PATH:
home
/
letacommog
/
crmleta
/
libraries
/
htmlpurifier
/
library
/
HTMLPurifier
/
HTMLModule
<?php /** * A "safe" object module. In theory, objects permitted by this module will * be safe, and untrusted users can be allowed to embed arbitrary flash objects * (maybe other types too, but only Flash is supported as of right now). * Highly experimental. */ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule { public $name = 'SafeObject'; public function setup($config) { // These definitions are not intrinsically safe: the attribute transforms // are a vital part of ensuring safety. $max = $config->get('HTML', 'MaxImgLength'); $object = $this->addElement( 'object', 'Inline', 'Optional: param | Flow | #PCDATA', 'Common', array( // While technically not required by the spec, we're forcing // it to this value. 'type' => 'Enum#application/x-shockwave-flash', 'width' => 'Pixels#' . $max, 'height' => 'Pixels#' . $max, 'data' => 'URI#embedded' ) ); $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject(); $param = $this->addElement('param', false, 'Empty', false, array( 'id' => 'ID', 'name*' => 'Text', 'value' => 'Text' ) ); $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam(); $this->info_injector[] = 'SafeObject'; } } // vim: et sw=4 sts=4
[+]
..
[-] Name.php
[edit]
[-] Bdo.php
[edit]
[-] Tables.php
[edit]
[-] Edit.php
[edit]
[-] CommonAttributes.php
[edit]
[-] NonXMLCommonAttributes.php
[edit]
[-] Text.php
[edit]
[-] Presentation.php
[edit]
[-] Target.php
[edit]
[-] StyleAttribute.php
[edit]
[-] SafeObject.php
[edit]
[-] Image.php
[edit]
[-] Proprietary.php
[edit]
[-] XMLCommonAttributes.php
[edit]
[-] Scripting.php
[edit]
[-] SafeEmbed.php
[edit]
[-] Tidy.php
[edit]
[-] Hypertext.php
[edit]
[-] Object.php
[edit]
[+]
Tidy
[-] Ruby.php
[edit]
[-] Legacy.php
[edit]
[-] List.php
[edit]
[-] Forms.php
[edit]