You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

41 lines
1.1KB

  1. <?php
  2. /**
  3. * A "safe" script module. No inline JS is allowed, and pointed to JS
  4. * files must match whitelist.
  5. */
  6. class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
  7. {
  8. /**
  9. * @type string
  10. */
  11. public $name = 'SafeScripting';
  12. /**
  13. * @param HTMLPurifier_Config $config
  14. */
  15. public function setup($config)
  16. {
  17. // These definitions are not intrinsically safe: the attribute transforms
  18. // are a vital part of ensuring safety.
  19. $allowed = $config->get('HTML.SafeScripting');
  20. $script = $this->addElement(
  21. 'script',
  22. 'Inline',
  23. 'Empty',
  24. null,
  25. array(
  26. // While technically not required by the spec, we're forcing
  27. // it to this value.
  28. 'type' => 'Enum#text/javascript',
  29. 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
  30. )
  31. );
  32. $script->attr_transform_pre[] =
  33. $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
  34. }
  35. }
  36. // vim: et sw=4 sts=4