mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-05 21:57:26 +02:00
Code Issues Releases Wiki Activity

[3.1.0] Implement tag@attr for Allowed and Forbidden

Browse Source 
- Fix (or null) bug in configdoc

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1695 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-04-26 03:14:01 +00:00
parent 1f8619cda5
commit 84aa2ca390
9 changed files with 276 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/HTMLPurifier/ConfigSchema/Builder/Xml.php
View File

@@ -71,8 +71,10 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->startElement('constraints');
if ($directive->version) $this->writeElement('version', $directive->version);
$this->writeElement('type', $directive->type);
if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes');
$this->startElement('type');
if ($directive->typeAllowsNull) $this->writeAttribute('allow-null', 'yes');
$this->text($directive->type);
$this->endElement(); // type
if ($directive->allowed) {
$this->startElement('allowed');
foreach ($directive->allowed as $value => $x) $this->writeElement('value', $value);

14
library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
View File

@@ -4,7 +4,17 @@ VERSION: 3.1.0
DEFAULT: array()
--DESCRIPTION--
<p>
This directive complements %HTML.ForbiddenElements and is the inverse of
%HTML.AllowedAttributes. Please see the former for a discussion of why you
While this directive is similar to %HTML.AllowedAttributes, for
forwards-compatibility with XML, this attribute has a different syntax. Instead of
<code>tag.attr</code>, use <code>tag@attr</code>. To disallow <code>href</code>
attributes in <code>a</code> tags, set this directive to
<code>a@href</code>. You can also disallow an attribute globally with
<code>attr</code> or <code>*@attr</code> (either syntax is fine; the latter
is provided for consistency with %HTML.AllowedAttributes).
</p>
<p>
<strong>Warning:</strong> This directive complements %HTML.ForbiddenElements,
accordingly, check
out that directive for a discussion of why you
should think twice before using this directive.
</p>