mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-10-16 22:46:06 +02:00
Remove trailing whitespace.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
Edward Z. Yang
@@ -5,4 +5,4 @@ DEFAULT: array()
|
||||
--DESCRIPTION--
|
||||
List of allowed forward document relationships in the rel attribute. Common
|
||||
values may be nofollow or print. By default, this is empty, meaning that no
|
||||
document relationships are allowed.
|
||||
document relationships are allowed.
|
||||
|
||||
@@ -5,4 +5,4 @@ DEFAULT: array()
|
||||
--DESCRIPTION--
|
||||
List of allowed reverse document relationships in the rev attribute. This
|
||||
attribute is a bit of an edge-case; if you don't know what it is for, stay
|
||||
away.
|
||||
away.
|
||||
|
||||
@@ -5,4 +5,4 @@ DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
PCRE regular expression to be matched against all IDs. If the expression is
|
||||
matches, the ID is rejected. Use this with care: may cause significant
|
||||
degradation. ID matching is done after all other validation.
|
||||
degradation. ID matching is done after all other validation.
|
||||
|
||||
@@ -8,4 +8,4 @@ you may opt to simply add a prefix to all user-submitted ID attributes so
|
||||
that they are still usable, but will not conflict with core page IDs.
|
||||
Example: setting the directive to 'user_' will result in a user submitted
|
||||
'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
|
||||
before using this.
|
||||
before using this.
|
||||
|
||||
@@ -10,4 +10,4 @@ seperately submitted user content displayed on the same page doesn't
|
||||
clobber each other. Ideal values are unique identifiers for the content it
|
||||
represents (i.e. the id of the row in the database). Be sure to add a
|
||||
seperator (like an underscore) at the end. Warning: this directive will
|
||||
not work unless %Attr.IDPrefix is set to a non-empty value!
|
||||
not work unless %Attr.IDPrefix is set to a non-empty value!
|
||||
|
||||
@@ -7,6 +7,6 @@ DEFAULT: array()
|
||||
<p>
|
||||
This directive can be used to add custom auto-format injectors.
|
||||
Specify an array of injector names (class name minus the prefix)
|
||||
or concrete implementations. Injector class must exist.
|
||||
or concrete implementations. Injector class must exist.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -7,6 +7,6 @@ DEFAULT: false
|
||||
<p>
|
||||
This directive turns on linkification, auto-linking http, ftp and
|
||||
https URLs. <code>a</code> tags with the <code>href</code> attribute
|
||||
must be allowed.
|
||||
must be allowed.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -7,6 +7,6 @@ DEFAULT: '#%s'
|
||||
<p>
|
||||
Location of configuration documentation to link to, let %s substitute
|
||||
into the configuration's namespace and directive names sans the percent
|
||||
sign.
|
||||
sign.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -5,13 +5,13 @@ DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
If HTML Purifier's style attributes set is unsatisfactory for your needs,
|
||||
you can overload it with your own list of tags to allow. Note that this
|
||||
method is subtractive: it does its job by taking away from HTML Purifier
|
||||
usual feature set, so you cannot add an attribute that HTML Purifier never
|
||||
If HTML Purifier's style attributes set is unsatisfactory for your needs,
|
||||
you can overload it with your own list of tags to allow. Note that this
|
||||
method is subtractive: it does its job by taking away from HTML Purifier
|
||||
usual feature set, so you cannot add an attribute that HTML Purifier never
|
||||
supported in the first place.
|
||||
</p>
|
||||
<p>
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override.
