]>
Commit | Line | Data |
---|---|---|
d4949327 NL |
1 | <?php\r |
2 | \r | |
3 | /*\r | |
4 | \r | |
5 | WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING\r | |
6 | INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!\r | |
7 | \r | |
8 | */\r | |
9 | \r | |
10 | /**\r | |
11 | * XHTML 1.1 Scripting module, defines elements that are used to contain\r | |
12 | * information pertaining to executable scripts or the lack of support\r | |
13 | * for executable scripts.\r | |
14 | * @note This module does not contain inline scripting elements\r | |
15 | */\r | |
16 | class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule\r | |
17 | {\r | |
18 | /**\r | |
19 | * @type string\r | |
20 | */\r | |
21 | public $name = 'Scripting';\r | |
22 | \r | |
23 | /**\r | |
24 | * @type array\r | |
25 | */\r | |
26 | public $elements = array('script', 'noscript');\r | |
27 | \r | |
28 | /**\r | |
29 | * @type array\r | |
30 | */\r | |
31 | public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');\r | |
32 | \r | |
33 | /**\r | |
34 | * @type bool\r | |
35 | */\r | |
36 | public $safe = false;\r | |
37 | \r | |
38 | /**\r | |
39 | * @param HTMLPurifier_Config $config\r | |
40 | */\r | |
41 | public function setup($config)\r | |
42 | {\r | |
43 | // TODO: create custom child-definition for noscript that\r | |
44 | // auto-wraps stray #PCDATA in a similar manner to\r | |
45 | // blockquote's custom definition (we would use it but\r | |
46 | // blockquote's contents are optional while noscript's contents\r | |
47 | // are required)\r | |
48 | \r | |
49 | // TODO: convert this to new syntax, main problem is getting\r | |
50 | // both content sets working\r | |
51 | \r | |
52 | // In theory, this could be safe, but I don't see any reason to\r | |
53 | // allow it.\r | |
54 | $this->info['noscript'] = new HTMLPurifier_ElementDef();\r | |
55 | $this->info['noscript']->attr = array(0 => array('Common'));\r | |
56 | $this->info['noscript']->content_model = 'Heading | List | Block';\r | |
57 | $this->info['noscript']->content_model_type = 'required';\r | |
58 | \r | |
59 | $this->info['script'] = new HTMLPurifier_ElementDef();\r | |
60 | $this->info['script']->attr = array(\r | |
61 | 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),\r | |
62 | 'src' => new HTMLPurifier_AttrDef_URI(true),\r | |
63 | 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))\r | |
64 | );\r | |
65 | $this->info['script']->content_model = '#PCDATA';\r | |
66 | $this->info['script']->content_model_type = 'optional';\r | |
67 | $this->info['script']->attr_transform_pre[] =\r | |
68 | $this->info['script']->attr_transform_post[] =\r | |
69 | new HTMLPurifier_AttrTransform_ScriptRequired();\r | |
70 | }\r | |
71 | }\r | |
72 | \r | |
73 | // vim: et sw=4 sts=4\r |