mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-06 22:26:31 +02:00
Code Issues Releases Wiki Activity

Support flashvars.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
2010-03-08 01:16:57 -05:00
parent 97125ed18b
commit dc90e8e85b
5 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/HTMLPurifier/AttrTransform/SafeParam.php
View File

@@ -39,6 +39,10 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
case 'movie':
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
break;
case 'flashvars':
// we're going to allow arbitrary inputs to the SWF, on
// the reasoning that it could only hack the SWF, not us.
break;
// add other cases to support other param name/value pairs
default:
$attr['name'] = $attr['value'] = null;