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override.
|
||||
</p>
|
||||
|
||||
@@ -6,6 +6,6 @@ DEFAULT: 1
|
||||
|
||||
<p>
|
||||
Revision identifier for your custom definition. See
|
||||
%HTML.DefinitionRev for details.
|
||||
%HTML.DefinitionRev for details.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -5,6 +5,6 @@ DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
Whether or not to allow safe, proprietary CSS values.
|
||||
Whether or not to allow safe, proprietary CSS values.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ DEFAULT: 'Serializer'
|
||||
This directive defines which method to use when caching definitions,
|
||||
the complex data-type that makes HTML Purifier tick. Set to null
|
||||
to disable caching (not recommended, as you will see a definite
|
||||
performance degradation).
|
||||
performance degradation).
|
||||
|
||||
--ALIASES--
|
||||
Core.DefinitionCache
|
||||
|
||||
@@ -8,6 +8,6 @@ DEFAULT: NULL
|
||||
Absolute path with no trailing slash to store serialized definitions in.
|
||||
Default is within the
|
||||
HTML Purifier library inside DefinitionCache/Serializer. This
|
||||
path must be writable by the webserver.
|
||||
path must be writable by the webserver.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -8,4 +8,4 @@ Whether or not to collect errors found while filtering the document. This
|
||||
is a useful way to give feedback to your users. <strong>Warning:</strong>
|
||||
Currently this feature is very patchy and experimental, with lots of
|
||||
possible error messages not yet implemented. It will not cause any
|
||||
problems, but it may not help your users either.
|
||||
problems, but it may not help your users either.
|
||||
|
||||
@@ -12,6 +12,6 @@ DEFAULT: 0
|
||||
performance, and this is only strictly necessary if the counting
|
||||
algorithm is buggy (in which case you should report it as a bug).
|
||||
This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
|
||||
not being used.
|
||||
not being used.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -9,4 +9,4 @@ converting it to its native encoding. This means that even characters that
|
||||
can be expressed in the non-UTF-8 encoding will be entity-ized, which can
|
||||
be a real downer for encodings like Big5. It also assumes that the ASCII
|
||||
repetoire is available, although this is the case for almost all encodings.
|
||||
Anyway, use UTF-8!
|
||||
Anyway, use UTF-8!
|
||||
|
||||
@@ -10,7 +10,7 @@ array (
|
||||
<p>
|
||||
This directive is a lookup array of elements which should have their
|
||||
contents removed when they are not allowed by the HTML definition.
|
||||
For example, the contents of a <code>script</code> tag are not
|
||||
For example, the contents of a <code>script</code> tag are not
|
||||
normally shown in a document, so if script tags are to be removed,
|
||||
their contents should be removed to. This is opposed to a <code>b</code>
|
||||
tag, which defines some presentational changes but does not hide its
|
||||
|
||||
@@ -9,8 +9,8 @@ DEFAULT: NULL
|
||||
This is useful when error reporting is turned on, but can result in
|
||||
significant performance degradation and should not be used when
|
||||
unnecessary. This directive must be used with the DirectLex lexer,
|
||||
as the DOMLex lexer does not (yet) support this functionality.
|
||||
as the DOMLex lexer does not (yet) support this functionality.
|
||||
If the value is null, an appropriate value will be selected based
|
||||
on other configuration.
|
||||
on other configuration.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -5,8 +5,8 @@ VERSION: 1.3.0
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
This directive enables pre-emptive URI checking in <code>img</code>
|
||||
tags, as the attribute validation strategy is not authorized to
|
||||
This directive enables pre-emptive URI checking in <code>img</code>
|
||||
tags, as the attribute validation strategy is not authorized to
|
||||
remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -27,15 +27,15 @@ EXTERNAL: CSSTidy
|
||||
<?php
|
||||
require_once '/path/to/library/HTMLPurifier.auto.php';
|
||||
require_once '/path/to/csstidy.class.php';
|
||||
|
||||
|
||||
$dirty = '<style>body {color:#F00;}</style> Some text';
|
||||
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
$config->set('Filter', 'ExtractStyleBlocks', true);
|
||||
$purifier = new HTMLPurifier($config);
|
||||
|
||||
|
||||
$html = $purifier->purify($dirty);
|
||||
|
||||
|
||||
// This implementation writes the stylesheets to the styles/ directory.
|
||||
// You can also echo the styles inside the document, but it's a bit
|
||||
// more difficult to make sure they get interpreted properly by
|
||||
|
||||
@@ -9,6 +9,6 @@ ALIASES: Filter.ExtractStyleBlocksEscaping
|
||||
Whether or not to escape the dangerous characters <, > and &
|
||||
as \3C, \3E and \26, respectively. This is can be safely set to false
|
||||
if the contents of StyleBlocks will be placed in an external stylesheet,
|
||||
where there is no risk of it being interpreted as HTML.
|
||||
where there is no risk of it being interpreted as HTML.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -5,15 +5,15 @@ DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
If HTML Purifier's attribute set is unsatisfactory, overload it!
|
||||
The syntax is "tag.attr" or "*.attr" for the global attributes
|
||||
If HTML Purifier's attribute set is unsatisfactory, overload it!
|
||||
The syntax is "tag.attr" or "*.attr" for the global attributes
|
||||
(style, id, class, dir, lang, xml:lang).
|
||||
</p>
|
||||
<p>
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override. For
|
||||
example, %HTML.EnableAttrID will take precedence over *.id in this
|
||||
directive. You must set that directive to true before you can use
|
||||
IDs at all.
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override. For
|
||||
example, %HTML.EnableAttrID will take precedence over *.id in this
|
||||
directive. You must set that directive to true before you can use
|
||||
IDs at all.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -4,15 +4,15 @@ VERSION: 1.3.0
|
||||
DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
If HTML Purifier's tag set is unsatisfactory for your needs, you
|
||||
can overload it with your own list of tags to allow. Note that this
|
||||
method is subtractive: it does its job by taking away from HTML Purifier
|
||||
usual feature set, so you cannot add a tag that HTML Purifier never
|
||||
supported in the first place (like embed, form or head). If you
|
||||
If HTML Purifier's tag set is unsatisfactory for your needs, you
|
||||
can overload it with your own list of tags to allow. Note that this
|
||||
method is subtractive: it does its job by taking away from HTML Purifier
|
||||
usual feature set, so you cannot add a tag that HTML Purifier never
|
||||
supported in the first place (like embed, form or head). If you
|
||||
change this, you probably also want to change %HTML.AllowedAttributes.
|
||||
</p>
|
||||
<p>
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override.
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -15,6 +15,6 @@ DEFAULT: NULL
|
||||
If you specify a module that does not exist, the manager will silently
|
||||
fail to use it, so be careful! User-defined modules are not affected
|
||||
by this directive. Modules defined in %HTML.CoreModules are not
|
||||
affected by this directive.
|
||||
affected by this directive.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -13,6 +13,6 @@ DEFAULT: 'p'
|
||||
<code><blockquote>Foo</blockquote></code> would become
|
||||
<code><blockquote><p>Foo</p></blockquote></code>.
|
||||
The <code><p></code> tags can be replaced with whatever you desire,
|
||||
as long as it is a block level element.
|
||||
as long as it is a block level element.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -18,6 +18,6 @@ array (
|
||||
that must be included for the doctype to be an conforming document
|
||||
type: put those modules here. By default, XHTML's core modules
|
||||
are used. You can set this to a blank array to disable core module
|
||||
protection, but this is not recommended.
|
||||
protection, but this is not recommended.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -11,6 +11,6 @@ DEFAULT: 1
|
||||
context: revision 3 is more up-to-date then revision 2. Thus, when
|
||||
this gets incremented, the cache handling is smart enough to clean
|
||||
up any older revisions of your definition as well as flush the
|
||||
cache.
|
||||
cache.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -5,8 +5,8 @@ DEFAULT: 'div'
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
String name of element that HTML fragment passed to library will be
|
||||
inserted in. An interesting variation would be using span as the
|
||||
parent element, meaning that only inline tags would be allowed.
|
||||
String name of element that HTML fragment passed to library will be
|
||||
inserted in. An interesting variation would be using span as the
|
||||
parent element, meaning that only inline tags would be allowed.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ DEFAULT: false
|
||||
<p>
|
||||
Whether or not to permit object tags in documents, with a number of extra
|
||||
security features added to prevent script execution. This is similar to
|
||||
what websites like MySpace do to object tags. You may also want to
|
||||
what websites like MySpace do to object tags. You may also want to
|
||||
enable %HTML.SafeEmbed for maximum interoperability with Internet Explorer,
|
||||
although embed tags will cause your website to stop validating.
