PHP
Executable File
48 lines
1.3 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* XHTML 1.1 Object Module, defines elements for generic object inclusion
|
|
* @warning Users will commonly use <embed> to cater to legacy browsers: this
|
|
* module does not allow this sort of behavior
|
|
*/
|
|
class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
|
|
{
|
|
|
|
public $name = 'Object';
|
|
public $safe = false;
|
|
|
|
public function setup($config) {
|
|
|
|
$this->addElement('object', 'Inline', 'Optional: #PCDATA | Flow | param', 'Common',
|
|
array(
|
|
'archive' => 'URI',
|
|
'classid' => 'URI',
|
|
'codebase' => 'URI',
|
|
'codetype' => 'Text',
|
|
'data' => 'URI',
|
|
'declare' => 'Bool#declare',
|
|
'height' => 'Length',
|
|
'name' => 'CDATA',
|
|
'standby' => 'Text',
|
|
'tabindex' => 'Number',
|
|
'type' => 'ContentType',
|
|
'width' => 'Length'
|
|
)
|
|
);
|
|
|
|
$this->addElement('param', false, 'Empty', false,
|
|
array(
|
|
'id' => 'ID',
|
|
'name*' => 'Text',
|
|
'type' => 'Text',
|
|
'value' => 'Text',
|
|
'valuetype' => 'Enum#data,ref,object'
|
|
)
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|