htmlpurifier: HTMLPurifier/HTMLModule/SafeObject.php Quellcode

00001 <?php
00002 
00009 class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
00010 {
00011 
00012     public $name = 'SafeObject';
00013 
00014     public function setup($config) {
00015 
00016         // These definitions are not intrinsically safe: the attribute transforms
00017         // are a vital part of ensuring safety.
00018 
00019         $max = $config->get('HTML.MaxImgLength');
00020         $object = $this->addElement(
00021             'object',
00022             'Inline',
00023             'Optional: param | Flow | #PCDATA',
00024             'Common',
00025             array(
00026                 // While technically not required by the spec, we're forcing
00027                 // it to this value.
00028                 'type'   => 'Enum#application/x-shockwave-flash',
00029                 'width'  => 'Pixels#' . $max,
00030                 'height' => 'Pixels#' . $max,
00031                 'data'   => 'URI#embedded'
00032             )
00033         );
00034         $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
00035 
00036         $param = $this->addElement('param', false, 'Empty', false,
00037             array(
00038                 'id' => 'ID',
00039                 'name*' => 'Text',
00040                 'value' => 'Text'
00041             )
00042         );
00043         $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
00044         $this->info_injector[] = 'SafeObject';
00045 
00046     }
00047 
00048 }
00049 
00050 // vim: et sw=4 sts=4



Copyright © 2003 - 2009 MyOOS [Shopsystem]. All rights reserved. MyOOS [Shopsystem] is Free Software released under the GNU/GPL License. Webmaster: info@r23.de (Impressum)