Support for safe external scripts via explicit whitelist.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2025-07-10 09:16:20 +02:00 · 2012-04-27 17:44:49 -04:00
parent 7291f19347
commit 2189a9430f
8 changed files with 95 additions and 2 deletions
--- a/library/HTMLPurifier/HTMLModuleManager.php
+++ b/library/HTMLPurifier/HTMLModuleManager.php
@ -228,6 +228,9 @@ class HTMLPurifier_HTMLModuleManager
        if ($config->get('HTML.SafeEmbed')) {
            $modules[] = 'SafeEmbed';
        }
+        if ($config->get('HTML.SafeScripting') !== array()) {
+            $modules[] = 'SafeScripting';
+        }
        if ($config->get('HTML.Nofollow')) {
            $modules[] = 'Nofollow';
        }