xpressengine /
xe-core
@@ -7,24 +7,24 @@ |
||
| 7 | 7 | class HTMLPurifier_HTMLModule_Bdo extends HTMLPurifier_HTMLModule |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - public $name = 'Bdo'; |
|
| 11 | - public $attr_collections = array( |
|
| 12 | - 'I18N' => array('dir' => false) |
|
| 13 | - ); |
|
| 10 | + public $name = 'Bdo'; |
|
| 11 | + public $attr_collections = array( |
|
| 12 | + 'I18N' => array('dir' => false) |
|
| 13 | + ); |
|
| 14 | 14 | |
| 15 | - public function setup($config) { |
|
| 16 | - $bdo = $this->addElement( |
|
| 17 | - 'bdo', 'Inline', 'Inline', array('Core', 'Lang'), |
|
| 18 | - array( |
|
| 19 | - 'dir' => 'Enum#ltr,rtl', // required |
|
| 20 | - // The Abstract Module specification has the attribute |
|
| 21 | - // inclusions wrong for bdo: bdo allows Lang |
|
| 22 | - ) |
|
| 23 | - ); |
|
| 24 | - $bdo->attr_transform_post['required-dir'] = new HTMLPurifier_AttrTransform_BdoDir(); |
|
| 15 | + public function setup($config) { |
|
| 16 | + $bdo = $this->addElement( |
|
| 17 | + 'bdo', 'Inline', 'Inline', array('Core', 'Lang'), |
|
| 18 | + array( |
|
| 19 | + 'dir' => 'Enum#ltr,rtl', // required |
|
| 20 | + // The Abstract Module specification has the attribute |
|
| 21 | + // inclusions wrong for bdo: bdo allows Lang |
|
| 22 | + ) |
|
| 23 | + ); |
|
| 24 | + $bdo->attr_transform_post['required-dir'] = new HTMLPurifier_AttrTransform_BdoDir(); |
|
| 25 | 25 | |
| 26 | - $this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl'; |
|
| 27 | - } |
|
| 26 | + $this->attr_collections['I18N']['dir'] = 'Enum#ltr,rtl'; |
|
| 27 | + } |
|
| 28 | 28 | |
| 29 | 29 | } |
| 30 | 30 | |
@@ -2,24 +2,24 @@ |
||
| 2 | 2 | |
| 3 | 3 | class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule |
| 4 | 4 | { |
| 5 | - public $name = 'CommonAttributes'; |
|
| 5 | + public $name = 'CommonAttributes'; |
|
| 6 | 6 | |
| 7 | - public $attr_collections = array( |
|
| 8 | - 'Core' => array( |
|
| 9 | - 0 => array('Style'), |
|
| 10 | - // 'xml:space' => false, |
|
| 11 | - 'class' => 'Class', |
|
| 12 | - 'id' => 'ID', |
|
| 13 | - 'title' => 'CDATA', |
|
| 14 | - ), |
|
| 15 | - 'Lang' => array(), |
|
| 16 | - 'I18N' => array( |
|
| 17 | - 0 => array('Lang'), // proprietary, for xml:lang/lang |
|
| 18 | - ), |
|
| 19 | - 'Common' => array( |
|
| 20 | - 0 => array('Core', 'I18N') |
|
| 21 | - ) |
|
| 22 | - ); |
|
| 7 | + public $attr_collections = array( |
|
| 8 | + 'Core' => array( |
|
| 9 | + 0 => array('Style'), |
|
| 10 | + // 'xml:space' => false, |
|
| 11 | + 'class' => 'Class', |
|
| 12 | + 'id' => 'ID', |
|
| 13 | + 'title' => 'CDATA', |
|
| 14 | + ), |
|
| 15 | + 'Lang' => array(), |
|
| 16 | + 'I18N' => array( |
|
| 17 | + 0 => array('Lang'), // proprietary, for xml:lang/lang |
|
| 18 | + ), |
|
| 19 | + 'Common' => array( |
|
| 20 | + 0 => array('Core', 'I18N') |
|
| 21 | + ) |
|
| 22 | + ); |
|
| 23 | 23 | |
| 24 | 24 | } |
| 25 | 25 | |
@@ -7,31 +7,31 @@ |
||
| 7 | 7 | class HTMLPurifier_HTMLModule_Edit extends HTMLPurifier_HTMLModule |
| 8 | 8 | { |
| 9 | 9 | |
| 10 | - public $name = 'Edit'; |
|
| 11 | - |
|
| 12 | - public function setup($config) { |
|
| 13 | - $contents = 'Chameleon: #PCDATA | Inline ! #PCDATA | Flow'; |
|
| 14 | - $attr = array( |
|
| 15 | - 'cite' => 'URI', |
|
| 16 | - // 'datetime' => 'Datetime', // not implemented |
|
| 17 | - ); |
|
| 18 | - $this->addElement('del', 'Inline', $contents, 'Common', $attr); |
|
| 19 | - $this->addElement('ins', 'Inline', $contents, 'Common', $attr); |
|
| 20 | - } |
|
| 21 | - |
|
| 22 | - // HTML 4.01 specifies that ins/del must not contain block |
|
| 23 | - // elements when used in an inline context, chameleon is |
|
| 24 | - // a complicated workaround to acheive this effect |
|
| 25 | - |
|
| 26 | - // Inline context ! Block context (exclamation mark is |
|
| 27 | - // separator, see getChildDef for parsing) |
|
| 28 | - |
|
| 29 | - public $defines_child_def = true; |
|
| 30 | - public function getChildDef($def) { |
|
| 31 | - if ($def->content_model_type != 'chameleon') return false; |
|
| 32 | - $value = explode('!', $def->content_model); |
|
| 33 | - return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]); |
|
| 34 | - } |
|
| 10 | + public $name = 'Edit'; |
|
| 11 | + |
|
| 12 | + public function setup($config) { |
|
| 13 | + $contents = 'Chameleon: #PCDATA | Inline ! #PCDATA | Flow'; |
|
| 14 | + $attr = array( |
|
| 15 | + 'cite' => 'URI', |
|
| 16 | + // 'datetime' => 'Datetime', // not implemented |
|
| 17 | + ); |
|
| 18 | + $this->addElement('del', 'Inline', $contents, 'Common', $attr); |
|
| 19 | + $this->addElement('ins', 'Inline', $contents, 'Common', $attr); |
|
| 20 | + } |
|
| 21 | + |
|
| 22 | + // HTML 4.01 specifies that ins/del must not contain block |
|
| 23 | + // elements when used in an inline context, chameleon is |
|
| 24 | + // a complicated workaround to acheive this effect |
|
| 25 | + |
|
| 26 | + // Inline context ! Block context (exclamation mark is |
|
| 27 | + // separator, see getChildDef for parsing) |
|
| 28 | + |
|
| 29 | + public $defines_child_def = true; |
|
| 30 | + public function getChildDef($def) { |
|
| 31 | + if ($def->content_model_type != 'chameleon') return false; |
|
| 32 | + $value = explode('!', $def->content_model); |
|
| 33 | + return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]); |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | 36 | } |
| 37 | 37 | |
@@ -28,7 +28,9 @@ |
||
| 28 | 28 | |
| 29 | 29 | public $defines_child_def = true; |
| 30 | 30 | public function getChildDef($def) { |
| 31 | - if ($def->content_model_type != 'chameleon') return false; |
|
| 31 | + if ($def->content_model_type != 'chameleon') { |
|
| 32 | + return false; |
|
| 33 | + } |
|
| 32 | 34 | $value = explode('!', $def->content_model); |
| 33 | 35 | return new HTMLPurifier_ChildDef_Chameleon($value[0], $value[1]); |
| 34 | 36 | } |
@@ -5,115 +5,115 @@ |
||
| 5 | 5 | */ |
| 6 | 6 | class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule |
| 7 | 7 | { |
| 8 | - public $name = 'Forms'; |
|
| 9 | - public $safe = false; |
|
| 10 | - |
|
| 11 | - public $content_sets = array( |
|
| 12 | - 'Block' => 'Form', |
|
| 13 | - 'Inline' => 'Formctrl', |
|
| 14 | - ); |
|
| 15 | - |
|
| 16 | - public function setup($config) { |
|
| 17 | - $form = $this->addElement('form', 'Form', |
|
| 18 | - 'Required: Heading | List | Block | fieldset', 'Common', array( |
|
| 19 | - 'accept' => 'ContentTypes', |
|
| 20 | - 'accept-charset' => 'Charsets', |
|
| 21 | - 'action*' => 'URI', |
|
| 22 | - 'method' => 'Enum#get,post', |
|
| 23 | - // really ContentType, but these two are the only ones used today |
|
| 24 | - 'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data', |
|
| 25 | - )); |
|
| 26 | - $form->excludes = array('form' => true); |
|
| 27 | - |
|
| 28 | - $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array( |
|
| 29 | - 'accept' => 'ContentTypes', |
|
| 30 | - 'accesskey' => 'Character', |
|
| 31 | - 'alt' => 'Text', |
|
| 32 | - 'checked' => 'Bool#checked', |
|
| 33 | - 'disabled' => 'Bool#disabled', |
|
| 34 | - 'maxlength' => 'Number', |
|
| 35 | - 'name' => 'CDATA', |
|
| 36 | - 'readonly' => 'Bool#readonly', |
|
| 37 | - 'size' => 'Number', |
|
| 38 | - 'src' => 'URI#embedded', |
|
| 39 | - 'tabindex' => 'Number', |
|
| 40 | - 'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image', |
|
| 41 | - 'value' => 'CDATA', |
|
| 42 | - )); |
|
| 43 | - $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input(); |
|
| 44 | - |
|
| 45 | - $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array( |
|
| 46 | - 'disabled' => 'Bool#disabled', |
|
| 47 | - 'multiple' => 'Bool#multiple', |
|
| 48 | - 'name' => 'CDATA', |
|
| 49 | - 'size' => 'Number', |
|
| 50 | - 'tabindex' => 'Number', |
|
| 51 | - )); |
|
| 52 | - |
|
| 53 | - $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array( |
|
| 54 | - 'disabled' => 'Bool#disabled', |
|
| 55 | - 'label' => 'Text', |
|
| 56 | - 'selected' => 'Bool#selected', |
|
| 57 | - 'value' => 'CDATA', |
|
| 58 | - )); |
|
| 59 | - // It's illegal for there to be more than one selected, but not |
|
| 60 | - // be multiple. Also, no selected means undefined behavior. This might |
|
| 61 | - // be difficult to implement; perhaps an injector, or a context variable. |
|
| 62 | - |
|
| 63 | - $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array( |
|
| 64 | - 'accesskey' => 'Character', |
|
| 65 | - 'cols*' => 'Number', |
|
| 66 | - 'disabled' => 'Bool#disabled', |
|
| 67 | - 'name' => 'CDATA', |
|
| 68 | - 'readonly' => 'Bool#readonly', |
|
| 69 | - 'rows*' => 'Number', |
|
| 70 | - 'tabindex' => 'Number', |
|
| 71 | - )); |
|
| 72 | - $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea(); |
|
| 73 | - |
|
| 74 | - $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array( |
|
| 75 | - 'accesskey' => 'Character', |
|
| 76 | - 'disabled' => 'Bool#disabled', |
|
| 77 | - 'name' => 'CDATA', |
|
| 78 | - 'tabindex' => 'Number', |
|
| 79 | - 'type' => 'Enum#button,submit,reset', |
|
| 80 | - 'value' => 'CDATA', |
|
| 81 | - )); |
|
| 82 | - |
|
| 83 | - // For exclusions, ideally we'd specify content sets, not literal elements |
|
| 84 | - $button->excludes = $this->makeLookup( |
|
| 85 | - 'form', 'fieldset', // Form |
|
| 86 | - 'input', 'select', 'textarea', 'label', 'button', // Formctrl |
|
| 87 | - 'a', // as per HTML 4.01 spec, this is omitted by modularization |
|
| 88 | - 'isindex', 'iframe' // legacy items |
|
| 89 | - ); |
|
| 90 | - |
|
| 91 | - // Extra exclusion: img usemap="" is not permitted within this element. |
|
| 92 | - // We'll omit this for now, since we don't have any good way of |
|
| 93 | - // indicating it yet. |
|
| 94 | - |
|
| 95 | - // This is HIGHLY user-unfriendly; we need a custom child-def for this |
|
| 96 | - $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common'); |
|
| 97 | - |
|
| 98 | - $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array( |
|
| 99 | - 'accesskey' => 'Character', |
|
| 100 | - // 'for' => 'IDREF', // IDREF not implemented, cannot allow |
|
| 101 | - )); |
|
| 102 | - $label->excludes = array('label' => true); |
|
| 103 | - |
|
| 104 | - $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array( |
|
| 105 | - 'accesskey' => 'Character', |
|
| 106 | - )); |
|
| 107 | - |
|
| 108 | - $this->addElement('optgroup', false, 'Required: option', 'Common', array( |
|
| 109 | - 'disabled' => 'Bool#disabled', |
|
| 110 | - 'label*' => 'Text', |
|
| 111 | - )); |
|
| 112 | - |
|
| 113 | - // Don't forget an injector for <isindex>. This one's a little complex |
|
| 114 | - // because it maps to multiple elements. |
|
| 115 | - |
|
| 116 | - } |
|
| 8 | + public $name = 'Forms'; |
|
| 9 | + public $safe = false; |
|
| 10 | + |
|
| 11 | + public $content_sets = array( |
|
| 12 | + 'Block' => 'Form', |
|
| 13 | + 'Inline' => 'Formctrl', |
|
| 14 | + ); |
|
| 15 | + |
|
| 16 | + public function setup($config) { |
|
| 17 | + $form = $this->addElement('form', 'Form', |
|
| 18 | + 'Required: Heading | List | Block | fieldset', 'Common', array( |
|
| 19 | + 'accept' => 'ContentTypes', |
|
| 20 | + 'accept-charset' => 'Charsets', |
|
| 21 | + 'action*' => 'URI', |
|
| 22 | + 'method' => 'Enum#get,post', |
|
| 23 | + // really ContentType, but these two are the only ones used today |
|
| 24 | + 'enctype' => 'Enum#application/x-www-form-urlencoded,multipart/form-data', |
|
| 25 | + )); |
|
| 26 | + $form->excludes = array('form' => true); |
|
| 27 | + |
|
| 28 | + $input = $this->addElement('input', 'Formctrl', 'Empty', 'Common', array( |
|
| 29 | + 'accept' => 'ContentTypes', |
|
| 30 | + 'accesskey' => 'Character', |
|
| 31 | + 'alt' => 'Text', |
|
| 32 | + 'checked' => 'Bool#checked', |
|
| 33 | + 'disabled' => 'Bool#disabled', |
|
| 34 | + 'maxlength' => 'Number', |
|
| 35 | + 'name' => 'CDATA', |
|
| 36 | + 'readonly' => 'Bool#readonly', |
|
| 37 | + 'size' => 'Number', |
|
| 38 | + 'src' => 'URI#embedded', |
|
| 39 | + 'tabindex' => 'Number', |
|
| 40 | + 'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image', |
|
| 41 | + 'value' => 'CDATA', |
|
| 42 | + )); |
|
| 43 | + $input->attr_transform_post[] = new HTMLPurifier_AttrTransform_Input(); |
|
| 44 | + |
|
| 45 | + $this->addElement('select', 'Formctrl', 'Required: optgroup | option', 'Common', array( |
|
| 46 | + 'disabled' => 'Bool#disabled', |
|
| 47 | + 'multiple' => 'Bool#multiple', |
|
| 48 | + 'name' => 'CDATA', |
|
| 49 | + 'size' => 'Number', |
|
| 50 | + 'tabindex' => 'Number', |
|
| 51 | + )); |
|
| 52 | + |
|
| 53 | + $this->addElement('option', false, 'Optional: #PCDATA', 'Common', array( |
|
| 54 | + 'disabled' => 'Bool#disabled', |
|
| 55 | + 'label' => 'Text', |
|
| 56 | + 'selected' => 'Bool#selected', |
|
| 57 | + 'value' => 'CDATA', |
|
| 58 | + )); |
|
| 59 | + // It's illegal for there to be more than one selected, but not |
|
| 60 | + // be multiple. Also, no selected means undefined behavior. This might |
|
| 61 | + // be difficult to implement; perhaps an injector, or a context variable. |
|
| 62 | + |
|
| 63 | + $textarea = $this->addElement('textarea', 'Formctrl', 'Optional: #PCDATA', 'Common', array( |
|
| 64 | + 'accesskey' => 'Character', |
|
| 65 | + 'cols*' => 'Number', |
|
| 66 | + 'disabled' => 'Bool#disabled', |
|
| 67 | + 'name' => 'CDATA', |
|
| 68 | + 'readonly' => 'Bool#readonly', |
|
| 69 | + 'rows*' => 'Number', |
|
| 70 | + 'tabindex' => 'Number', |
|
| 71 | + )); |
|
| 72 | + $textarea->attr_transform_pre[] = new HTMLPurifier_AttrTransform_Textarea(); |
|
| 73 | + |
|
| 74 | + $button = $this->addElement('button', 'Formctrl', 'Optional: #PCDATA | Heading | List | Block | Inline', 'Common', array( |
|
| 75 | + 'accesskey' => 'Character', |
|
| 76 | + 'disabled' => 'Bool#disabled', |
|
| 77 | + 'name' => 'CDATA', |
|
| 78 | + 'tabindex' => 'Number', |
|
| 79 | + 'type' => 'Enum#button,submit,reset', |
|
| 80 | + 'value' => 'CDATA', |
|
| 81 | + )); |
|
| 82 | + |
|
| 83 | + // For exclusions, ideally we'd specify content sets, not literal elements |
|
| 84 | + $button->excludes = $this->makeLookup( |
|
| 85 | + 'form', 'fieldset', // Form |
|
| 86 | + 'input', 'select', 'textarea', 'label', 'button', // Formctrl |
|
| 87 | + 'a', // as per HTML 4.01 spec, this is omitted by modularization |
|
| 88 | + 'isindex', 'iframe' // legacy items |
|
| 89 | + ); |
|
| 90 | + |
|
| 91 | + // Extra exclusion: img usemap="" is not permitted within this element. |
|
| 92 | + // We'll omit this for now, since we don't have any good way of |
|
| 93 | + // indicating it yet. |
|
| 94 | + |
|
| 95 | + // This is HIGHLY user-unfriendly; we need a custom child-def for this |
|
| 96 | + $this->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common'); |
|
| 97 | + |
|
| 98 | + $label = $this->addElement('label', 'Formctrl', 'Optional: #PCDATA | Inline', 'Common', array( |
|
| 99 | + 'accesskey' => 'Character', |
|
| 100 | + // 'for' => 'IDREF', // IDREF not implemented, cannot allow |
|
| 101 | + )); |
|
| 102 | + $label->excludes = array('label' => true); |
|
| 103 | + |
|
| 104 | + $this->addElement('legend', false, 'Optional: #PCDATA | Inline', 'Common', array( |
|
| 105 | + 'accesskey' => 'Character', |
|
| 106 | + )); |
|
| 107 | + |
|
| 108 | + $this->addElement('optgroup', false, 'Required: option', 'Common', array( |
|
| 109 | + 'disabled' => 'Bool#disabled', |
|
| 110 | + 'label*' => 'Text', |
|
| 111 | + )); |
|
| 112 | + |
|
| 113 | + // Don't forget an injector for <isindex>. This one's a little complex |
|
| 114 | + // because it maps to multiple elements. |
|
| 115 | + |
|
| 116 | + } |
|
| 117 | 117 | } |
| 118 | 118 | |
| 119 | 119 | // vim: et sw=4 sts=4 |
@@ -6,25 +6,25 @@ |
||
| 6 | 6 | class HTMLPurifier_HTMLModule_Hypertext extends HTMLPurifier_HTMLModule |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - public $name = 'Hypertext'; |
|
| 9 | + public $name = 'Hypertext'; |
|
| 10 | 10 | |
| 11 | - public function setup($config) { |
|
| 12 | - $a = $this->addElement( |
|
| 13 | - 'a', 'Inline', 'Inline', 'Common', |
|
| 14 | - array( |
|
| 15 | - // 'accesskey' => 'Character', |
|
| 16 | - // 'charset' => 'Charset', |
|
| 17 | - 'href' => 'URI', |
|
| 18 | - // 'hreflang' => 'LanguageCode', |
|
| 19 | - 'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'), |
|
| 20 | - 'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'), |
|
| 21 | - // 'tabindex' => 'Number', |
|
| 22 | - // 'type' => 'ContentType', |
|
| 23 | - ) |
|
| 24 | - ); |
|
| 25 | - $a->formatting = true; |
|
| 26 | - $a->excludes = array('a' => true); |
|
| 27 | - } |
|
| 11 | + public function setup($config) { |
|
| 12 | + $a = $this->addElement( |
|
| 13 | + 'a', 'Inline', 'Inline', 'Common', |
|
| 14 | + array( |
|
| 15 | + // 'accesskey' => 'Character', |
|
| 16 | + // 'charset' => 'Charset', |
|
| 17 | + 'href' => 'URI', |
|
| 18 | + // 'hreflang' => 'LanguageCode', |
|
| 19 | + 'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'), |
|
| 20 | + 'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'), |
|
| 21 | + // 'tabindex' => 'Number', |
|
| 22 | + // 'type' => 'ContentType', |
|
| 23 | + ) |
|
| 24 | + ); |
|
| 25 | + $a->formatting = true; |
|
| 26 | + $a->excludes = array('a' => true); |
|
| 27 | + } |
|
| 28 | 28 | |
| 29 | 29 | } |
| 30 | 30 | |
@@ -10,28 +10,28 @@ |
||
| 10 | 10 | class HTMLPurifier_HTMLModule_Iframe extends HTMLPurifier_HTMLModule |
| 11 | 11 | { |
| 12 | 12 | |
| 13 | - public $name = 'Iframe'; |
|
| 14 | - public $safe = false; |
|
| 13 | + public $name = 'Iframe'; |
|
| 14 | + public $safe = false; |
|
| 15 | 15 | |
| 16 | - public function setup($config) { |
|
| 17 | - if ($config->get('HTML.SafeIframe')) { |
|
| 18 | - $this->safe = true; |
|
| 19 | - } |
|
| 20 | - $this->addElement( |
|
| 21 | - 'iframe', 'Inline', 'Flow', 'Common', |
|
| 22 | - array( |
|
| 23 | - 'src' => 'URI#embedded', |
|
| 24 | - 'width' => 'Length', |
|
| 25 | - 'height' => 'Length', |
|
| 26 | - 'name' => 'ID', |
|
| 27 | - 'scrolling' => 'Enum#yes,no,auto', |
|
| 28 | - 'frameborder' => 'Enum#0,1', |
|
| 29 | - 'longdesc' => 'URI', |
|
| 30 | - 'marginheight' => 'Pixels', |
|
| 31 | - 'marginwidth' => 'Pixels', |
|
| 32 | - ) |
|
| 33 | - ); |
|
| 34 | - } |
|
| 16 | + public function setup($config) { |
|
| 17 | + if ($config->get('HTML.SafeIframe')) { |
|
| 18 | + $this->safe = true; |
