ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
SafeParam.php
Go to the documentation of this file.
1 <?php
2 
16 {
17  public $name = "SafeParam";
18  private $uri;
19 
20  public function __construct() {
21  $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
22  }
23 
24  public function transform($attr, $config, $context) {
25  // If we add support for other objects, we'll need to alter the
26  // transforms.
27  switch ($attr['name']) {
28  // application/x-shockwave-flash
29  // Keep this synchronized with Injector/SafeObject.php
30  case 'allowScriptAccess':
31  $attr['value'] = 'never';
32  break;
33  case 'allowNetworking':
34  $attr['value'] = 'internal';
35  break;
36  case 'wmode':
37  $attr['value'] = 'window';
38  break;
39  case 'movie':
40  $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
41  break;
42  // add other cases to support other param name/value pairs
43  default:
44  $attr['name'] = $attr['value'] = null;
45  }
46  return $attr;
47  }
48 }
49 
50 // vim: et sw=4 sts=4