htmlpurifier: HTMLPurifier/AttrTransform/SafeParam.php Quellcode

00001 <?php
00002 
00015 class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
00016 {
00017     public $name = "SafeParam";
00018     private $uri;
00019 
00020     public function __construct() {
00021         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
00022     }
00023 
00024     public function transform($attr, $config, $context) {
00025         // If we add support for other objects, we'll need to alter the
00026         // transforms.
00027         switch ($attr['name']) {
00028             // application/x-shockwave-flash
00029             // Keep this synchronized with Injector/SafeObject.php
00030             case 'allowScriptAccess':
00031                 $attr['value'] = 'never';
00032                 break;
00033             case 'allowNetworking':
00034                 $attr['value'] = 'internal';
00035                 break;
00036             case 'wmode':
00037                 $attr['value'] = 'window';
00038                 break;
00039             case 'movie':
00040                 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
00041                 break;
00042             // add other cases to support other param name/value pairs
00043             default:
00044                 $attr['name'] = $attr['value'] = null;
00045         }
00046         return $attr;
00047     }
00048 }
00049 
00050 // vim: et sw=4 sts=4



Copyright © 2003 - 2009 MyOOS [Shopsystem]. All rights reserved. MyOOS [Shopsystem] is Free Software released under the GNU/GPL License. Webmaster: info@r23.de (Impressum)