forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
23 lines
810 B
Plaintext
Executable File
23 lines
810 B
Plaintext
Executable File
HTML.Allowed
|
|
TYPE: itext/null
|
|
VERSION: 2.0.0
|
|
DEFAULT: NULL
|
|
--DESCRIPTION--
|
|
|
|
<p>
|
|
This is a convenience directive that rolls the functionality of
|
|
%HTML.AllowedElements and %HTML.AllowedAttributes into one directive.
|
|
Specify elements and attributes that are allowed using:
|
|
<code>element1[attr1|attr2],element2...</code>. You can also use
|
|
newlines instead of commas to separate elements.
|
|
</p>
|
|
<p>
|
|
<strong>Warning</strong>:
|
|
All of the constraints on the component directives are still enforced.
|
|
The syntax is a <em>subset</em> of TinyMCE's <code>valid_elements</code>
|
|
whitelist: directly copy-pasting it here will probably result in
|
|
broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
|
|
are set, this directive has no effect.
|
|
</p>
|
|
--# vim: et sw=4 sts=4
|