[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / HTMLModule / SafeScripting.php

<?php\r
\r
/**\r
 * A "safe" script module. No inline JS is allowed, and pointed to JS\r
 * files must match whitelist.\r
 */\r
class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule\r
{\r
    /**\r
     * @type string\r
     */\r
    public $name = 'SafeScripting';\r
\r
    /**\r
     * @param HTMLPurifier_Config $config\r
     */\r
    public function setup($config)\r
    {\r
        // These definitions are not intrinsically safe: the attribute transforms\r
        // are a vital part of ensuring safety.\r
\r
        $allowed = $config->get('HTML.SafeScripting');\r
        $script = $this->addElement(\r
            'script',\r
            'Inline',\r
            'Empty',\r
            null,\r
            array(\r
                // While technically not required by the spec, we're forcing\r
                // it to this value.\r
                'type' => 'Enum#text/javascript',\r
                'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))\r
            )\r
        );\r
        $script->attr_transform_pre[] =\r
        $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();\r
    }\r
}\r
\r
// vim: et sw=4 sts=4\r
Commit	Line	Data
d4949327 NL	1	<?php\r
	2	\r
	3	/**\r
	4	* A "safe" script module. No inline JS is allowed, and pointed to JS\r
	5	* files must match whitelist.\r
	6	*/\r
	7	class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule\r
	8	{\r
	9	/**\r
	10	* @type string\r
	11	*/\r
	12	public $name = 'SafeScripting';\r
	13	\r
	14	/**\r
	15	* @param HTMLPurifier_Config $config\r
	16	*/\r
	17	public function setup($config)\r
	18	{\r
	19	// These definitions are not intrinsically safe: the attribute transforms\r
	20	// are a vital part of ensuring safety.\r
	21	\r
	22	$allowed = $config->get('HTML.SafeScripting');\r
	23	$script = $this->addElement(\r
	24	'script',\r
	25	'Inline',\r
	26	'Empty',\r
	27	null,\r
	28	array(\r
	29	// While technically not required by the spec, we're forcing\r
	30	// it to this value.\r
	31	'type' => 'Enum#text/javascript',\r
	32	'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))\r
	33	)\r
	34	);\r
	35	$script->attr_transform_pre[] =\r
	36	$script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();\r
	37	}\r
	38	}\r
	39	\r
	40	// vim: et sw=4 sts=4\r