mirror of
https://github.com/renbaoshuo/S2OJ.git
synced 2024-11-23 13:08:40 +00:00
96d4a3ecf7
Due to historical reasons, the code is in subfolder "1". With SVN removal, we place the code back and remove the annoying "1" folder.
41 lines
1.1 KiB
PHP
41 lines
1.1 KiB
PHP
<?php
|
|
|
|
/**
|
|
* A "safe" script module. No inline JS is allowed, and pointed to JS
|
|
* files must match whitelist.
|
|
*/
|
|
class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
|
|
{
|
|
/**
|
|
* @type string
|
|
*/
|
|
public $name = 'SafeScripting';
|
|
|
|
/**
|
|
* @param HTMLPurifier_Config $config
|
|
*/
|
|
public function setup($config)
|
|
{
|
|
// These definitions are not intrinsically safe: the attribute transforms
|
|
// are a vital part of ensuring safety.
|
|
|
|
$allowed = $config->get('HTML.SafeScripting');
|
|
$script = $this->addElement(
|
|
'script',
|
|
'Inline',
|
|
'Empty',
|
|
null,
|
|
array(
|
|
// While technically not required by the spec, we're forcing
|
|
// it to this value.
|
|
'type' => 'Enum#text/javascript',
|
|
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
|
|
)
|
|
);
|
|
$script->attr_transform_pre[] =
|
|
$script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|