HTMLPurifier_HTMLModule_SafeScripting Class Reference
A "safe" script module. More...
Inheritance diagram for HTMLPurifier_HTMLModule_SafeScripting:
Collaboration diagram for HTMLPurifier_HTMLModule_SafeScripting:
Public Member Functions | |
| setup ($config) | |
| Public Member Functions inherited from HTMLPurifier_HTMLModule | |
| getChildDef ($def) | |
| Retrieves a proper HTMLPurifier_ChildDef subclass based on content_model and content_model_type member variables of the HTMLPurifier_ElementDef class. More... | |
| addElement ($element, $type, $contents, $attr_includes=array(), $attr=array()) | |
| Convenience function that sets up a new element. More... | |
| addBlankElement ($element) | |
| Convenience function that creates a totally blank, non-standalone element. More... | |
| addElementToContentSet ($element, $type) | |
| Convenience function that registers an element to a content set. More... | |
| parseContents ($contents) | |
| Convenience function that transforms single-string contents into separate content model and content model type. More... | |
| mergeInAttrIncludes (&$attr, $attr_includes) | |
| Convenience function that merges a list of attribute includes into an attribute array. More... | |
| makeLookup ($list) | |
| Convenience function that generates a lookup table with boolean true as value. More... | |
| setup ($config) | |
| Lazy load construction of the module after determining whether or not it's needed, and also when a finalized configuration object is available. More... | |
Data Fields | |
| $name = 'SafeScripting' | |
| @type string More... | |
| Data Fields inherited from HTMLPurifier_HTMLModule | |
| $name | |
| Short unique string identifier of the module. More... | |
| $elements = array() | |
| Informally, a list of elements this module changes. More... | |
| $info = array() | |
| Associative array of element names to element definitions. More... | |
| $content_sets = array() | |
| Associative array of content set names to content set additions. More... | |
| $attr_collections = array() | |
| Associative array of attribute collection names to attribute collection additions. More... | |
| $info_tag_transform = array() | |
| Associative array of deprecated tag name to HTMLPurifier_TagTransform. More... | |
| $info_attr_transform_pre = array() | |
| List of HTMLPurifier_AttrTransform to be performed before validation. More... | |
| $info_attr_transform_post = array() | |
| List of HTMLPurifier_AttrTransform to be performed after validation. More... | |
| $info_injector = array() | |
| List of HTMLPurifier_Injector to be performed during well-formedness fixing. More... | |
| $defines_child_def = false | |
| Boolean flag that indicates whether or not getChildDef is implemented. More... | |
| $safe = true | |
| Boolean flag whether or not this module is safe. More... | |
Detailed Description
A "safe" script module.
No inline JS is allowed, and pointed to JS files must match whitelist.
Definition at line 7 of file SafeScripting.php.
Member Function Documentation
◆ setup()
| HTMLPurifier_HTMLModule_SafeScripting::setup | ( | $config | ) |
- Parameters
-
HTMLPurifier_Config $config
Reimplemented from HTMLPurifier_HTMLModule.
Definition at line 17 of file SafeScripting.php.
18 {
19 // These definitions are not intrinsically safe: the attribute transforms
20 // are a vital part of ensuring safety.
21
22 $allowed = $config->get('HTML.SafeScripting');
23 $script = $this->addElement(
24 'script',
25 'Inline',
26 'Empty',
27 null,
28 array(
29 // While technically not required by the spec, we're forcing
30 // it to this value.
31 'type' => 'Enum#text/javascript',
33 )
34 );
35 $script->attr_transform_pre[] =
37 }
Implements required attribute stipulation for <script>
Definition: ScriptRequired.php:7
addElement($element, $type, $contents, $attr_includes=array(), $attr=array())
Convenience function that sets up a new element.
Definition: HTMLModule.php:144
References HTMLPurifier_HTMLModule\addElement().
Here is the call graph for this function:
Field Documentation
◆ $name
| HTMLPurifier_HTMLModule_SafeScripting::$name = 'SafeScripting' |
@type string
Definition at line 12 of file SafeScripting.php.
The documentation for this class was generated from the following file:
- Services/Html/HtmlPurifier/library/HTMLPurifier/HTMLModule/SafeScripting.php
