ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
HTMLPurifier_HTMLModule_SafeObject Class Reference

A "safe" object module. More...

+ Inheritance diagram for HTMLPurifier_HTMLModule_SafeObject:
+ Collaboration diagram for HTMLPurifier_HTMLModule_SafeObject:

Public Member Functions

 setup ($config)
 Lazy load construction of the module after determining whether or not it's needed, and also when a finalized configuration object is available.
- Public Member Functions inherited from HTMLPurifier_HTMLModule
 getChildDef ($def)
 Retrieves a proper HTMLPurifier_ChildDef subclass based on content_model and content_model_type member variables of the HTMLPurifier_ElementDef class.
 addElement ($element, $type, $contents, $attr_includes=array(), $attr=array())
 Convenience function that sets up a new element.
 addBlankElement ($element)
 Convenience function that creates a totally blank, non-standalone element.
 addElementToContentSet ($element, $type)
 Convenience function that registers an element to a content set.
 parseContents ($contents)
 Convenience function that transforms single-string contents into separate content model and content model type.
 mergeInAttrIncludes (&$attr, $attr_includes)
 Convenience function that merges a list of attribute includes into an attribute array.
 makeLookup ($list)
 Convenience function that generates a lookup table with boolean true as value.

Data Fields

 $name = 'SafeObject'
- Data Fields inherited from HTMLPurifier_HTMLModule
 $name
 Short unique string identifier of the module.
 $elements = array()
 Informally, a list of elements this module changes.
 $info = array()
 Associative array of element names to element definitions.
 $content_sets = array()
 Associative array of content set names to content set additions.
 $attr_collections = array()
 Associative array of attribute collection names to attribute collection additions.
 $info_tag_transform = array()
 Associative array of deprecated tag name to HTMLPurifier_TagTransform.
 $info_attr_transform_pre = array()
 List of HTMLPurifier_AttrTransform to be performed before validation.
 $info_attr_transform_post = array()
 List of HTMLPurifier_AttrTransform to be performed after validation.
 $info_injector = array()
 List of HTMLPurifier_Injector to be performed during well-formedness fixing.
 $defines_child_def = false
 Boolean flag that indicates whether or not getChildDef is implemented.
 $safe = true
 Boolean flag whether or not this module is safe.

Detailed Description

A "safe" object module.

In theory, objects permitted by this module will be safe, and untrusted users can be allowed to embed arbitrary flash objects (maybe other types too, but only Flash is supported as of right now). Highly experimental.

Definition at line 9 of file SafeObject.php.

Member Function Documentation

HTMLPurifier_HTMLModule_SafeObject::setup (   $config)

Lazy load construction of the module after determining whether or not it's needed, and also when a finalized configuration object is available.

Parameters
$configInstance of HTMLPurifier_Config

Reimplemented from HTMLPurifier_HTMLModule.

Definition at line 14 of file SafeObject.php.

References HTMLPurifier_HTMLModule\addElement().

{
// These definitions are not intrinsically safe: the attribute transforms
// are a vital part of ensuring safety.
$max = $config->get('HTML.MaxImgLength');
$object = $this->addElement(
'object',
'Inline',
'Optional: param | Flow | #PCDATA',
'Common',
array(
// While technically not required by the spec, we're forcing
// it to this value.
'type' => 'Enum#application/x-shockwave-flash',
'width' => 'Pixels#' . $max,
'height' => 'Pixels#' . $max,
'data' => 'URI#embedded',
'codebase' => new HTMLPurifier_AttrDef_Enum(array(
'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
)
);
$object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
$param = $this->addElement('param', false, 'Empty', false,
array(
'id' => 'ID',
'name*' => 'Text',
'value' => 'Text'
)
);
$param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
$this->info_injector[] = 'SafeObject';
}

+ Here is the call graph for this function:

Field Documentation

HTMLPurifier_HTMLModule_SafeObject::$name = 'SafeObject'

Definition at line 12 of file SafeObject.php.


The documentation for this class was generated from the following file: