[add] HTML Purifier added to clean code

author: Nicolas Lœuillet <nicolas.loeuillet@gmail.com> 2014-02-21 15:43:14 +0100
committer: Nicolas Lœuillet <nicolas.loeuillet@gmail.com> 2014-02-21 15:43:14 +0100
commit: d4949327efa15b492cab1bef3fe074290a328a17 (patch)
tree: e89e0322bb1f1b06d663fd10fdded21bac867e5d /inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
parent: c9bd17a1007bb78e5de0775efca01df0fb515031 (diff)
download: wallabag-d4949327efa15b492cab1bef3fe074290a328a17.tar.gz
wallabag-d4949327efa15b492cab1bef3fe074290a328a17.tar.zst
wallabag-d4949327efa15b492cab1bef3fe074290a328a17.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
new file mode 100644
index 00000000..6e9113cb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * A "safe" script module. No inline JS is allowed, and pointed to JS
+ * files must match whitelist.
+ */
+class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
+{
+    /**
+     * @type string
+     */
+    public $name = 'SafeScripting';
+    /**
+     * @param HTMLPurifier_Config $config
+     */
+    public function setup($config)
+    {
+        // These definitions are not intrinsically safe: the attribute transforms
+        // are a vital part of ensuring safety.
+        $allowed = $config->get('HTML.SafeScripting');
+        $script = $this->addElement(
+            'script',
+            'Inline',
+            'Empty',
+            null,
+            array(
+                // While technically not required by the spec, we're forcing
+                // it to this value.
+                'type' => 'Enum#text/javascript',
+                'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
+            )
+        );
+        $script->attr_transform_pre[] =
+        $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
+    }
+}
+// vim: et sw=4 sts=4
author	Nicolas Lœuillet <nicolas.loeuillet@gmail.com>	2014-02-21 15:43:14 +0100
committer	Nicolas Lœuillet <nicolas.loeuillet@gmail.com>	2014-02-21 15:43:14 +0100
commit	d4949327efa15b492cab1bef3fe074290a328a17 (patch)
tree	e89e0322bb1f1b06d663fd10fdded21bac867e5d /inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
parent	c9bd17a1007bb78e5de0775efca01df0fb515031 (diff)
download	wallabag-d4949327efa15b492cab1bef3fe074290a328a17.tar.gz wallabag-d4949327efa15b492cab1bef3fe074290a328a17.tar.zst wallabag-d4949327efa15b492cab1bef3fe074290a328a17.zip

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php new file mode 100644 index 00000000..6e9113cb --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
@@ -0,0 +1,40 @@
	1	<?php
	2
	3	/**
	4	* A "safe" script module. No inline JS is allowed, and pointed to JS
	5	* files must match whitelist.
	6	*/
	7	class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
	8	{
	9	/**
	10	* @type string
	11	*/
	12	public $name = 'SafeScripting';
	13
	14	/**
	15	* @param HTMLPurifier_Config $config
	16	*/
	17	public function setup($config)
	18	{
	19	// These definitions are not intrinsically safe: the attribute transforms
	20	// are a vital part of ensuring safety.
	21
	22	$allowed = $config->get('HTML.SafeScripting');
	23	$script = $this->addElement(
	24	'script',
	25	'Inline',
	26	'Empty',
	27	null,
	28	array(
	29	// While technically not required by the spec, we're forcing
	30	// it to this value.
	31	'type' => 'Enum#text/javascript',
	32	'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
	33	)
	34	);
	35	$script->attr_transform_pre[] =
	36	$script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
	37	}
	38	}
	39
	40	// vim: et sw=4 sts=4