See Release Notes
Long Term Support Release
1 <?php 2 3 /* 4 5 WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING 6 INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!! 7 8 */ 9 10 /** 11 * XHTML 1.1 Scripting module, defines elements that are used to contain 12 * information pertaining to executable scripts or the lack of support 13 * for executable scripts. 14 * @note This module does not contain inline scripting elements 15 */ 16 class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule 17 { 18 /** 19 * @type string 20 */ 21 public $name = 'Scripting'; 22 23 /** 24 * @type array 25 */ 26 public $elements = array('script', 'noscript'); 27 28 /** 29 * @type array 30 */ 31 public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript'); 32 33 /** 34 * @type bool 35 */ 36 public $safe = false; 37 38 /** 39 * @param HTMLPurifier_Config $config 40 */ 41 public function setup($config) 42 { 43 // TODO: create custom child-definition for noscript that 44 // auto-wraps stray #PCDATA in a similar manner to 45 // blockquote's custom definition (we would use it but 46 // blockquote's contents are optional while noscript's contents 47 // are required) 48 49 // TODO: convert this to new syntax, main problem is getting 50 // both content sets working 51 52 // In theory, this could be safe, but I don't see any reason to 53 // allow it. 54 $this->info['noscript'] = new HTMLPurifier_ElementDef(); 55 $this->info['noscript']->attr = array(0 => array('Common')); 56 $this->info['noscript']->content_model = 'Heading | List | Block'; 57 $this->info['noscript']->content_model_type = 'required'; 58 59 $this->info['script'] = new HTMLPurifier_ElementDef(); 60 $this->info['script']->attr = array( 61 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')), 62 'src' => new HTMLPurifier_AttrDef_URI(true), 63 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript')) 64 ); 65 $this->info['script']->content_model = '#PCDATA'; 66 $this->info['script']->content_model_type = 'optional'; 67 $this->info['script']->attr_transform_pre[] = 68 $this->info['script']->attr_transform_post[] = 69 new HTMLPurifier_AttrTransform_ScriptRequired(); 70 } 71 } 72 73 // vim: et sw=4 sts=4
title
Description
Body
title
Description
Body
title
Description
Body
title
Body