projects / yaffs-website / blob
? search:


0330cd97f80190237966ae022c7cba2941a808b9
[yaffs-website] / vendor / ezyang / htmlpurifier / library / HTMLPurifier / HTMLModule / SafeScripting.php
1 <?php
2
3 /**
4  * A "safe" script module. No inline JS is allowed, and pointed to JS
5  * files must match whitelist.
6  */
7 class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
8 {
9     /**
10      * @type string
11      */
12     public $name = 'SafeScripting';
13
14     /**
15      * @param HTMLPurifier_Config $config
16      */
17     public function setup($config)
18     {
19         // These definitions are not intrinsically safe: the attribute transforms
20         // are a vital part of ensuring safety.
21
22         $allowed = $config->get('HTML.SafeScripting');
23         $script = $this->addElement(
24             'script',
25             'Inline',
26             'Empty',
27             null,
28             array(
29                 // While technically not required by the spec, we're forcing
30                 // it to this value.
31                 'type' => 'Enum#text/javascript',
32                 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
33             )
34         );
35         $script->attr_transform_pre[] =
36         $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
37     }
38 }
39
40 // vim: et sw=4 sts=4
Unnamed repository; edit this file 'description' to name the repository.