|
| 19 | + } |
|
| 20 | + $this->addElement( |
|
| 21 | + 'iframe', 'Inline', 'Flow', 'Common', |
|
| 22 | + array( |
|
| 23 | + 'src' => 'URI#embedded', |
|
| 24 | + 'width' => 'Length', |
|
| 25 | + 'height' => 'Length', |
|
| 26 | + 'name' => 'ID', |
|
| 27 | + 'scrolling' => 'Enum#yes,no,auto', |
|
| 28 | + 'frameborder' => 'Enum#0,1', |
|
| 29 | + 'longdesc' => 'URI', |
|
| 30 | + 'marginheight' => 'Pixels', |
|
| 31 | + 'marginwidth' => 'Pixels', |
|
| 32 | + ) |
|
| 33 | + ); |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | 36 | } |
| 37 | 37 | |
@@ -8,32 +8,32 @@ |
||
| 8 | 8 | class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule |
| 9 | 9 | { |
| 10 | 10 | |
| 11 | - public $name = 'Image'; |
|
| 11 | + public $name = 'Image'; |
|
| 12 | 12 | |
| 13 | - public function setup($config) { |
|
| 14 | - $max = $config->get('HTML.MaxImgLength'); |
|
| 15 | - $img = $this->addElement( |
|
| 16 | - 'img', 'Inline', 'Empty', 'Common', |
|
| 17 | - array( |
|
| 18 | - 'alt*' => 'Text', |
|
| 19 | - // According to the spec, it's Length, but percents can |
|
| 20 | - // be abused, so we allow only Pixels. |
|
| 21 | - 'height' => 'Pixels#' . $max, |
|
| 22 | - 'width' => 'Pixels#' . $max, |
|
| 23 | - 'longdesc' => 'URI', |
|
| 24 | - 'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded |
|
| 25 | - ) |
|
| 26 | - ); |
|
| 27 | - if ($max === null || $config->get('HTML.Trusted')) { |
|
| 28 | - $img->attr['height'] = |
|
| 29 | - $img->attr['width'] = 'Length'; |
|
| 30 | - } |
|
| 13 | + public function setup($config) { |
|
| 14 | + $max = $config->get('HTML.MaxImgLength'); |
|
| 15 | + $img = $this->addElement( |
|
| 16 | + 'img', 'Inline', 'Empty', 'Common', |
|
| 17 | + array( |
|
| 18 | + 'alt*' => 'Text', |
|
| 19 | + // According to the spec, it's Length, but percents can |
|
| 20 | + // be abused, so we allow only Pixels. |
|
| 21 | + 'height' => 'Pixels#' . $max, |
|
| 22 | + 'width' => 'Pixels#' . $max, |
|
| 23 | + 'longdesc' => 'URI', |
|
| 24 | + 'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded |
|
| 25 | + ) |
|
| 26 | + ); |
|
| 27 | + if ($max === null || $config->get('HTML.Trusted')) { |
|
| 28 | + $img->attr['height'] = |
|
| 29 | + $img->attr['width'] = 'Length'; |
|
| 30 | + } |
|
| 31 | 31 | |
| 32 | - // kind of strange, but splitting things up would be inefficient |
|
| 33 | - $img->attr_transform_pre[] = |
|
| 34 | - $img->attr_transform_post[] = |
|
| 35 | - new HTMLPurifier_AttrTransform_ImgRequired(); |
|
| 36 | - } |
|
| 32 | + // kind of strange, but splitting things up would be inefficient |
|
| 33 | + $img->attr_transform_pre[] = |
|
| 34 | + $img->attr_transform_post[] = |
|
| 35 | + new HTMLPurifier_AttrTransform_ImgRequired(); |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | 38 | } |
| 39 | 39 | |
@@ -18,8 +18,8 @@ |
||
| 18 | 18 | 'alt*' => 'Text', |
| 19 | 19 | // According to the spec, it's Length, but percents can |
| 20 | 20 | // be abused, so we allow only Pixels. |
| 21 | - 'height' => 'Pixels#' . $max, |
|
| 22 | - 'width' => 'Pixels#' . $max, |
|
| 21 | + 'height' => 'Pixels#'.$max, |
|
| 22 | + 'width' => 'Pixels#'.$max, |
|
| 23 | 23 | 'longdesc' => 'URI', |
| 24 | 24 | 'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded |
| 25 | 25 | ) |
@@ -19,140 +19,140 @@ |
||
| 19 | 19 | class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule |
| 20 | 20 | { |
| 21 | 21 | |
| 22 | - public $name = 'Legacy'; |
|
| 22 | + public $name = 'Legacy'; |
|
| 23 | 23 | |
| 24 | - public function setup($config) { |
|
| 25 | - |
|
| 26 | - $this->addElement('basefont', 'Inline', 'Empty', false, array( |
|
| 27 | - 'color' => 'Color', |
|
| 28 | - 'face' => 'Text', // extremely broad, we should |
|
| 29 | - 'size' => 'Text', // tighten it |
|
| 30 | - 'id' => 'ID' |
|
| 31 | - )); |
|
| 32 | - $this->addElement('center', 'Block', 'Flow', 'Common'); |
|
| 33 | - $this->addElement('dir', 'Block', 'Required: li', 'Common', array( |
|
| 34 | - 'compact' => 'Bool#compact' |
|
| 35 | - )); |
|
| 36 | - $this->addElement('font', 'Inline', 'Inline', array('Core', 'I18N'), array( |
|
| 37 | - 'color' => 'Color', |
|
| 38 | - 'face' => 'Text', // extremely broad, we should |
|
| 39 | - 'size' => 'Text', // tighten it |
|
| 40 | - )); |
|
| 41 | - $this->addElement('menu', 'Block', 'Required: li', 'Common', array( |
|
| 42 | - 'compact' => 'Bool#compact' |
|
| 43 | - )); |
|
| 44 | - |
|
| 45 | - $s = $this->addElement('s', 'Inline', 'Inline', 'Common'); |
|
| 46 | - $s->formatting = true; |
|
| 47 | - |
|
| 48 | - $strike = $this->addElement('strike', 'Inline', 'Inline', 'Common'); |
|
| 49 | - $strike->formatting = true; |
|
| 50 | - |
|
| 51 | - $u = $this->addElement('u', 'Inline', 'Inline', 'Common'); |
|
| 52 | - $u->formatting = true; |
|
| 53 | - |
|
| 54 | - // setup modifications to old elements |
|
| 55 | - |
|
| 56 | - $align = 'Enum#left,right,center,justify'; |
|
| 57 | - |
|
| 58 | - $address = $this->addBlankElement('address'); |
|
| 59 | - $address->content_model = 'Inline | #PCDATA | p'; |
|
| 60 | - $address->content_model_type = 'optional'; |
|
| 61 | - $address->child = false; |
|
| 62 | - |
|
| 63 | - $blockquote = $this->addBlankElement('blockquote'); |
|
| 64 | - $blockquote->content_model = 'Flow | #PCDATA'; |
|
| 65 | - $blockquote->content_model_type = 'optional'; |
|
| 66 | - $blockquote->child = false; |
|
| 67 | - |
|
| 68 | - $br = $this->addBlankElement('br'); |
|
| 69 | - $br->attr['clear'] = 'Enum#left,all,right,none'; |
|
| 70 | - |
|
| 71 | - $caption = $this->addBlankElement('caption'); |
|
| 72 | - $caption->attr['align'] = 'Enum#top,bottom,left,right'; |
|
| 73 | - |
|
| 74 | - $div = $this->addBlankElement('div'); |
|
| 75 | - $div->attr['align'] = $align; |
|
| 76 | - |
|
| 77 | - $dl = $this->addBlankElement('dl'); |
|
| 78 | - $dl->attr['compact'] = 'Bool#compact'; |
|
| 79 | - |
|
| 80 | - for ($i = 1; $i <= 6; $i++) { |
|
| 81 | - $h = $this->addBlankElement("h$i"); |
|
| 82 | - $h->attr['align'] = $align; |
|
| 83 | - } |
|
| 84 | - |
|
| 85 | - $hr = $this->addBlankElement('hr'); |
|
| 86 | - $hr->attr['align'] = $align; |
|
| 87 | - $hr->attr['noshade'] = 'Bool#noshade'; |
|
| 88 | - $hr->attr['size'] = 'Pixels'; |
|
| 89 | - $hr->attr['width'] = 'Length'; |
|
| 90 | - |
|
| 91 | - $img = $this->addBlankElement('img'); |
|
| 92 | - $img->attr['align'] = 'IAlign'; |
|
| 93 | - $img->attr['border'] = 'Pixels'; |
|
| 94 | - $img->attr['hspace'] = 'Pixels'; |
|
| 95 | - $img->attr['vspace'] = 'Pixels'; |
|
| 96 | - |
|
| 97 | - // figure out this integer business |
|
| 98 | - |
|
| 99 | - $li = $this->addBlankElement('li'); |
|
| 100 | - $li->attr['value'] = new HTMLPurifier_AttrDef_Integer(); |
|
| 101 | - $li->attr['type'] = 'Enum#s:1,i,I,a,A,disc,square,circle'; |
|
| 102 | - |
|
| 103 | - $ol = $this->addBlankElement('ol'); |
|
| 104 | - $ol->attr['compact'] = 'Bool#compact'; |
|
| 105 | - $ol->attr['start'] = new HTMLPurifier_AttrDef_Integer(); |
|
| 106 | - $ol->attr['type'] = 'Enum#s:1,i,I,a,A'; |
|
| 107 | - |
|
| 108 | - $p = $this->addBlankElement('p'); |
|
| 109 | - $p->attr['align'] = $align; |
|
| 110 | - |
|
| 111 | - $pre = $this->addBlankElement('pre'); |
|
| 112 | - $pre->attr['width'] = 'Number'; |
|
| 113 | - |
|
| 114 | - // script omitted |
|
| 115 | - |
|
| 116 | - $table = $this->addBlankElement('table'); |
|
| 117 | - $table->attr['align'] = 'Enum#left,center,right'; |
|
| 118 | - $table->attr['bgcolor'] = 'Color'; |
|
| 119 | - |
|
| 120 | - $tr = $this->addBlankElement('tr'); |
|
| 121 | - $tr->attr['bgcolor'] = 'Color'; |
|
| 122 | - |
|
| 123 | - $th = $this->addBlankElement('th'); |
|
| 124 | - $th->attr['bgcolor'] = 'Color'; |
|
| 125 | - $th->attr['height'] = 'Length'; |
|
| 126 | - $th->attr['nowrap'] = 'Bool#nowrap'; |
|
| 127 | - $th->attr['width'] = 'Length'; |
|
| 128 | - |
|
| 129 | - $td = $this->addBlankElement('td'); |
|
| 130 | - $td->attr['bgcolor'] = 'Color'; |
|
| 131 | - $td->attr['height'] = 'Length'; |
|
| 132 | - $td->attr['nowrap'] = 'Bool#nowrap'; |
|
| 133 | - $td->attr['width'] = 'Length'; |
|
| 24 | + public function setup($config) { |
|
| 25 | + |
|
| 26 | + $this->addElement('basefont', 'Inline', 'Empty', false, array( |
|
| 27 | + 'color' => 'Color', |
|
| 28 | + 'face' => 'Text', // extremely broad, we should |
|
| 29 | + 'size' => 'Text', // tighten it |
|
| 30 | + 'id' => 'ID' |
|
| 31 | + )); |
|
| 32 | + $this->addElement('center', 'Block', 'Flow', 'Common'); |
|
| 33 | + $this->addElement('dir', 'Block', 'Required: li', 'Common', array( |
|
| 34 | + 'compact' => 'Bool#compact' |
|
| 35 | + )); |
|
| 36 | + $this->addElement('font', 'Inline', 'Inline', array('Core', 'I18N'), array( |
|
| 37 | + 'color' => 'Color', |
|
| 38 | + 'face' => 'Text', // extremely broad, we should |
|
| 39 | + 'size' => 'Text', // tighten it |
|
| 40 | + )); |
|
| 41 | + $this->addElement('menu', 'Block', 'Required: li', 'Common', array( |
|
| 42 | + 'compact' => 'Bool#compact' |
|
| 43 | + )); |
|
| 44 | + |
|
| 45 | + $s = $this->addElement('s', 'Inline', 'Inline', 'Common'); |
|
| 46 | + $s->formatting = true; |
|
| 47 | + |
|
| 48 | + $strike = $this->addElement('strike', 'Inline', 'Inline', 'Common'); |
|
| 49 | + $strike->formatting = true; |
|
| 50 | + |
|
| 51 | + $u = $this->addElement('u', 'Inline', 'Inline', 'Common'); |
|
| 52 | + $u->formatting = true; |
|
| 53 | + |
|
| 54 | + // setup modifications to old elements |
|
| 55 | + |
|
| 56 | + $align = 'Enum#left,right,center,justify'; |
|
| 57 | + |
|
| 58 | + $address = $this->addBlankElement('address'); |
|
| 59 | + $address->content_model = 'Inline | #PCDATA | p'; |
|
| 60 | + $address->content_model_type = 'optional'; |
|
| 61 | + $address->child = false; |
|
| 62 | + |
|
| 63 | + $blockquote = $this->addBlankElement('blockquote'); |
|
| 64 | + $blockquote->content_model = 'Flow | #PCDATA'; |
|
| 65 | + $blockquote->content_model_type = 'optional'; |
|
| 66 | + $blockquote->child = false; |
|
| 67 | + |
|
| 68 | + $br = $this->addBlankElement('br'); |
|
| 69 | + $br->attr['clear'] = 'Enum#left,all,right,none'; |
|
| 70 | + |
|
| 71 | + $caption = $this->addBlankElement('caption'); |
|
| 72 | + $caption->attr['align'] = 'Enum#top,bottom,left,right'; |
|
| 73 | + |
|
| 74 | + $div = $this->addBlankElement('div'); |
|
| 75 | + $div->attr['align'] = $align; |
|
| 76 | + |
|
| 77 | + $dl = $this->addBlankElement('dl'); |
|
| 78 | + $dl->attr['compact'] = 'Bool#compact'; |
|
| 79 | + |
|
| 80 | + for ($i = 1; $i <= 6; $i++) { |
|
| 81 | + $h = $this->addBlankElement("h$i"); |
|
| 82 | + $h->attr['align'] = $align; |
|
| 83 | + } |
|
| 84 | + |
|
| 85 | + $hr = $this->addBlankElement('hr'); |
|
| 86 | + $hr->attr['align'] = $align; |
|
| 87 | + $hr->attr['noshade'] = 'Bool#noshade'; |
|
| 88 | + $hr->attr['size'] = 'Pixels'; |
|
| 89 | + $hr->attr['width'] = 'Length'; |
|
| 90 | + |
|
| 91 | + $img = $this->addBlankElement('img'); |
|
| 92 | + $img->attr['align'] = 'IAlign'; |
|
| 93 | + $img->attr['border'] = 'Pixels'; |
|
| 94 | + $img->attr['hspace'] = 'Pixels'; |
|
| 95 | + $img->attr['vspace'] = 'Pixels'; |
|
| 96 | + |
|
| 97 | + // figure out this integer business |
|
| 98 | + |
|
| 99 | + $li = $this->addBlankElement('li'); |
|
| 100 | + $li->attr['value'] = new HTMLPurifier_AttrDef_Integer(); |
|
| 101 | + $li->attr['type'] = 'Enum#s:1,i,I,a,A,disc,square,circle'; |
|
| 102 | + |
|
| 103 | + $ol = $this->addBlankElement('ol'); |
|
| 104 | + $ol->attr['compact'] = 'Bool#compact'; |
|
| 105 | + $ol->attr['start'] = new HTMLPurifier_AttrDef_Integer(); |
|
| 106 | + $ol->attr['type'] = 'Enum#s:1,i,I,a,A'; |
|
| 107 | + |
|
| 108 | + $p = $this->addBlankElement('p'); |
|
| 109 | + $p->attr['align'] = $align; |
|
| 110 | + |
|
| 111 | + $pre = $this->addBlankElement('pre'); |
|
| 112 | + $pre->attr['width'] = 'Number'; |
|
| 113 | + |
|
| 114 | + // script omitted |
|
| 115 | + |
|
| 116 | + $table = $this->addBlankElement('table'); |
|
| 117 | + $table->attr['align'] = 'Enum#left,center,right'; |
|
| 118 | + $table->attr['bgcolor'] = 'Color'; |
|
| 119 | + |
|
| 120 | + $tr = $this->addBlankElement('tr'); |
|
| 121 | + $tr->attr['bgcolor'] = 'Color'; |
|
| 122 | + |
|
| 123 | + $th = $this->addBlankElement('th'); |
|
| 124 | + $th->attr['bgcolor'] = 'Color'; |
|
| 125 | + $th->attr['height'] = 'Length'; |
|
| 126 | + $th->attr['nowrap'] = 'Bool#nowrap'; |
|
| 127 | + $th->attr['width'] = 'Length'; |
|
| 128 | + |
|
| 129 | + $td = $this->addBlankElement('td'); |
|
| 130 | + $td->attr['bgcolor'] = 'Color'; |
|
| 131 | + $td->attr['height'] = 'Length'; |
|
| 132 | + $td->attr['nowrap'] = 'Bool#nowrap'; |
|
| 133 | + $td->attr['width'] = 'Length'; |
|
| 134 | 134 | |
| 135 | - $ul = $this->addBlankElement('ul'); |
|
| 136 | - $ul->attr['compact'] = 'Bool#compact'; |
|
| 137 | - $ul->attr['type'] = 'Enum#square,disc,circle'; |
|
| 135 | + $ul = $this->addBlankElement('ul'); |
|
| 136 | + $ul->attr['compact'] = 'Bool#compact'; |
|
| 137 | + $ul->attr['type'] = 'Enum#square,disc,circle'; |
|
| 138 | 138 | |
| 139 | - // "safe" modifications to "unsafe" elements |
|
| 140 | - // WARNING: If you want to add support for an unsafe, legacy |
|
| 141 | - // attribute, make a new TrustedLegacy module with the trusted |
|
| 142 | - // bit set appropriately |
|
| 139 | + // "safe" modifications to "unsafe" elements |
|
| 140 | + // WARNING: If you want to add support for an unsafe, legacy |
|
| 141 | + // attribute, make a new TrustedLegacy module with the trusted |
|
| 142 | + // bit set appropriately |
|
| 143 | 143 | |
| 144 | - $form = $this->addBlankElement('form'); |
|
| 145 | - $form->content_model = 'Flow | #PCDATA'; |
|
| 146 | - $form->content_model_type = 'optional'; |
|
| 147 | - $form->attr['target'] = 'FrameTarget'; |
|
