[3.1.0] Implement tag@attr for Allowed and Forbidden

- Fix (or null) bug in configdoc git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1695 48356398-32a2-884e-a903-53898d9a118a
2025-07-31 19:30:21 +02:00 · 2008-04-26 03:14:01 +00:00
parent 1f8619cda5
commit 84aa2ca390
9 changed files with 276 additions and 84 deletions
--- a/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
@@ -4,7 +4,17 @@ VERSION: 3.1.0
 DEFAULT: array()
 --DESCRIPTION--
 <p>
-    This directive complements %HTML.ForbiddenElements and is the inverse of
-    %HTML.AllowedAttributes. Please see the former for a discussion of why you
+    While this directive is similar to %HTML.AllowedAttributes, for
+    forwards-compatibility with XML, this attribute has a different syntax. Instead of
+    <code>tag.attr</code>, use <code>tag@attr</code>. To disallow <code>href</code>
+    attributes in <code>a</code> tags, set this directive to
+    <code>a@href</code>. You can also disallow an attribute globally with
+    <code>attr</code> or <code>*@attr</code> (either syntax is fine; the latter
+    is provided for consistency with %HTML.AllowedAttributes).
+</p>
+<p>
+    <strong>Warning:</strong> This directive complements %HTML.ForbiddenElements,
+    accordingly, check
+    out that directive for a discussion of why you
    should think twice before using this directive.
 </p>