ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
HTMLPurifier_HTMLModule_SafeScripting Class Reference

A "safe" script module. More...

+ Inheritance diagram for HTMLPurifier_HTMLModule_SafeScripting:
+ Collaboration diagram for HTMLPurifier_HTMLModule_SafeScripting:

Public Member Functions

 setup ($config)
 
- Public Member Functions inherited from HTMLPurifier_HTMLModule
 getChildDef ($def)
 Retrieves a proper HTMLPurifier_ChildDef subclass based on content_model and content_model_type member variables of the HTMLPurifier_ElementDef class. More...
 
 addElement ($element, $type, $contents, $attr_includes=array(), $attr=array())
 Convenience function that sets up a new element. More...
 
 addBlankElement ($element)
 Convenience function that creates a totally blank, non-standalone element. More...
 
 addElementToContentSet ($element, $type)
 Convenience function that registers an element to a content set. More...
 
 parseContents ($contents)
 Convenience function that transforms single-string contents into separate content model and content model type. More...
 
 mergeInAttrIncludes (&$attr, $attr_includes)
 Convenience function that merges a list of attribute includes into an attribute array. More...
 
 makeLookup ($list)
 Convenience function that generates a lookup table with boolean true as value. More...
 
 setup ($config)
 Lazy load construction of the module after determining whether or not it's needed, and also when a finalized configuration object is available. More...
 

Data Fields

 $name = 'SafeScripting'
 @type string More...
 
- Data Fields inherited from HTMLPurifier_HTMLModule
 $name
 Short unique string identifier of the module. More...
 
 $elements = array()
 Informally, a list of elements this module changes. More...
 
 $info = array()
 Associative array of element names to element definitions. More...
 
 $content_sets = array()
 Associative array of content set names to content set additions. More...
 
 $attr_collections = array()
 Associative array of attribute collection names to attribute collection additions. More...
 
 $info_tag_transform = array()
 Associative array of deprecated tag name to HTMLPurifier_TagTransform. More...
 
 $info_attr_transform_pre = array()
 List of HTMLPurifier_AttrTransform to be performed before validation. More...
 
 $info_attr_transform_post = array()
 List of HTMLPurifier_AttrTransform to be performed after validation. More...
 
 $info_injector = array()
 List of HTMLPurifier_Injector to be performed during well-formedness fixing. More...
 
 $defines_child_def = false
 Boolean flag that indicates whether or not getChildDef is implemented. More...
 
 $safe = true
 Boolean flag whether or not this module is safe. More...
 

Detailed Description

A "safe" script module.

No inline JS is allowed, and pointed to JS files must match whitelist.

Definition at line 7 of file SafeScripting.php.

Member Function Documentation

◆ setup()

HTMLPurifier_HTMLModule_SafeScripting::setup (   $config)
Parameters
HTMLPurifier_Config$config

Reimplemented from HTMLPurifier_HTMLModule.

Definition at line 17 of file SafeScripting.php.

18 {
19 // These definitions are not intrinsically safe: the attribute transforms
20 // are a vital part of ensuring safety.
21
22 $allowed = $config->get('HTML.SafeScripting');
23 $script = $this->addElement(
24 'script',
25 'Inline',
26 'Empty',
27 null,
28 array(
29 // While technically not required by the spec, we're forcing
30 // it to this value.
31 'type' => 'Enum#text/javascript',
32 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
33 )
34 );
35 $script->attr_transform_pre[] =
36 $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
37 }
Validates a keyword against a list of valid values.
Definition: Enum.php:11
Implements required attribute stipulation for <script>
addElement($element, $type, $contents, $attr_includes=array(), $attr=array())
Convenience function that sets up a new element.
Definition: HTMLModule.php:144

References HTMLPurifier_HTMLModule\addElement().

+ Here is the call graph for this function:

Field Documentation

◆ $name

HTMLPurifier_HTMLModule_SafeScripting::$name = 'SafeScripting'

@type string

Definition at line 12 of file SafeScripting.php.


The documentation for this class was generated from the following file: