Support for safe external scripts via explicit whitelist.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2025-07-30 19:00:10 +02:00 · 2012-04-27 17:44:49 -04:00
parent 7291f19347
commit 2189a9430f
8 changed files with 95 additions and 2 deletions
--- a/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
@@ -0,0 +1,10 @@
+HTML.SafeScripting
+TYPE: lookup
+VERSION: 4.5.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+    Whether or not to permit script tags to external scripts in documents.
+    Inline scripting is not allowed, and the script must match an explicit whitelist.
+</p>
+--# vim: et sw=4 sts=4