mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-07-10 17:26:25 +02:00
Add %HTML.Forms config directive (#260)
The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted value. This adds support for form elements without enabling other unsafe modules, such as Scripts, Iframe or Object. To achieve the same effect without this directive one has to explicitly list all enabled modules in %HTML.AllowedModules, and any not listed will be removed. This however is not very convenient, as the allowed modules may vary between doctypes. Resolves #213.
This commit is contained in:
@ -161,6 +161,13 @@ class HTMLPurifier_HTMLModule_FormsTest extends HTMLPurifier_HTMLModuleHarness
|
||||
$this->assertResult('<form action=""><input align="left" /></form>');
|
||||
}
|
||||
|
||||
public function testHTMLFormsConfigDirective()
|
||||
{
|
||||
$this->config->set('HTML.Trusted', false);
|
||||
$this->config->set('HTML.Forms', true);
|
||||
|
||||
$this->assertResult('<form action="..." method="post"><input type="text" /><textarea cols="20" rows="3"></textarea></form>');
|
||||
}
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
Reference in New Issue
Block a user