1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-10 01:06:20 +02:00

[3.1.0] Move $safe from ElementDef to HTMLModule

- Make $info in AttrTypes protected, to force cloning
- Remove copy() functions in favor of clone

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1664 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-04-21 23:28:52 +00:00
parent 59605d592b
commit 50aa0ea714
27 changed files with 145 additions and 153 deletions

View File

@ -79,6 +79,20 @@ class HTMLPurifier_HTMLModule
*/
public $defines_child_def = false;
/**
* Boolean flag whether or not this module is safe. If it is not safe, all
* of its members are unsafe. Modules are safe by default (this might be
* slightly dangerous, but it doesn't make much sense to force HTML Purifier,
* which is based off of safe HTML, to explicitly say, "This is safe," even
* though there are modules which are "unsafe")
*
* @note Previously, safety could be applied at an element level granularity.
* We've removed this ability, so in order to add "unsafe" elements
* or attributes, a dedicated module with this property set to false
* must be used.
*/
public $safe = true;
/**
* Retrieves a proper HTMLPurifier_ChildDef subclass based on
* content_model and content_model_type member variables of
@ -94,7 +108,6 @@ class HTMLPurifier_HTMLModule
/**
* Convenience function that sets up a new element
* @param $element Name of element to add
* @param $safe Is element safe for untrusted users to use?
* @param $type What content set should element be registered to?
* Set as false to skip this step.
* @param $contents Allowed children in form of:
@ -106,7 +119,7 @@ class HTMLPurifier_HTMLModule
* @return Reference to created element definition object, so you
* can set advanced parameters
*/
public function &addElement($element, $safe, $type, $contents, $attr_includes = array(), $attr = array()) {
public function &addElement($element, $type, $contents, $attr_includes = array(), $attr = array()) {
$this->elements[] = $element;
// parse content_model
list($content_model_type, $content_model) = $this->parseContents($contents);
@ -116,7 +129,7 @@ class HTMLPurifier_HTMLModule
if ($type) $this->addElementToContentSet($element, $type);
// create element
$this->info[$element] = HTMLPurifier_ElementDef::create(
$safe, $content_model, $content_model_type, $attr
$content_model, $content_model_type, $attr
);
// literal object $contents means direct child manipulation
if (!is_string($contents)) $this->info[$element]->child = $contents;