| 144 | + $form = $this->addBlankElement('form'); |
|
| 145 | + $form->content_model = 'Flow | #PCDATA'; |
|
| 146 | + $form->content_model_type = 'optional'; |
|
| 147 | + $form->attr['target'] = 'FrameTarget'; |
|
| 148 | 148 | |
| 149 | - $input = $this->addBlankElement('input'); |
|
| 150 | - $input->attr['align'] = 'IAlign'; |
|
| 149 | + $input = $this->addBlankElement('input'); |
|
| 150 | + $input->attr['align'] = 'IAlign'; |
|
| 151 | 151 | |
| 152 | - $legend = $this->addBlankElement('legend'); |
|
| 153 | - $legend->attr['align'] = 'LAlign'; |
|
| 152 | + $legend = $this->addBlankElement('legend'); |
|
| 153 | + $legend->attr['align'] = 'LAlign'; |
|
| 154 | 154 | |
| 155 | - } |
|
| 155 | + } |
|
| 156 | 156 | |
| 157 | 157 | } |
| 158 | 158 | |
@@ -6,37 +6,37 @@ |
||
| 6 | 6 | class HTMLPurifier_HTMLModule_List extends HTMLPurifier_HTMLModule |
| 7 | 7 | { |
| 8 | 8 | |
| 9 | - public $name = 'List'; |
|
| 10 | - |
|
| 11 | - // According to the abstract schema, the List content set is a fully formed |
|
| 12 | - // one or more expr, but it invariably occurs in an optional declaration |
|
| 13 | - // so we're not going to do that subtlety. It might cause trouble |
|
| 14 | - // if a user defines "List" and expects that multiple lists are |
|
| 15 | - // allowed to be specified, but then again, that's not very intuitive. |
|
| 16 | - // Furthermore, the actual XML Schema may disagree. Regardless, |
|
| 17 | - // we don't have support for such nested expressions without using |
|
| 18 | - // the incredibly inefficient and draconic Custom ChildDef. |
|
| 19 | - |
|
| 20 | - public $content_sets = array('Flow' => 'List'); |
|
| 21 | - |
|
| 22 | - public function setup($config) { |
|
| 23 | - $ol = $this->addElement('ol', 'List', new HTMLPurifier_ChildDef_List(), 'Common'); |
|
| 24 | - $ul = $this->addElement('ul', 'List', new HTMLPurifier_ChildDef_List(), 'Common'); |
|
| 25 | - // XXX The wrap attribute is handled by MakeWellFormed. This is all |
|
| 26 | - // quite unsatisfactory, because we generated this |
|
| 27 | - // *specifically* for lists, and now a big chunk of the handling |
|
| 28 | - // is done properly by the List ChildDef. So actually, we just |
|
| 29 | - // want enough information to make autoclosing work properly, |
|
| 30 | - // and then hand off the tricky stuff to the ChildDef. |
|
| 31 | - $ol->wrap = 'li'; |
|
| 32 | - $ul->wrap = 'li'; |
|
| 33 | - $this->addElement('dl', 'List', 'Required: dt | dd', 'Common'); |
|
| 34 | - |
|
| 35 | - $this->addElement('li', false, 'Flow', 'Common'); |
|
| 36 | - |
|
| 37 | - $this->addElement('dd', false, 'Flow', 'Common'); |
|
| 38 | - $this->addElement('dt', false, 'Inline', 'Common'); |
|
| 39 | - } |
|
| 9 | + public $name = 'List'; |
|
| 10 | + |
|
| 11 | + // According to the abstract schema, the List content set is a fully formed |
|
| 12 | + // one or more expr, but it invariably occurs in an optional declaration |
|
| 13 | + // so we're not going to do that subtlety. It might cause trouble |
|
| 14 | + // if a user defines "List" and expects that multiple lists are |
|
| 15 | + // allowed to be specified, but then again, that's not very intuitive. |
|
| 16 | + // Furthermore, the actual XML Schema may disagree. Regardless, |
|
| 17 | + // we don't have support for such nested expressions without using |
|
| 18 | + // the incredibly inefficient and draconic Custom ChildDef. |
|
| 19 | + |
|
| 20 | + public $content_sets = array('Flow' => 'List'); |
|
| 21 | + |
|
| 22 | + public function setup($config) { |
|
| 23 | + $ol = $this->addElement('ol', 'List', new HTMLPurifier_ChildDef_List(), 'Common'); |
|
| 24 | + $ul = $this->addElement('ul', 'List', new HTMLPurifier_ChildDef_List(), 'Common'); |
|
| 25 | + // XXX The wrap attribute is handled by MakeWellFormed. This is all |
|
| 26 | + // quite unsatisfactory, because we generated this |
|
| 27 | + // *specifically* for lists, and now a big chunk of the handling |
|
| 28 | + // is done properly by the List ChildDef. So actually, we just |
|
| 29 | + // want enough information to make autoclosing work properly, |
|
| 30 | + // and then hand off the tricky stuff to the ChildDef. |
|
| 31 | + $ol->wrap = 'li'; |
|
| 32 | + $ul->wrap = 'li'; |
|
| 33 | + $this->addElement('dl', 'List', 'Required: dt | dd', 'Common'); |
|
| 34 | + |
|
| 35 | + $this->addElement('li', false, 'Flow', 'Common'); |
|
| 36 | + |
|
| 37 | + $this->addElement('dd', false, 'Flow', 'Common'); |
|
| 38 | + $this->addElement('dt', false, 'Inline', 'Common'); |
|
| 39 | + } |
|
| 40 | 40 | |
| 41 | 41 | } |
| 42 | 42 | |
