ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Scripting.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4 
5 WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
6 INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
7 
8 */
9 
16 class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
17 {
21  public $name = 'Scripting';
22 
26  public $elements = array('script', 'noscript');
27 
31  public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');
32 
36  public $safe = false;
37 
41  public function setup($config)
42  {
43  // TODO: create custom child-definition for noscript that
44  // auto-wraps stray #PCDATA in a similar manner to
45  // blockquote's custom definition (we would use it but
46  // blockquote's contents are optional while noscript's contents
47  // are required)
48 
49  // TODO: convert this to new syntax, main problem is getting
50  // both content sets working
51 
52  // In theory, this could be safe, but I don't see any reason to
53  // allow it.
54  $this->info['noscript'] = new HTMLPurifier_ElementDef();
55  $this->info['noscript']->attr = array(0 => array('Common'));
56  $this->info['noscript']->content_model = 'Heading | List | Block';
57  $this->info['noscript']->content_model_type = 'required';
58 
59  $this->info['script'] = new HTMLPurifier_ElementDef();
60  $this->info['script']->attr = array(
61  'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
62  'src' => new HTMLPurifier_AttrDef_URI(true),
63  'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))
64  );
65  $this->info['script']->content_model = '#PCDATA';
66  $this->info['script']->content_model_type = 'optional';
67  $this->info['script']->attr_transform_pre[] =
68  $this->info['script']->attr_transform_post[] =
69  new HTMLPurifier_AttrTransform_ScriptRequired();
70  }
71 }
72 
73 // vim: et sw=4 sts=4