From d4949327efa15b492cab1bef3fe074290a328a17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@gmail.com>
Date: Fri, 21 Feb 2014 15:43:14 +0100
Subject: [add] HTML Purifier added to clean code

---
 .../HTMLPurifier/HTMLModule/SafeScripting.php      | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php

(limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php')

diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
new file mode 100644
index 00000000..6e9113cb
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/HTMLModule/SafeScripting.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * A "safe" script module. No inline JS is allowed, and pointed to JS
+ * files must match whitelist.
+ */
+class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
+{
+    /**
+     * @type string
+     */
+    public $name = 'SafeScripting';
+
+    /**
+     * @param HTMLPurifier_Config $config
+     */
+    public function setup($config)
+    {
+        // These definitions are not intrinsically safe: the attribute transforms
+        // are a vital part of ensuring safety.
+
+        $allowed = $config->get('HTML.SafeScripting');
+        $script = $this->addElement(
+            'script',
+            'Inline',
+            'Empty',
+            null,
+            array(
+                // While technically not required by the spec, we're forcing
+                // it to this value.
+                'type' => 'Enum#text/javascript',
+                'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
+            )
+        );
+        $script->attr_transform_pre[] =
+        $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
+    }
+}
+
+// vim: et sw=4 sts=4
-- 
cgit v1.2.3