Conditions | 1 |
Paths | 1 |
Total Lines | 20 |
Code Lines | 11 |
Lines | 0 |
Ratio | 0 % |
Changes | 0 |
1 | <?php |
||
17 | public function setup($config) |
||
18 | { |
||
19 | // These definitions are not intrinsically safe: the attribute transforms |
||
20 | // are a vital part of ensuring safety. |
||
21 | |||
22 | $allowed = $config->get('HTML.SafeScripting'); |
||
23 | $script = $this->addElement( |
||
24 | 'script', |
||
25 | 'Inline', |
||
26 | 'Optional:', // Not `Empty` to not allow to autoclose the <script /> tag @see https://www.w3.org/TR/html4/interact/scripts.html |
||
27 | null, |
||
28 | array( |
||
29 | // While technically not required by the spec, we're forcing |
||
30 | // it to this value. |
||
31 | 'type' => 'Enum#text/javascript', |
||
32 | 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true) |
||
33 | ) |
||
34 | ); |
||
35 | $script->attr_transform_pre[] = |
||
36 | $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired(); |
||
37 | } |
||
41 |