1 : <?php
2 :
3 : /*
4 :
5 : WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
6 : INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
7 :
8 : */
9 :
10 : /**
11 : * XHTML 1.1 Scripting module, defines elements that are used to contain
12 : * information pertaining to executable scripts or the lack of support
13 : * for executable scripts.
14 : * @note This module does not contain inline scripting elements
15 : */
16 1 : class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
17 : {
18 : public $name = 'Scripting';
19 : public $elements = array('script', 'noscript');
20 : public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');
21 : public $safe = false;
22 :
23 : public function __construct() {
24 : // TODO: create custom child-definition for noscript that
25 : // auto-wraps stray #PCDATA in a similar manner to
26 : // blockquote's custom definition (we would use it but
27 : // blockquote's contents are optional while noscript's contents
28 : // are required)
29 :
30 : // TODO: convert this to new syntax, main problem is getting
31 : // both content sets working
32 :
33 : // In theory, this could be safe, but I don't see any reason to
34 : // allow it.
35 1 : $this->info['noscript'] = new HTMLPurifier_ElementDef();
36 1 : $this->info['noscript']->attr = array( 0 => array('Common') );
37 1 : $this->info['noscript']->content_model = 'Heading | List | Block';
38 1 : $this->info['noscript']->content_model_type = 'required';
39 :
40 1 : $this->info['script'] = new HTMLPurifier_ElementDef();
41 1 : $this->info['script']->attr = array(
42 1 : 'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
43 1 : 'src' => new HTMLPurifier_AttrDef_URI(true),
44 1 : 'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))
45 1 : );
46 1 : $this->info['script']->content_model = '#PCDATA';
47 1 : $this->info['script']->content_model_type = 'optional';
48 1 : $this->info['script']->attr_transform_pre['type'] =
49 1 : $this->info['script']->attr_transform_post['type'] =
50 1 : new HTMLPurifier_AttrTransform_ScriptRequired();
51 1 : }
52 : }
53 :
|