forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
12 lines
461 B
Plaintext
Executable File
12 lines
461 B
Plaintext
Executable File
CSS.AllowTricky
|
|
TYPE: bool
|
|
DEFAULT: false
|
|
VERSION: 3.1.0
|
|
--DESCRIPTION--
|
|
This parameter determines whether or not to allow "tricky" CSS properties and
|
|
values. Tricky CSS properties/values can drastically modify page layout or
|
|
be used for deceptive practices but do not directly constitute a security risk.
|
|
For example, <code>display:none;</code> is considered a tricky property that
|
|
will only be allowed if this directive is set to true.
|
|
--# vim: et sw=4 sts=4
|