forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
14 lines
549 B
Plaintext
Executable File
14 lines
549 B
Plaintext
Executable File
URI.DisableExternalResources
|
|
TYPE: bool
|
|
VERSION: 1.3.0
|
|
DEFAULT: false
|
|
--DESCRIPTION--
|
|
Disables the embedding of external resources, preventing users from
|
|
embedding things like images from other hosts. This prevents access
|
|
tracking (good for email viewers), bandwidth leeching, cross-site request
|
|
forging, goatse.cx posting, and other nasties, but also results in a loss
|
|
of end-user functionality (they can't directly post a pic they posted from
|
|
Flickr anymore). Use it if you don't have a robust user-content moderation
|
|
team.
|
|
--# vim: et sw=4 sts=4
|