You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62 lines
1.9 KiB
62 lines
1.9 KiB
<?php |
|
|
|
/** |
|
* A "safe" object module. In theory, objects permitted by this module will |
|
* be safe, and untrusted users can be allowed to embed arbitrary flash objects |
|
* (maybe other types too, but only Flash is supported as of right now). |
|
* Highly experimental. |
|
*/ |
|
class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule |
|
{ |
|
/** |
|
* @type string |
|
*/ |
|
public $name = 'SafeObject'; |
|
|
|
/** |
|
* @param HTMLPurifier_Config $config |
|
*/ |
|
public function setup($config) |
|
{ |
|
// These definitions are not intrinsically safe: the attribute transforms |
|
// are a vital part of ensuring safety. |
|
|
|
$max = $config->get('HTML.MaxImgLength'); |
|
$object = $this->addElement( |
|
'object', |
|
'Inline', |
|
'Optional: param | Flow | #PCDATA', |
|
'Common', |
|
array( |
|
// While technically not required by the spec, we're forcing |
|
// it to this value. |
|
'type' => 'Enum#application/x-shockwave-flash', |
|
'width' => 'Pixels#' . $max, |
|
'height' => 'Pixels#' . $max, |
|
'data' => 'URI#embedded', |
|
'codebase' => new HTMLPurifier_AttrDef_Enum( |
|
array( |
|
'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0' |
|
) |
|
), |
|
) |
|
); |
|
$object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject(); |
|
|
|
$param = $this->addElement( |
|
'param', |
|
false, |
|
'Empty', |
|
false, |
|
array( |
|
'id' => 'ID', |
|
'name*' => 'Text', |
|
'value' => 'Text' |
|
) |
|
); |
|
$param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam(); |
|
$this->info_injector[] = 'SafeObject'; |
|
} |
|
} |
|
|
|
// vim: et sw=4 sts=4
|
|
|