ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Scripting.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4 
5 WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
6 INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
7 
8 */
9 
16 class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
17 {
18  public $name = 'Scripting';
19  public $elements = array('script', 'noscript');
20  public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');
21  public $safe = false;
22 
23  public function setup($config) {
24  // TODO: create custom child-definition for noscript that
25  // auto-wraps stray #PCDATA in a similar manner to
26  // blockquote's custom definition (we would use it but
27  // blockquote's contents are optional while noscript's contents
28  // are required)
29 
30  // TODO: convert this to new syntax, main problem is getting
31  // both content sets working
32 
33  // In theory, this could be safe, but I don't see any reason to
34  // allow it.
35  $this->info['noscript'] = new HTMLPurifier_ElementDef();
36  $this->info['noscript']->attr = array( 0 => array('Common') );
37  $this->info['noscript']->content_model = 'Heading | List | Block';
38  $this->info['noscript']->content_model_type = 'required';
39 
40  $this->info['script'] = new HTMLPurifier_ElementDef();
41  $this->info['script']->attr = array(
42  'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
43  'src' => new HTMLPurifier_AttrDef_URI(true),
44  'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))
45  );
46  $this->info['script']->content_model = '#PCDATA';
47  $this->info['script']->content_model_type = 'optional';
48  $this->info['script']->attr_transform_pre['type'] =
49  $this->info['script']->attr_transform_post['type'] =
50  new HTMLPurifier_AttrTransform_ScriptRequired();
51  }
52 }
53 
54 // vim: et sw=4 sts=4