1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-10 17:26:25 +02:00

Add %HTML.Forms config directive (#260)

The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted
value. This adds support for form elements without enabling other unsafe
modules, such as Scripts, Iframe or Object.

To achieve the same effect without this directive one has to explicitly list
all enabled modules in %HTML.AllowedModules, and any not listed will be
removed. This however is not very convenient, as the allowed modules may vary
between doctypes.

Resolves #213.
This commit is contained in:
Mateusz Turcza
2020-06-29 02:26:33 +02:00
committed by GitHub
parent d148edbcf1
commit 3bdc031224
5 changed files with 28 additions and 1 deletions

View File

@ -161,6 +161,13 @@ class HTMLPurifier_HTMLModule_FormsTest extends HTMLPurifier_HTMLModuleHarness
$this->assertResult('<form action=""><input align="left" /></form>');
}
public function testHTMLFormsConfigDirective()
{
$this->config->set('HTML.Trusted', false);
$this->config->set('HTML.Forms', true);
$this->assertResult('<form action="..." method="post"><input type="text" /><textarea cols="20" rows="3"></textarea></form>');
}
}
// vim: et sw=4 sts=4