1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-15 00:51:18 +01:00
vichan/inc/lib/htmlpurifier-4.5.0/library/HTMLPurifier/HTMLModule/SafeScripting.php

38 lines
1.0 KiB
PHP
Raw Normal View History

2014-09-24 01:25:04 +02:00
<?php
/**
* A "safe" script module. No inline JS is allowed, and pointed to JS
* files must match whitelist.
*/
class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
{
public $name = 'SafeScripting';
public function setup($config) {
// These definitions are not intrinsically safe: the attribute transforms
// are a vital part of ensuring safety.
$allowed = $config->get('HTML.SafeScripting');
$script = $this->addElement(
'script',
'Inline',
'Empty',
null,
array(
// While technically not required by the spec, we're forcing
// it to this value.
'type' => 'Enum#text/javascript',
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
)
);
$script->attr_transform_pre[] =
$script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
}
}
// vim: et sw=4 sts=4