mirror of
https://github.com/renbaoshuo/S2OJ.git
synced 2024-11-23 09:18:41 +00:00
96d4a3ecf7
Due to historical reasons, the code is in subfolder "1". With SVN removal, we place the code back and remove the annoying "1" folder.
63 lines
1.9 KiB
PHP
63 lines
1.9 KiB
PHP
<?php
|
|
|
|
/**
|
|
* A "safe" object module. In theory, objects permitted by this module will
|
|
* be safe, and untrusted users can be allowed to embed arbitrary flash objects
|
|
* (maybe other types too, but only Flash is supported as of right now).
|
|
* Highly experimental.
|
|
*/
|
|
class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
|
|
{
|
|
/**
|
|
* @type string
|
|
*/
|
|
public $name = 'SafeObject';
|
|
|
|
/**
|
|
* @param HTMLPurifier_Config $config
|
|
*/
|
|
public function setup($config)
|
|
{
|
|
// These definitions are not intrinsically safe: the attribute transforms
|
|
// are a vital part of ensuring safety.
|
|
|
|
$max = $config->get('HTML.MaxImgLength');
|
|
$object = $this->addElement(
|
|
'object',
|
|
'Inline',
|
|
'Optional: param | Flow | #PCDATA',
|
|
'Common',
|
|
array(
|
|
// While technically not required by the spec, we're forcing
|
|
// it to this value.
|
|
'type' => 'Enum#application/x-shockwave-flash',
|
|
'width' => 'Pixels#' . $max,
|
|
'height' => 'Pixels#' . $max,
|
|
'data' => 'URI#embedded',
|
|
'codebase' => new HTMLPurifier_AttrDef_Enum(
|
|
array(
|
|
'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'
|
|
)
|
|
),
|
|
)
|
|
);
|
|
$object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
|
|
|
|
$param = $this->addElement(
|
|
'param',
|
|
false,
|
|
'Empty',
|
|
false,
|
|
array(
|
|
'id' => 'ID',
|
|
'name*' => 'Text',
|
|
'value' => 'Text'
|
|
)
|
|
);
|
|
$param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
|
|
$this->info_injector[] = 'SafeObject';
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|