PATH:
home
/
lab2454c
/
tripvare.com
/
vendor
/
ezyang
/
htmlpurifier
/
library
/
HTMLPurifier
/
HTMLModule
<?php /** * A "safe" script module. No inline JS is allowed, and pointed to JS * files must match whitelist. */ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule { /** * @type string */ public $name = 'SafeScripting'; /** * @param HTMLPurifier_Config $config */ public function setup($config) { // These definitions are not intrinsically safe: the attribute transforms // are a vital part of ensuring safety. $allowed = $config->get('HTML.SafeScripting'); $script = $this->addElement( 'script', 'Inline', 'Optional:', // Not `Empty` to not allow to autoclose the <script /> tag @see https://www.w3.org/TR/html4/interact/scripts.html null, array( // While technically not required by the spec, we're forcing // it to this value. 'type' => 'Enum#text/javascript', 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true) ) ); $script->attr_transform_pre[] = $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired(); } } // vim: et sw=4 sts=4
[-] Tidy.php
[edit]
[-] Forms.php
[edit]
[-] TargetNoreferrer.php
[edit]
[-] Edit.php
[edit]
[-] StyleAttribute.php
[edit]
[-] Ruby.php
[edit]
[+]
..
[-] XMLCommonAttributes.php
[edit]
[-] Target.php
[edit]
[-] Bdo.php
[edit]
[-] Hypertext.php
[edit]
[-] CommonAttributes.php
[edit]
[-] Proprietary.php
[edit]
[-] Image.php
[edit]
[-] Name.php
[edit]
[-] Scripting.php
[edit]
[-] TargetNoopener.php
[edit]
[-] Tables.php
[edit]
[-] List.php
[edit]
[-] SafeEmbed.php
[edit]
[-] SafeObject.php
[edit]
[-] Object.php
[edit]
[-] Text.php
[edit]
[+]
Tidy
[-] Iframe.php
[edit]
[-] Legacy.php
[edit]
[-] SafeScripting.php
[edit]
[-] TargetBlank.php
[edit]
[-] Presentation.php
[edit]
[-] Nofollow.php
[edit]
[-] NonXMLCommonAttributes.php
[edit]