[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / HTMLModule / SafeObject.php

<?php\r
\r
/**\r
 * A "safe" object module. In theory, objects permitted by this module will\r
 * be safe, and untrusted users can be allowed to embed arbitrary flash objects\r
 * (maybe other types too, but only Flash is supported as of right now).\r
 * Highly experimental.\r
 */\r
class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule\r
{\r
    /**\r
     * @type string\r
     */\r
    public $name = 'SafeObject';\r
\r
    /**\r
     * @param HTMLPurifier_Config $config\r
     */\r
    public function setup($config)\r
    {\r
        // These definitions are not intrinsically safe: the attribute transforms\r
        // are a vital part of ensuring safety.\r
\r
        $max = $config->get('HTML.MaxImgLength');\r
        $object = $this->addElement(\r
            'object',\r
            'Inline',\r
            'Optional: param | Flow | #PCDATA',\r
            'Common',\r
            array(\r
                // While technically not required by the spec, we're forcing\r
                // it to this value.\r
                'type' => 'Enum#application/x-shockwave-flash',\r
                'width' => 'Pixels#' . $max,\r
                'height' => 'Pixels#' . $max,\r
                'data' => 'URI#embedded',\r
                'codebase' => new HTMLPurifier_AttrDef_Enum(\r
                    array(\r
                        'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'\r
                    )\r
                ),\r
            )\r
        );\r
        $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();\r
\r
        $param = $this->addElement(\r
            'param',\r
            false,\r
            'Empty',\r
            false,\r
            array(\r
                'id' => 'ID',\r
                'name*' => 'Text',\r
                'value' => 'Text'\r
            )\r
        );\r
        $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();\r
        $this->info_injector[] = 'SafeObject';\r
    }\r
}\r
\r
// vim: et sw=4 sts=4\r
Commit	Line	Data
d4949327 NL	1	<?php\r
	2	\r
	3	/**\r
	4	* A "safe" object module. In theory, objects permitted by this module will\r
	5	* be safe, and untrusted users can be allowed to embed arbitrary flash objects\r
	6	* (maybe other types too, but only Flash is supported as of right now).\r
	7	* Highly experimental.\r
	8	*/\r
	9	class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule\r
	10	{\r
	11	/**\r
	12	* @type string\r
	13	*/\r
	14	public $name = 'SafeObject';\r
	15	\r
	16	/**\r
	17	* @param HTMLPurifier_Config $config\r
	18	*/\r
	19	public function setup($config)\r
	20	{\r
	21	// These definitions are not intrinsically safe: the attribute transforms\r
	22	// are a vital part of ensuring safety.\r
	23	\r
	24	$max = $config->get('HTML.MaxImgLength');\r
	25	$object = $this->addElement(\r
	26	'object',\r
	27	'Inline',\r
	28	'Optional: param \| Flow \| #PCDATA',\r
	29	'Common',\r
	30	array(\r
	31	// While technically not required by the spec, we're forcing\r
	32	// it to this value.\r
	33	'type' => 'Enum#application/x-shockwave-flash',\r
	34	'width' => 'Pixels#' . $max,\r
	35	'height' => 'Pixels#' . $max,\r
	36	'data' => 'URI#embedded',\r
	37	'codebase' => new HTMLPurifier_AttrDef_Enum(\r
	38	array(\r
	39	'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'\r
	40	)\r
	41	),\r
	42	)\r
	43	);\r
	44	$object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();\r
	45	\r
	46	$param = $this->addElement(\r
	47	'param',\r
	48	false,\r
	49	'Empty',\r
	50	false,\r
	51	array(\r
	52	'id' => 'ID',\r
	53	'name*' => 'Text',\r
	54	'value' => 'Text'\r
	55	)\r
	56	);\r
	57	$param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();\r
	58	$this->info_injector[] = 'SafeObject';\r
	59	}\r
	60	}\r
	61	\r
	62	// vim: et sw=4 sts=4\r