[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / ConfigSchema / schema / URI.Munge.txt

URI.Munge\r
TYPE: string/null\r
VERSION: 1.3.0\r
DEFAULT: NULL\r
--DESCRIPTION--\r
\r
<p>\r
    Munges all browsable (usually http, https and ftp)\r
    absolute URIs into another URI, usually a URI redirection service.\r
    This directive accepts a URI, formatted with a <code>%s</code> where\r
    the url-encoded original URI should be inserted (sample:\r
    <code>http://www.google.com/url?q=%s</code>).\r
</p>\r
<p>\r
    Uses for this directive:\r
</p>\r
<ul>\r
    <li>\r
        Prevent PageRank leaks, while being fairly transparent\r
        to users (you may also want to add some client side JavaScript to\r
        override the text in the statusbar). <strong>Notice</strong>:\r
        Many security experts believe that this form of protection does not deter spam-bots.\r
    </li>\r
    <li>\r
        Redirect users to a splash page telling them they are leaving your\r
        website. While this is poor usability practice, it is often mandated\r
        in corporate environments.\r
    </li>\r
</ul>\r
<p>\r
    Prior to HTML Purifier 3.1.1, this directive also enabled the munging\r
    of browsable external resources, which could break things if your redirection\r
    script was a splash page or used <code>meta</code> tags. To revert to\r
    previous behavior, please use %URI.MungeResources.\r
</p>\r
<p>\r
    You may want to also use %URI.MungeSecretKey along with this directive\r
    in order to enforce what URIs your redirector script allows. Open\r
    redirector scripts can be a security risk and negatively affect the\r
    reputation of your domain name.\r
</p>\r
<p>\r
    Starting with HTML Purifier 3.1.1, there is also these substitutions:\r
</p>\r
<table>\r
    <thead>\r
        <tr>\r
            <th>Key</th>\r
            <th>Description</th>\r
            <th>Example <code>&lt;a href=""&gt;</code></th>\r
        </tr>\r
    </thead>\r
    <tbody>\r
        <tr>\r
            <td>%r</td>\r
            <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>\r
            <td></td>\r
        </tr>\r
        <tr>\r
            <td>%n</td>\r
            <td>The name of the tag this URI came from</td>\r
            <td>a</td>\r
        </tr>\r
        <tr>\r
            <td>%m</td>\r
            <td>The name of the attribute this URI came from</td>\r
            <td>href</td>\r
        </tr>\r
        <tr>\r
            <td>%p</td>\r
            <td>The name of the CSS property this URI came from, or blank if irrelevant</td>\r
            <td></td>\r
        </tr>\r
    </tbody>\r
</table>\r
<p>\r
    Admittedly, these letters are somewhat arbitrary; the only stipulation\r
    was that they couldn't be a through f. r is for resource (I would have preferred\r
    e, but you take what you can get), n is for name, m\r
    was picked because it came after n (and I couldn't use a), p is for\r
    property.\r
</p>\r
--# vim: et sw=4 sts=4\r
Commit	Line	Data
d4949327 NL	1	URI.Munge\r
	2	TYPE: string/null\r
	3	VERSION: 1.3.0\r
	4	DEFAULT: NULL\r
	5	--DESCRIPTION--\r
	6	\r
	7	<p>\r
	8	Munges all browsable (usually http, https and ftp)\r
	9	absolute URIs into another URI, usually a URI redirection service.\r
	10	This directive accepts a URI, formatted with a <code>%s</code> where\r
	11	the url-encoded original URI should be inserted (sample:\r
	12	<code>http://www.google.com/url?q=%s</code>).\r
	13	</p>\r
	14	<p>\r
	15	Uses for this directive:\r
	16	</p>\r
	17	<ul>\r
	18	<li>\r
	19	Prevent PageRank leaks, while being fairly transparent\r
	20	to users (you may also want to add some client side JavaScript to\r
	21	override the text in the statusbar). <strong>Notice</strong>:\r
	22	Many security experts believe that this form of protection does not deter spam-bots.\r
	23	</li>\r
	24	<li>\r
	25	Redirect users to a splash page telling them they are leaving your\r
	26	website. While this is poor usability practice, it is often mandated\r
	27	in corporate environments.\r
	28	</li>\r
	29	</ul>\r
	30	<p>\r
	31	Prior to HTML Purifier 3.1.1, this directive also enabled the munging\r
	32	of browsable external resources, which could break things if your redirection\r
	33	script was a splash page or used <code>meta</code> tags. To revert to\r
	34	previous behavior, please use %URI.MungeResources.\r
	35	</p>\r
	36	<p>\r
	37	You may want to also use %URI.MungeSecretKey along with this directive\r
	38	in order to enforce what URIs your redirector script allows. Open\r
	39	redirector scripts can be a security risk and negatively affect the\r
	40	reputation of your domain name.\r
	41	</p>\r
	42	<p>\r
	43	Starting with HTML Purifier 3.1.1, there is also these substitutions:\r
	44	</p>\r
	45	<table>\r
	46	<thead>\r
	47	<tr>\r
	48	<th>Key</th>\r
	49	<th>Description</th>\r
	50	<th>Example <code><a href=""></code></th>\r
	51	</tr>\r
	52	</thead>\r
	53	<tbody>\r
	54	<tr>\r
	55	<td>%r</td>\r
	56	<td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>\r
	57	<td></td>\r
	58	</tr>\r
	59	<tr>\r
	60	<td>%n</td>\r
	61	<td>The name of the tag this URI came from</td>\r
	62	<td>a</td>\r
	63	</tr>\r
	64	<tr>\r
65	<td>%m</td>\r
66	<td>The name of the attribute this URI came from</td>\r
67	<td>href</td>\r
68	</tr>\r
69	<tr>\r
70	<td>%p</td>\r
71	<td>The name of the CSS property this URI came from, or blank if irrelevant</td>\r
72	<td></td>\r
73	</tr>\r
74	</tbody>\r
75	</table>\r
76	<p>\r
77	Admittedly, these letters are somewhat arbitrary; the only stipulation\r
78	was that they couldn't be a through f. r is for resource (I would have preferred\r
79	e, but you take what you can get), n is for name, m\r
80	was picked because it came after n (and I couldn't use a), p is for\r
81	property.\r
82	</p>\r
83	--# vim: et sw=4 sts=4\r