[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / HTMLModule / Scripting.php

<?php\r
\r
/*\r
\r
WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING\r
INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!\r
\r
*/\r
\r
/**\r
 * XHTML 1.1 Scripting module, defines elements that are used to contain\r
 * information pertaining to executable scripts or the lack of support\r
 * for executable scripts.\r
 * @note This module does not contain inline scripting elements\r
 */\r
class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule\r
{\r
    /**\r
     * @type string\r
     */\r
    public $name = 'Scripting';\r
\r
    /**\r
     * @type array\r
     */\r
    public $elements = array('script', 'noscript');\r
\r
    /**\r
     * @type array\r
     */\r
    public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');\r
\r
    /**\r
     * @type bool\r
     */\r
    public $safe = false;\r
\r
    /**\r
     * @param HTMLPurifier_Config $config\r
     */\r
    public function setup($config)\r
    {\r
        // TODO: create custom child-definition for noscript that\r
        // auto-wraps stray #PCDATA in a similar manner to\r
        // blockquote's custom definition (we would use it but\r
        // blockquote's contents are optional while noscript's contents\r
        // are required)\r
\r
        // TODO: convert this to new syntax, main problem is getting\r
        // both content sets working\r
\r
        // In theory, this could be safe, but I don't see any reason to\r
        // allow it.\r
        $this->info['noscript'] = new HTMLPurifier_ElementDef();\r
        $this->info['noscript']->attr = array(0 => array('Common'));\r
        $this->info['noscript']->content_model = 'Heading | List | Block';\r
        $this->info['noscript']->content_model_type = 'required';\r
\r
        $this->info['script'] = new HTMLPurifier_ElementDef();\r
        $this->info['script']->attr = array(\r
            'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),\r
            'src' => new HTMLPurifier_AttrDef_URI(true),\r
            'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))\r
        );\r
        $this->info['script']->content_model = '#PCDATA';\r
        $this->info['script']->content_model_type = 'optional';\r
        $this->info['script']->attr_transform_pre[] =\r
        $this->info['script']->attr_transform_post[] =\r
            new HTMLPurifier_AttrTransform_ScriptRequired();\r
    }\r
}\r
\r
// vim: et sw=4 sts=4\r
Commit	Line	Data
d4949327 NL	1	<?php\r
	2	\r
	3	/*\r
	4	\r
	5	WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING\r
	6	INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!\r
	7	\r
	8	*/\r
	9	\r
	10	/**\r
	11	* XHTML 1.1 Scripting module, defines elements that are used to contain\r
	12	* information pertaining to executable scripts or the lack of support\r
	13	* for executable scripts.\r
	14	* @note This module does not contain inline scripting elements\r
	15	*/\r
	16	class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule\r
	17	{\r
	18	/**\r
	19	* @type string\r
	20	*/\r
	21	public $name = 'Scripting';\r
	22	\r
	23	/**\r
	24	* @type array\r
	25	*/\r
	26	public $elements = array('script', 'noscript');\r
	27	\r
	28	/**\r
	29	* @type array\r
	30	*/\r
	31	public $content_sets = array('Block' => 'script \| noscript', 'Inline' => 'script \| noscript');\r
	32	\r
	33	/**\r
	34	* @type bool\r
	35	*/\r
	36	public $safe = false;\r
	37	\r
	38	/**\r
	39	* @param HTMLPurifier_Config $config\r
	40	*/\r
	41	public function setup($config)\r
	42	{\r
	43	// TODO: create custom child-definition for noscript that\r
	44	// auto-wraps stray #PCDATA in a similar manner to\r
	45	// blockquote's custom definition (we would use it but\r
	46	// blockquote's contents are optional while noscript's contents\r
	47	// are required)\r
	48	\r
	49	// TODO: convert this to new syntax, main problem is getting\r
	50	// both content sets working\r
	51	\r
	52	// In theory, this could be safe, but I don't see any reason to\r
	53	// allow it.\r
	54	$this->info['noscript'] = new HTMLPurifier_ElementDef();\r
	55	$this->info['noscript']->attr = array(0 => array('Common'));\r
	56	$this->info['noscript']->content_model = 'Heading \| List \| Block';\r
	57	$this->info['noscript']->content_model_type = 'required';\r
	58	\r
	59	$this->info['script'] = new HTMLPurifier_ElementDef();\r
	60	$this->info['script']->attr = array(\r
	61	'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),\r
	62	'src' => new HTMLPurifier_AttrDef_URI(true),\r
	63	'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))\r
	64	);\r
65	$this->info['script']->content_model = '#PCDATA';\r
66	$this->info['script']->content_model_type = 'optional';\r
67	$this->info['script']->attr_transform_pre[] =\r
68	$this->info['script']->attr_transform_post[] =\r
69	new HTMLPurifier_AttrTransform_ScriptRequired();\r
70	}\r
71	}\r
72	\r
73	// vim: et sw=4 sts=4\r