mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-13 10:46:17 +02:00
Code Issues Releases Wiki Activity

[2.1.5] [MFH] Complete the imagecrash added protection fixes

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1785 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-06-11 01:53:31 +00:00
parent 0dbe87bbc7
commit 234cd2196f
13 changed files with 457 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
library/HTMLPurifier/HTMLModule/Image.php
View File

@ -20,10 +20,13 @@ class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
'img', true, 'Inline', 'Empty', 'Common',
array(
'alt*' => 'Text',
'height' => 'Length',
// According to the spec, it's Length, but percents can
// be abused, so we allow only Pixels. A trusted module
// could overload this with the real value.
'height' => 'Pixels',
'width' => 'Pixels',
'longdesc' => 'URI',
'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
'width' => 'Length'
)
);
// kind of strange, but splitting things up would be inefficient