projects / weblabels.fsf.org.git / blame
| Commit | Line | Data |
|---|---|---|
| 7f254ad8 AE |
1 | <?php\r |
| 2 | \r | |
| 3 | /*\r | |
| 4 | \r | |
| 5 | WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING\r | |
| 6 | INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!\r | |
| 7 | \r | |
| 8 | */\r | |
| 9 | \r | |
| 10 | /**\r | |
| 11 | * XHTML 1.1 Scripting module, defines elements that are used to contain\r | |
| 12 | * information pertaining to executable scripts or the lack of support\r | |
| 13 | * for executable scripts.\r | |
| 14 | * @note This module does not contain inline scripting elements\r | |
| 15 | */\r | |
| 16 | class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule\r | |
| 17 | {\r | |
| 18 | public $name = 'Scripting';\r | |
| 19 | public $elements = array('script', 'noscript');\r | |
| 20 | public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');\r | |
| 21 | public $safe = false;\r | |
| 22 | \r | |
| 23 | public function setup($config) {\r | |
| 24 | // TODO: create custom child-definition for noscript that\r | |
| 25 | // auto-wraps stray #PCDATA in a similar manner to\r | |
| 26 | // blockquote's custom definition (we would use it but\r | |
| 27 | // blockquote's contents are optional while noscript's contents\r | |
| 28 | // are required)\r | |
| 29 | \r | |
| 30 | // TODO: convert this to new syntax, main problem is getting\r | |
| 31 | // both content sets working\r | |
| 32 | \r | |
| 33 | // In theory, this could be safe, but I don't see any reason to\r | |
| 34 | // allow it.\r | |
| 35 | $this->info['noscript'] = new HTMLPurifier_ElementDef();\r | |
| 36 | $this->info['noscript']->attr = array( 0 => array('Common') );\r | |
| 37 | $this->info['noscript']->content_model = 'Heading | List | Block';\r | |
| 38 | $this->info['noscript']->content_model_type = 'required';\r | |
| 39 | \r | |
| 40 | $this->info['script'] = new HTMLPurifier_ElementDef();\r | |
| 41 | $this->info['script']->attr = array(\r | |
| 42 | 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),\r | |
| 43 | 'src' => new HTMLPurifier_AttrDef_URI(true),\r | |
| 44 | 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))\r | |
| 45 | );\r | |
| 46 | $this->info['script']->content_model = '#PCDATA';\r | |
| 47 | $this->info['script']->content_model_type = 'optional';\r | |
| 48 | $this->info['script']->attr_transform_pre['type'] =\r | |
| 49 | $this->info['script']->attr_transform_post['type'] =\r | |
| 50 | new HTMLPurifier_AttrTransform_ScriptRequired();\r | |
| 51 | }\r | |
| 52 | }\r | |
| 53 | \r | |
| 54 | // vim: et sw=4 sts=4\r |