|
||||
<strong>Highly experimental.</strong>
|
||||
|
||||
@@ -4,5 +4,5 @@ VERSION: 2.0.0
|
||||
DEFAULT: array()
|
||||
--DESCRIPTION--
|
||||
|
||||
Fixes to add to the default set of Tidy fixes as per your level.
|
||||
Fixes to add to the default set of Tidy fixes as per your level.
|
||||
|
||||
|
||||
@@ -4,5 +4,5 @@ VERSION: 2.0.0
|
||||
DEFAULT: array()
|
||||
--DESCRIPTION--
|
||||
|
||||
Fixes to remove from the default set of Tidy fixes as per your level.
|
||||
Fixes to remove from the default set of Tidy fixes as per your level.
|
||||
|
||||
|
||||
@@ -4,4 +4,4 @@ VERSION: 2.0.0
|
||||
DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
Indicates whether or not the user input is trusted or not. If the input is
|
||||
trusted, a more expansive set of allowed tags and attributes will be used.
|
||||
trusted, a more expansive set of allowed tags and attributes will be used.
|
||||
|
||||
@@ -4,6 +4,6 @@ VERSION: 2.0.0
|
||||
DEFAULT: true
|
||||
--DESCRIPTION--
|
||||
Determines whether or not HTML Purifier should attempt to fix up the
|
||||
contents of script tags for legacy browsers with comments.
|
||||
contents of script tags for legacy browsers with comments.
|
||||
--ALIASES--
|
||||
Core.CommentScriptContents
|
||||
|
||||
@@ -8,6 +8,6 @@ DEFAULT: NULL
|
||||
Newline string to format final output with. If left null, HTML Purifier
|
||||
will auto-detect the default newline type of the system and use that;
|
||||
you can manually override it here. Remember, \r\n is Windows, \r
|
||||
is Mac, and \n is Unix.
|
||||
is Mac, and \n is Unix.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ VERSION: 1.1.1
|
||||
DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
Determines whether or not to run Tidy on the final output for pretty
|
||||
Determines whether or not to run Tidy on the final output for pretty
|
||||
formatting reasons, such as indentation and wrap.
|
||||
</p>
|
||||
<p>
|
||||
|
||||
@@ -9,9 +9,9 @@ DEFAULT: NULL
|
||||
inserted into. This information is important if HTML Purifier needs
|
||||
to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute
|
||||
is on. You may use a non-absolute URI for this value, but behavior
|
||||
may vary (%URI.MakeAbsolute deals nicely with both absolute and
|
||||
may vary (%URI.MakeAbsolute deals nicely with both absolute and
|
||||
relative paths, but forwards-compatibility is not guaranteed).
|
||||
<strong>Warning:</strong> If set, the scheme on this URI
|
||||
overrides the one specified by %URI.DefaultScheme.
|
||||
overrides the one specified by %URI.DefaultScheme.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ DEFAULT: 'http'
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
Defines through what scheme the output will be served, in order to
|
||||
Defines through what scheme the output will be served, in order to
|
||||
select the proper object validator when no scheme information is present.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -6,6 +6,6 @@ DEFAULT: 1
|
||||
|
||||
<p>
|
||||
Revision identifier for your custom definition. See
|
||||
%HTML.DefinitionRev for details.
|
||||
%HTML.DefinitionRev for details.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -5,8 +5,8 @@ DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
Disables all URIs in all forms. Not sure why you'd want to do that
|
||||
(after all, the Internet's founded on the notion of a hyperlink).
|
||||
Disables all URIs in all forms. Not sure why you'd want to do that
|
||||
(after all, the Internet's founded on the notion of a hyperlink).
|
||||
</p>
|
||||
|
||||
--ALIASES--
|
||||
|
||||
@@ -7,4 +7,4 @@ Disables links to external websites. This is a highly effective anti-spam
|
||||
and anti-pagerank-leech measure, but comes at a hefty price: nolinks or
|
||||
images outside of your domain will be allowed. Non-linkified URIs will
|
||||
still be preserved. If you want to be able to link to subdomains or use
|
||||
absolute URIs, specify %URI.Host for your website.
