0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-03-11 17:18:44 +00:00

Increase child definition sets to all elements to facilitate later expansion. Currently has no perceptible effect.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@704 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-02-03 03:45:13 +00:00
parent bda2615b30
commit 06867e14b6

View File

@ -229,43 +229,45 @@ class HTMLPurifier_HTMLDefinition
// strings are used instead of arrays because if you use arrays,
// you have to do some hideous manipulation with array_merge()
// todo: determine whether or not having allowed children
// that aren't allowed globally affects security (it shouldn't)
// if above works out, extend children definitions to include all
// possible elements (allowed elements will dictate which ones
// get dropped
// ALL ELEMENTS, regardless of whether or not they're allowed,
// are defined here. $allowed_tags then determines what to
// ignore
$e_special_extra = 'img';
$e_special_extra = 'object | applet | img | map | iframe';
$e_special_basic = 'br | span | bdo';
$e_special = "$e_special_basic | $e_special_extra";
$e_fontstyle_extra = 'big | small';
$e_fontstyle_extra = 'big | small | font | basefont';
$e_fontstyle_basic = 'tt | i | b | u | s | strike';
$e_fontstyle = "$e_fontstyle_basic | $e_fontstyle_extra";
$e_phrase_extra = 'sub | sup';
$e_phrase_basic = 'em | strong | dfn | code | q | samp | kbd | var'.
' | cite | abbr | acronym';
$e_phrase = "$e_phrase_basic | $e_phrase_extra";
$e_misc_inline = 'ins | del';
$e_misc = "$e_misc_inline";
$e_inline = "a | $e_special | $e_fontstyle | $e_phrase";
$e_inline_forms = 'input | select | textarea | label | button';
$e_misc_inline = 'ins | del | script';
$e_misc = "noscript | $e_misc_inline";
$e_inline = "a | $e_special | $e_fontstyle | $e_phrase | $e_inline_forms";
// pseudo-property we created for convenience, see later on
$e__inline = "#PCDATA | $e_inline | $e_misc_inline";
// note the casing
$e_Inline = new HTMLPurifier_ChildDef_Optional($e__inline);
$e_heading = 'h1|h2|h3|h4|h5|h6';
$e_lists = 'ul | ol | dl';
$e_blocktext = 'pre | hr | blockquote | address';
$e_block = "p | $e_heading | div | $e_lists | $e_blocktext | table";
$e_lists = 'ul | ol | dl | menu | dir';
$e_blocktext = 'pre | hr | blockquote | address | center | noframes';
$e_block = "p | $e_heading | div | $e_lists | $e_blocktext | isindex | fieldset | table";
$e_Block = new HTMLPurifier_ChildDef_Optional($e_block);
$e__flow = "#PCDATA | $e_block | $e_inline | $e_misc";
$e__flow = "#PCDATA | $e_block | form | $e_inline | $e_misc";
$e_Flow = new HTMLPurifier_ChildDef_Optional($e__flow);
$e_a_content = new HTMLPurifier_ChildDef_Optional("#PCDATA".
" | $e_special | $e_fontstyle | $e_phrase | $e_misc_inline");
" | $e_special | $e_fontstyle | $e_phrase | $e_inline_forms | $e_misc_inline");
$e_pre_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | a".
" | $e_special_basic | $e_fontstyle_basic | $e_phrase_basic".
" | $e_special_basic | $e_fontstyle_basic | $e_phrase_basic | $e_inline_forms".
" | $e_misc_inline");
$e_form_content = new HTMLPurifier_ChildDef_Optional('');//unused
$e_form_button_content = new HTMLPurifier_ChildDef_Optional('');//unused
$e_form_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_block | $e_inline | $e_misc");//unused
$e_form_button_content = new HTMLPurifier_ChildDef_Optional(
"#PCDATA | p | $e_heading | div | $e_lists | $e_blocktext |".
"table | br | span | bdo | object | applet | img | map |".
"$e_fontstyle | $e_phrase | $e_misc");//unused
$this->info['ins']->child =
$this->info['del']->child =