ILIAS  release_5-2 Revision v5.2.25-18-g3f80b82851
HTMLPurifier_HTMLModule_SafeObject Class Reference

A "safe" object module. More...

+ Inheritance diagram for HTMLPurifier_HTMLModule_SafeObject:
+ Collaboration diagram for HTMLPurifier_HTMLModule_SafeObject:

Public Member Functions

 setup ($config)
 
- Public Member Functions inherited from HTMLPurifier_HTMLModule
 getChildDef ($def)
 Retrieves a proper HTMLPurifier_ChildDef subclass based on content_model and content_model_type member variables of the HTMLPurifier_ElementDef class. More...
 
 addElement ($element, $type, $contents, $attr_includes=array(), $attr=array())
 Convenience function that sets up a new element. More...
 
 addBlankElement ($element)
 Convenience function that creates a totally blank, non-standalone element. More...
 
 addElementToContentSet ($element, $type)
 Convenience function that registers an element to a content set. More...
 
 parseContents ($contents)
 Convenience function that transforms single-string contents into separate content model and content model type. More...
 
 mergeInAttrIncludes (&$attr, $attr_includes)
 Convenience function that merges a list of attribute includes into an attribute array. More...
 
 makeLookup ($list)
 Convenience function that generates a lookup table with boolean true as value. More...
 
 setup ($config)
 Lazy load construction of the module after determining whether or not it's needed, and also when a finalized configuration object is available. More...
 

Data Fields

 $name = 'SafeObject'
 string More...
 
- Data Fields inherited from HTMLPurifier_HTMLModule
 $name
 Short unique string identifier of the module. More...
 
 $elements = array()
 Informally, a list of elements this module changes. More...
 
 $info = array()
 Associative array of element names to element definitions. More...
 
 $content_sets = array()
 Associative array of content set names to content set additions. More...
 
 $attr_collections = array()
 Associative array of attribute collection names to attribute collection additions. More...
 
 $info_tag_transform = array()
 Associative array of deprecated tag name to HTMLPurifier_TagTransform. More...
 
 $info_attr_transform_pre = array()
 List of HTMLPurifier_AttrTransform to be performed before validation. More...
 
 $info_attr_transform_post = array()
 List of HTMLPurifier_AttrTransform to be performed after validation. More...
 
 $info_injector = array()
 List of HTMLPurifier_Injector to be performed during well-formedness fixing. More...
 
 $defines_child_def = false
 Boolean flag that indicates whether or not getChildDef is implemented. More...
 
 $safe = true
 Boolean flag whether or not this module is safe. More...
 

Detailed Description

A "safe" object module.

In theory, objects permitted by this module will be safe, and untrusted users can be allowed to embed arbitrary flash objects (maybe other types too, but only Flash is supported as of right now). Highly experimental.

Definition at line 9 of file SafeObject.php.

Member Function Documentation

◆ setup()

HTMLPurifier_HTMLModule_SafeObject::setup (   $config)
Parameters
HTMLPurifier_Config$config

Definition at line 19 of file SafeObject.php.

References $config, HTMLPurifier_HTMLModule\addElement(), and array.

20  {
21  // These definitions are not intrinsically safe: the attribute transforms
22  // are a vital part of ensuring safety.
23 
24  $max = $config->get('HTML.MaxImgLength');
25  $object = $this->addElement(
26  'object',
27  'Inline',
28  'Optional: param | Flow | #PCDATA',
29  'Common',
30  array(
31  // While technically not required by the spec, we're forcing
32  // it to this value.
33  'type' => 'Enum#application/x-shockwave-flash',
34  'width' => 'Pixels#' . $max,
35  'height' => 'Pixels#' . $max,
36  'data' => 'URI#embedded',
37  'codebase' => new HTMLPurifier_AttrDef_Enum(
38  array(
39  'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'
40  )
41  ),
42  )
43  );
44  $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
45 
46  $param = $this->addElement(
47  'param',
48  false,
49  'Empty',
50  false,
51  array(
52  'id' => 'ID',
53  'name*' => 'Text',
54  'value' => 'Text'
55  )
56  );
57  $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
58  $this->info_injector[] = 'SafeObject';
59  }
addElement($element, $type, $contents, $attr_includes=array(), $attr=array())
Convenience function that sets up a new element.
Definition: HTMLModule.php:144
Validates name/value pairs in param tags to be used in safe objects.
Definition: SafeParam.php:15
Create styles array
The data for the language used.
Validates a keyword against a list of valid values.
Definition: Enum.php:10
Writes default type for all objects.
Definition: SafeObject.php:6
+ Here is the call graph for this function:

Field Documentation

◆ $name

HTMLPurifier_HTMLModule_SafeObject::$name = 'SafeObject'

string

Definition at line 14 of file SafeObject.php.


The documentation for this class was generated from the following file: