forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
17 lines
645 B
Plaintext
Executable File
17 lines
645 B
Plaintext
Executable File
Attr.EnableID
|
|
TYPE: bool
|
|
DEFAULT: false
|
|
VERSION: 1.2.0
|
|
--DESCRIPTION--
|
|
Allows the ID attribute in HTML. This is disabled by default due to the
|
|
fact that without proper configuration user input can easily break the
|
|
validation of a webpage by specifying an ID that is already on the
|
|
surrounding HTML. If you don't mind throwing caution to the wind, enable
|
|
this directive, but I strongly recommend you also consider blacklisting IDs
|
|
you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
|
|
(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of
|
|
pre-1.2.0 versions.
|
|
--ALIASES--
|
|
HTML.EnableAttrID
|
|
--# vim: et sw=4 sts=4
|