Home Explore Help
Register Sign In
aj
/
chamilo-lms2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: skala
Branches Tags
chamilo-lms2
/
vendor
/
ezyang
/
htmlpurifier
/
library
/
HTMLPurifier
/
HTMLModule
/
SafeScripting.php

SafeScripting.php 1.0 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * A "safe" script module. No inline JS is allowed, and pointed to JS
    5. 

  5.  * files must match whitelist.
    6. 

  6.  */
    7. 

  7. class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
    8. 

  8. {
    9. 

  9. 

  10.     public $name = 'SafeScripting';
    11. 

  11. 

  12.     public function setup($config) {
    13. 

  13. 

  14.         // These definitions are not intrinsically safe: the attribute transforms
    15. 

  15.         // are a vital part of ensuring safety.
    16. 

  16. 

  17.         $allowed = $config->get('HTML.SafeScripting');
    18. 

  18.         $script = $this->addElement(
    19. 

  19.             'script',
    20. 

  20.             'Inline',
    21. 

  21.             'Empty',
    22. 

  22.             null,
    23. 

  23.             array(
    24. 

  24.                 // While technically not required by the spec, we're forcing
    25. 

  25.                 // it to this value.
    26. 

  26.                 'type' => 'Enum#text/javascript',
    27. 

  27.                 'src*'  => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
    28. 

  28.             )
    29. 

  29.         );
    30. 

  30.         $script->attr_transform_pre[] =
    31. 

  31.         $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
    32. 

  32. 

  33.     }
    34. 

  34. 

  35. }
    36. 

  36. 

  37. // vim: et sw=4 sts=4
    38.