mirror of
https://github.com/moodle/moodle.git
synced 2025-07-09 16:36:28 +02:00
be7f6d4834
Prior to this change, all the line endings in the imported HTMLPurifier library were using CRLF (\r\n aka Windows style), but the HTMLPurifier source and also the downloadable artefacts use LF (\n aka Linux style) as line endings. This has been the case since510d190382when with the commit "MDL-38672 import HTML Purifier 4.5.0" all line endings were changed from LF to CRLF. There was no comment in the commit on why this change was done. As the original source uses LF, this commit partly reverts510d190382and goes back to LF as line endings. Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
74 lines
2.3 KiB
PHP
74 lines
2.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
|
|
WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
|
|
INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
|
|
|
|
*/
|
|
|
|
/**
|
|
* XHTML 1.1 Scripting module, defines elements that are used to contain
|
|
* information pertaining to executable scripts or the lack of support
|
|
* for executable scripts.
|
|
* @note This module does not contain inline scripting elements
|
|
*/
|
|
class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
|
|
{
|
|
/**
|
|
* @type string
|
|
*/
|
|
public $name = 'Scripting';
|
|
|
|
/**
|
|
* @type array
|
|
*/
|
|
public $elements = array('script', 'noscript');
|
|
|
|
/**
|
|
* @type array
|
|
*/
|
|
public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');
|
|
|
|
/**
|
|
* @type bool
|
|
*/
|
|
public $safe = false;
|
|
|
|
/**
|
|
* @param HTMLPurifier_Config $config
|
|
*/
|
|
public function setup($config)
|
|
{
|
|
// TODO: create custom child-definition for noscript that
|
|
// auto-wraps stray #PCDATA in a similar manner to
|
|
// blockquote's custom definition (we would use it but
|
|
// blockquote's contents are optional while noscript's contents
|
|
// are required)
|
|
|
|
// TODO: convert this to new syntax, main problem is getting
|
|
// both content sets working
|
|
|
|
// In theory, this could be safe, but I don't see any reason to
|
|
// allow it.
|
|
$this->info['noscript'] = new HTMLPurifier_ElementDef();
|
|
$this->info['noscript']->attr = array(0 => array('Common'));
|
|
$this->info['noscript']->content_model = 'Heading | List | Block';
|
|
$this->info['noscript']->content_model_type = 'required';
|
|
|
|
$this->info['script'] = new HTMLPurifier_ElementDef();
|
|
$this->info['script']->attr = array(
|
|
'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
|
|
'src' => new HTMLPurifier_AttrDef_URI(true),
|
|
'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))
|
|
);
|
|
$this->info['script']->content_model = '#PCDATA';
|
|
$this->info['script']->content_model_type = 'optional';
|
|
$this->info['script']->attr_transform_pre[] =
|
|
$this->info['script']->attr_transform_post[] =
|
|
new HTMLPurifier_AttrTransform_ScriptRequired();
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|