diff options
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php')
-rw-r--r-- | inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php new file mode 100644 index 00000000..18785372 --- /dev/null +++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/Scripting.php | |||
@@ -0,0 +1,73 @@ | |||
1 | <?php | ||
2 | |||
3 | /* | ||
4 | |||
5 | WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING | ||
6 | INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!! | ||
7 | |||
8 | */ | ||
9 | |||
10 | /** | ||
11 | * XHTML 1.1 Scripting module, defines elements that are used to contain | ||
12 | * information pertaining to executable scripts or the lack of support | ||
13 | * for executable scripts. | ||
14 | * @note This module does not contain inline scripting elements | ||
15 | */ | ||
16 | class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule | ||
17 | { | ||
18 | /** | ||
19 | * @type string | ||
20 | */ | ||
21 | public $name = 'Scripting'; | ||
22 | |||
23 | /** | ||
24 | * @type array | ||
25 | */ | ||
26 | public $elements = array('script', 'noscript'); | ||
27 | |||
28 | /** | ||
29 | * @type array | ||
30 | */ | ||
31 | public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript'); | ||
32 | |||
33 | /** | ||
34 | * @type bool | ||
35 | */ | ||
36 | public $safe = false; | ||
37 | |||
38 | /** | ||
39 | * @param HTMLPurifier_Config $config | ||
40 | */ | ||
41 | public function setup($config) | ||
42 | { | ||
43 | // TODO: create custom child-definition for noscript that | ||
44 | // auto-wraps stray #PCDATA in a similar manner to | ||
45 | // blockquote's custom definition (we would use it but | ||
46 | // blockquote's contents are optional while noscript's contents | ||
47 | // are required) | ||
48 | |||
49 | // TODO: convert this to new syntax, main problem is getting | ||
50 | // both content sets working | ||
51 | |||
52 | // In theory, this could be safe, but I don't see any reason to | ||
53 | // allow it. | ||
54 | $this->info['noscript'] = new HTMLPurifier_ElementDef(); | ||
55 | $this->info['noscript']->attr = array(0 => array('Common')); | ||
56 | $this->info['noscript']->content_model = 'Heading | List | Block'; | ||
57 | $this->info['noscript']->content_model_type = 'required'; | ||
58 | |||
59 | $this->info['script'] = new HTMLPurifier_ElementDef(); | ||
60 | $this->info['script']->attr = array( | ||
61 | 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')), | ||
62 | 'src' => new HTMLPurifier_AttrDef_URI(true), | ||
63 | 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript')) | ||
64 | ); | ||
65 | $this->info['script']->content_model = '#PCDATA'; | ||
66 | $this->info['script']->content_model_type = 'optional'; | ||
67 | $this->info['script']->attr_transform_pre[] = | ||
68 | $this->info['script']->attr_transform_post[] = | ||
69 | new HTMLPurifier_AttrTransform_ScriptRequired(); | ||
70 | } | ||
71 | } | ||
72 | |||
73 | // vim: et sw=4 sts=4 | ||