Home Explore Help
Register Sign In
aj
/
chamilo-lms2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: skala
Branches Tags
chamilo-lms2
/
vendor
/
ezyang
/
htmlpurifier
/
library
/
HTMLPurifier
/
ConfigSchema
/
schema
/
URI.Munge.txt

URI.Munge.txt 2.7 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. URI.Munge
    2. 

  2. TYPE: string/null
    3. 

  3. VERSION: 1.3.0
    4. 

  4. DEFAULT: NULL
    5. 

  5. --DESCRIPTION--
    6. 

  6. 

  7. <p>
    8. 

  8.     Munges all browsable (usually http, https and ftp)
    9. 

  9.     absolute URIs into another URI, usually a URI redirection service.
    10. 

  10.     This directive accepts a URI, formatted with a <code>%s</code> where
    11. 

  11.     the url-encoded original URI should be inserted (sample:
    12. 

  12.     <code>http://www.google.com/url?q=%s</code>).
    13. 

  13. </p>
    14. 

  14. <p>
    15. 

  15.     Uses for this directive:
    16. 

  16. </p>
    17. 

  17. <ul>
    18. 

  18.     <li>
    19. 

  19.         Prevent PageRank leaks, while being fairly transparent
    20. 

  20.         to users (you may also want to add some client side JavaScript to
    21. 

  21.         override the text in the statusbar). <strong>Notice</strong>:
    22. 

  22.         Many security experts believe that this form of protection does not deter spam-bots.
    23. 

  23.     </li>
    24. 

  24.     <li>
    25. 

  25.         Redirect users to a splash page telling them they are leaving your
    26. 

  26.         website. While this is poor usability practice, it is often mandated
    27. 

  27.         in corporate environments.
    28. 

  28.     </li>
    29. 

  29. </ul>
    30. 

  30. <p>
    31. 

  31.     Prior to HTML Purifier 3.1.1, this directive also enabled the munging
    32. 

  32.     of browsable external resources, which could break things if your redirection
    33. 

  33.     script was a splash page or used <code>meta</code> tags. To revert to
    34. 

  34.     previous behavior, please use %URI.MungeResources.
    35. 

  35. </p>
    36. 

  36. <p>
    37. 

  37.     You may want to also use %URI.MungeSecretKey along with this directive
    38. 

  38.     in order to enforce what URIs your redirector script allows. Open
    39. 

  39.     redirector scripts can be a security risk and negatively affect the
    40. 

  40.     reputation of your domain name.
    41. 

  41. </p>
    42. 

  42. <p>
    43. 

  43.     Starting with HTML Purifier 3.1.1, there is also these substitutions:
    44. 

  44. </p>
    45. 

  45. <table>
    46. 

  46.     <thead>
    47. 

  47.         <tr>
    48. 

  48.             <th>Key</th>
    49. 

  49.             <th>Description</th>
    50. 

  50.             <th>Example <code>&lt;a href=""&gt;</code></th>
    51. 

  51.         </tr>
    52. 

  52.     </thead>
    53. 

  53.     <tbody>
    54. 

  54.         <tr>
    55. 

  55.             <td>%r</td>
    56. 

  56.             <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
    57. 

  57.             <td></td>
    58. 

  58.         </tr>
    59. 

  59.         <tr>
    60. 

  60.             <td>%n</td>
    61. 

  61.             <td>The name of the tag this URI came from</td>
    62. 

  62.             <td>a</td>
    63. 

  63.         </tr>
    64. 

  64.         <tr>
    65. 

  65.             <td>%m</td>
    66. 

  66.             <td>The name of the attribute this URI came from</td>
    67. 

  67.             <td>href</td>
    68. 

  68.         </tr>
    69. 

  69.         <tr>
    70. 

  70.             <td>%p</td>
    71. 

  71.             <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
    72. 

  72.             <td></td>
    73. 

  73.         </tr>
    74. 

  74.     </tbody>
    75. 

  75. </table>
    76. 

  76. <p>
    77. 

  77.     Admittedly, these letters are somewhat arbitrary; the only stipulation
    78. 

  78.     was that they couldn't be a through f. r is for resource (I would have preferred
    79. 

  79.     e, but you take what you can get), n is for name, m
    80. 

  80.     was picked because it came after n (and I couldn't use a), p is for
    81. 

  81.     property.
    82. 

  82. </p>
    83. 

  83. --# vim: et sw=4 sts=4
    84.