Merge pull request #481 from wallabag/dev1.5.2

1.5.2
author: Nicolas Lœuillet <nicolas@loeuillet.org> 2014-02-21 15:57:10 +0100
committer: Nicolas Lœuillet <nicolas@loeuillet.org> 2014-02-21 15:57:10 +0100
commit: 99679d06884120c57f43b44e55e03595f1f87bed (patch)
tree: a3f2a1aa1afdaeca1386d0c6e8a75344fd2241fb /inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
parent: 655214ab30ee84884dc408488b85586f36263fcb (diff)
parent: d3b47e94705e17b3ba3529cbb1dc6efe69c5d2b7 (diff)
download: wallabag-1.5.2.tar.gz
wallabag-1.5.2.tar.zst
wallabag-1.5.2.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
new file mode 100644
index 00000000..6e9113cb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * A "safe" script module. No inline JS is allowed, and pointed to JS
+ * files must match whitelist.
+ */
+class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
+{
+    /**
+     * @type string
+     */
+    public $name = 'SafeScripting';
+    /**
+     * @param HTMLPurifier_Config $config
+     */
+    public function setup($config)
+    {
+        // These definitions are not intrinsically safe: the attribute transforms
+        // are a vital part of ensuring safety.
+        $allowed = $config->get('HTML.SafeScripting');
+        $script = $this->addElement(
+            'script',
+            'Inline',
+            'Empty',
+            null,
+            array(
+                // While technically not required by the spec, we're forcing
+                // it to this value.
+                'type' => 'Enum#text/javascript',
+                'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
+            )
+        );
+        $script->attr_transform_pre[] =
+        $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
+    }
+}
+// vim: et sw=4 sts=4
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2014-02-21 15:57:10 +0100
committer	Nicolas Lœuillet <nicolas@loeuillet.org>	2014-02-21 15:57:10 +0100
commit	99679d06884120c57f43b44e55e03595f1f87bed (patch)
tree	a3f2a1aa1afdaeca1386d0c6e8a75344fd2241fb /inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
parent	655214ab30ee84884dc408488b85586f36263fcb (diff)
parent	d3b47e94705e17b3ba3529cbb1dc6efe69c5d2b7 (diff)
download	wallabag-1.5.2.tar.gz wallabag-1.5.2.tar.zst wallabag-1.5.2.zip

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php new file mode 100644 index 00000000..6e9113cb --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
@@ -0,0 +1,40 @@
	1	<?php
	2
	3	/**
	4	* A "safe" script module. No inline JS is allowed, and pointed to JS
	5	* files must match whitelist.
	6	*/
	7	class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
	8	{
	9	/**
	10	* @type string
	11	*/
	12	public $name = 'SafeScripting';
	13
	14	/**
	15	* @param HTMLPurifier_Config $config
	16	*/
	17	public function setup($config)
	18	{
	19	// These definitions are not intrinsically safe: the attribute transforms
	20	// are a vital part of ensuring safety.
	21
	22	$allowed = $config->get('HTML.SafeScripting');
	23	$script = $this->addElement(
	24	'script',
	25	'Inline',
	26	'Empty',
	27	null,
	28	array(
	29	// While technically not required by the spec, we're forcing
	30	// it to this value.
	31	'type' => 'Enum#text/javascript',
	32	'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
	33	)
	34	);
	35	$script->attr_transform_pre[] =
	36	$script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
	37	}
	38	}
	39
	40	// vim: et sw=4 sts=4