1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
/* |
4
|
|
|
|
5
|
|
|
WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING |
6
|
|
|
INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!! |
7
|
|
|
|
8
|
|
|
*/ |
9
|
|
|
|
10
|
|
|
/** |
11
|
|
|
* XHTML 1.1 Scripting module, defines elements that are used to contain |
12
|
|
|
* information pertaining to executable scripts or the lack of support |
13
|
|
|
* for executable scripts. |
14
|
|
|
* @note This module does not contain inline scripting elements |
15
|
|
|
*/ |
16
|
|
|
class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule |
17
|
|
|
{ |
18
|
|
|
/** |
19
|
|
|
* @type string |
20
|
|
|
*/ |
21
|
|
|
public $name = 'Scripting'; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* @type array |
25
|
|
|
*/ |
26
|
|
|
public $elements = array('script', 'noscript'); |
27
|
|
|
|
28
|
|
|
/** |
29
|
|
|
* @type array |
30
|
|
|
*/ |
31
|
|
|
public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript'); |
32
|
|
|
|
33
|
|
|
/** |
34
|
|
|
* @type bool |
35
|
|
|
*/ |
36
|
|
|
public $safe = false; |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* @param HTMLPurifier_Config $config |
40
|
|
|
*/ |
41
|
|
|
public function setup($config) |
42
|
|
|
{ |
43
|
|
|
// TODO: create custom child-definition for noscript that |
44
|
|
|
// auto-wraps stray #PCDATA in a similar manner to |
45
|
|
|
// blockquote's custom definition (we would use it but |
46
|
|
|
// blockquote's contents are optional while noscript's contents |
47
|
|
|
// are required) |
48
|
|
|
|
49
|
|
|
// TODO: convert this to new syntax, main problem is getting |
50
|
|
|
// both content sets working |
51
|
|
|
|
52
|
|
|
// In theory, this could be safe, but I don't see any reason to |
53
|
|
|
// allow it. |
54
|
|
|
$this->info['noscript'] = new HTMLPurifier_ElementDef(); |
55
|
|
|
$this->info['noscript']->attr = array(0 => array('Common')); |
56
|
|
|
$this->info['noscript']->content_model = 'Heading | List | Block'; |
57
|
|
|
$this->info['noscript']->content_model_type = 'required'; |
58
|
|
|
|
59
|
|
|
$this->info['script'] = new HTMLPurifier_ElementDef(); |
60
|
|
|
$this->info['script']->attr = array( |
61
|
|
|
'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')), |
62
|
|
|
'src' => new HTMLPurifier_AttrDef_URI(true), |
63
|
|
|
'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript')) |
64
|
|
|
); |
65
|
|
|
$this->info['script']->content_model = '#PCDATA'; |
66
|
|
|
$this->info['script']->content_model_type = 'optional'; |
67
|
|
|
$this->info['script']->attr_transform_pre[] = |
68
|
|
|
$this->info['script']->attr_transform_post[] = |
69
|
|
|
new HTMLPurifier_AttrTransform_ScriptRequired(); |
70
|
|
|
} |
71
|
|
|
} |
72
|
|
|
|
73
|
|
|
// vim: et sw=4 sts=4 |
74
|
|
|
|