|
||||
absolute URIs, specify %URI.Host for your website.
|
||||
|
||||
@@ -9,4 +9,4 @@ tracking (good for email viewers), bandwidth leeching, cross-site request
|
||||
forging, goatse.cx posting, and other nasties, but also results in a loss
|
||||
of end-user functionality (they can't directly post a pic they posted from
|
||||
Flickr anymore). Use it if you don't have a robust user-content moderation
|
||||
team.
|
||||
team.
|
||||
|
||||
@@ -6,7 +6,7 @@ DEFAULT: false
|
||||
|
||||
<p>
|
||||
Disables embedding resources, essentially meaning no pictures. You can
|
||||
still link to them though. See %URI.DisableExternalResources for why
|
||||
this might be a good idea.
|
||||
still link to them though. See %URI.DisableExternalResources for why
|
||||
this might be a good idea.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -5,13 +5,13 @@ DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
Defines the domain name of the server, so we can determine whether or
|
||||
an absolute URI is from your website or not. Not strictly necessary,
|
||||
as users should be using relative URIs to reference resources on your
|
||||
website. It will, however, let you use absolute URIs to link to
|
||||
subdomains of the domain you post here: i.e. example.com will allow
|
||||
sub.example.com. However, higher up domains will still be excluded:
|
||||
if you set %URI.Host to sub.example.com, example.com will be blocked.
|
||||
Defines the domain name of the server, so we can determine whether or
|
||||
an absolute URI is from your website or not. Not strictly necessary,
|
||||
as users should be using relative URIs to reference resources on your
|
||||
website. It will, however, let you use absolute URIs to link to
|
||||
subdomains of the domain you post here: i.e. example.com will allow
|
||||
sub.example.com. However, higher up domains will still be excluded:
|
||||
if you set %URI.Host to sub.example.com, example.com will be blocked.
|
||||
<strong>Note:</strong> This directive overrides %URI.Base because
|
||||
a given page may be on a sub-domain, but you wish HTML Purifier to be
|
||||
more relaxed and allow some of the parent domains too.
|
||||
|
||||
@@ -5,4 +5,4 @@ DEFAULT: array()
|
||||
--DESCRIPTION--
|
||||
List of strings that are forbidden in the host of any URI. Use it to kill
|
||||
domain names of spam, etc. Note that it will catch anything in the domain,
|
||||
so <tt>moo.com</tt> will catch <tt>moo.com.example.com</tt>.
|
||||
so <tt>moo.com</tt> will catch <tt>moo.com.example.com</tt>.
|
||||
|
||||
@@ -7,8 +7,8 @@ DEFAULT: NULL
|
||||
<p>
|
||||
Munges all browsable (usually http, https and ftp)
|
||||
absolute URIs into another URI, usually a URI redirection service.
|
||||
This directive accepts a URI, formatted with a <code>%s</code> where
|
||||
the url-encoded original URI should be inserted (sample:
|
||||
This directive accepts a URI, formatted with a <code>%s</code> where
|
||||
the url-encoded original URI should be inserted (sample:
|
||||
<code>http://www.google.com/url?q=%s</code>).
|
||||
</p>
|
||||
<p>
|
||||
@@ -16,10 +16,10 @@ DEFAULT: NULL
|
||||
</p>
|
||||
<ul>
|
||||
<li>
|
||||
Prevent PageRank leaks, while being fairly transparent
|
||||
to users (you may also want to add some client side JavaScript to
|
||||
Prevent PageRank leaks, while being fairly transparent
|
||||
to users (you may also want to add some client side JavaScript to
|
||||
override the text in the statusbar). <strong>Notice</strong>:
|
||||
Many security experts believe that this form of protection does not deter spam-bots.
|
||||
Many security experts believe that this form of protection does not deter spam-bots.
|
||||
</li>
|
||||
<li>
|
||||
Redirect users to a splash page telling them they are leaving your
|
||||
|
||||
Reference in New Issue
Block a user