forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
41 lines
1.2 KiB
PHP
Executable File
41 lines
1.2 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* XHTML 1.1 Image Module provides basic image embedding.
|
|
* @note There is specialized code for removing empty images in
|
|
* HTMLPurifier_Strategy_RemoveForeignElements
|
|
*/
|
|
class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
|
|
{
|
|
|
|
public $name = 'Image';
|
|
|
|
public function setup($config) {
|
|
$max = $config->get('HTML', 'MaxImgLength');
|
|
$img = $this->addElement(
|
|
'img', 'Inline', 'Empty', 'Common',
|
|
array(
|
|
'alt*' => 'Text',
|
|
// According to the spec, it's Length, but percents can
|
|
// be abused, so we allow only Pixels.
|
|
'height' => 'Pixels#' . $max,
|
|
'width' => 'Pixels#' . $max,
|
|
'longdesc' => 'URI',
|
|
'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
|
|
)
|
|
);
|
|
if ($max === null || $config->get('HTML', 'Trusted')) {
|
|
$img->attr['height'] =
|
|
$img->attr['width'] = 'Length';
|
|
}
|
|
|
|
// kind of strange, but splitting things up would be inefficient
|
|
$img->attr_transform_pre[] =
|
|
$img->attr_transform_post[] =
|
|
new HTMLPurifier_AttrTransform_ImgRequired();
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|