mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
Exported configuration values!
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1537 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
3d56c1253b
commit
4c502b25f2
@ -268,3 +268,10 @@ Backwards-compatibility
|
|||||||
I expect that the ConfigSchema methods should stick around for a little bit,
|
I expect that the ConfigSchema methods should stick around for a little bit,
|
||||||
but display E_USER_NOTICE warnings that they are deprecated. This will
|
but display E_USER_NOTICE warnings that they are deprecated. This will
|
||||||
require documentation!
|
require documentation!
|
||||||
|
|
||||||
|
New stuff
|
||||||
|
---------
|
||||||
|
|
||||||
|
VERSION: Version number directive was introduced
|
||||||
|
DEPRECATED-VERSION: If the directive was deprecated, when was it deprecated?
|
||||||
|
DEPRECATED-USE: If the directive was deprecated, what should the user use now?
|
||||||
|
@ -0,0 +1,11 @@
|
|||||||
|
Attr.AllowedFrameTargets
|
||||||
|
TYPE: lookup
|
||||||
|
DEFAULT: array()
|
||||||
|
--DESCRIPTION--
|
||||||
|
Lookup table of all allowed link frame targets. Some commonly used link
|
||||||
|
targets include _blank, _self, _parent and _top. Values should be
|
||||||
|
lowercase, as validation will be done in a case-sensitive manner despite
|
||||||
|
W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute
|
||||||
|
so this directive will have no effect in that doctype. XHTML 1.1 does not
|
||||||
|
enable the Target module by default, you will have to manually enable it
|
||||||
|
(see the module documentation for more details.)
|
8
library/HTMLPurifier/ConfigSchema/Attr.AllowedRel.txt
Normal file
8
library/HTMLPurifier/ConfigSchema/Attr.AllowedRel.txt
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
Attr.AllowedRel
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 1.6.0
|
||||||
|
DEFAULT: array()
|
||||||
|
--DESCRIPTION--
|
||||||
|
List of allowed forward document relationships in the rel attribute. Common
|
||||||
|
values may be nofollow or print. By default, this is empty, meaning that no
|
||||||
|
document relationships are allowed.
|
8
library/HTMLPurifier/ConfigSchema/Attr.AllowedRev.txt
Normal file
8
library/HTMLPurifier/ConfigSchema/Attr.AllowedRev.txt
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
Attr.AllowedRev
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 1.6.0
|
||||||
|
DEFAULT: array()
|
||||||
|
--DESCRIPTION--
|
||||||
|
List of allowed reverse document relationships in the rev attribute. This
|
||||||
|
attribute is a bit of an edge-case; if you don't know what it is for, stay
|
||||||
|
away.
|
@ -0,0 +1,8 @@
|
|||||||
|
Attr.DefaultInvalidImage
|
||||||
|
TYPE: string
|
||||||
|
DEFAULT: ''
|
||||||
|
--DESCRIPTION--
|
||||||
|
This is the default image an img tag will be pointed to if it does not have
|
||||||
|
a valid src attribute. In future versions, we may allow the image tag to
|
||||||
|
be removed completely, but due to design issues, this is not possible right
|
||||||
|
now.
|
@ -0,0 +1,7 @@
|
|||||||
|
Attr.DefaultInvalidImageAlt
|
||||||
|
TYPE: string
|
||||||
|
DEFAULT: 'Invalid image'
|
||||||
|
--DESCRIPTION--
|
||||||
|
This is the content of the alt tag of an invalid image if the user had not
|
||||||
|
previously specified an alt attribute. It has no effect when the image is
|
||||||
|
valid but there was no alt attribute present.
|
@ -0,0 +1,9 @@
|
|||||||
|
Attr.DefaultTextDir
|
||||||
|
TYPE: string
|
||||||
|
DEFAULT: 'ltr'
|
||||||
|
--DESCRIPTION--
|
||||||
|
Defines the default text direction (ltr or rtl) of the document being
|
||||||
|
parsed. This generally is the same as the value of the dir attribute in
|
||||||
|
HTML, or ltr if that is not specified.
|
||||||
|
--ALLOWED--
|
||||||
|
'ltr', 'rtl'
|
15
library/HTMLPurifier/ConfigSchema/Attr.EnableID.txt
Normal file
15
library/HTMLPurifier/ConfigSchema/Attr.EnableID.txt
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
Attr.EnableID
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: false
|
||||||
|
VERSION: 1.2.0
|
||||||
|
--DESCRIPTION--
|
||||||
|
Allows the ID attribute in HTML. This is disabled by default due to the
|
||||||
|
fact that without proper configuration user input can easily break the
|
||||||
|
validation of a webpage by specifying an ID that is already on the
|
||||||
|
surrounding HTML. If you don't mind throwing caution to the wind, enable
|
||||||
|
this directive, but I strongly recommend you also consider blacklisting IDs
|
||||||
|
you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
|
||||||
|
(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of
|
||||||
|
pre-1.2.0 versions.
|
||||||
|
--ALIASES--
|
||||||
|
HTML.EnableAttrID
|
4
library/HTMLPurifier/ConfigSchema/Attr.IDBlacklist.txt
Normal file
4
library/HTMLPurifier/ConfigSchema/Attr.IDBlacklist.txt
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Attr.IDBlacklist
|
||||||
|
TYPE: list
|
||||||
|
DEFAULT: array()
|
||||||
|
DESCRIPTION: Array of IDs not allowed in the document.
|
@ -0,0 +1,8 @@
|
|||||||
|
Attr.IDBlacklistRegexp
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 1.6.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
PCRE regular expression to be matched against all IDs. If the expression is
|
||||||
|
matches, the ID is rejected. Use this with care: may cause significant
|
||||||
|
degradation. ID matching is done after all other validation.
|
11
library/HTMLPurifier/ConfigSchema/Attr.IDPrefix.txt
Normal file
11
library/HTMLPurifier/ConfigSchema/Attr.IDPrefix.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Attr.IDPrefix
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 1.2.0
|
||||||
|
DEFAULT: ''
|
||||||
|
--DESCRIPTION--
|
||||||
|
String to prefix to IDs. If you have no idea what IDs your pages may use,
|
||||||
|
you may opt to simply add a prefix to all user-submitted ID attributes so
|
||||||
|
that they are still usable, but will not conflict with core page IDs.
|
||||||
|
Example: setting the directive to 'user_' will result in a user submitted
|
||||||
|
'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
|
||||||
|
before using this.
|
13
library/HTMLPurifier/ConfigSchema/Attr.IDPrefixLocal.txt
Normal file
13
library/HTMLPurifier/ConfigSchema/Attr.IDPrefixLocal.txt
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Attr.IDPrefixLocal
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 1.2.0
|
||||||
|
DEFAULT: ''
|
||||||
|
--DESCRIPTION--
|
||||||
|
Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you
|
||||||
|
need to allow multiple sets of user content on web page, you may need to
|
||||||
|
have a seperate prefix that changes with each iteration. This way,
|
||||||
|
seperately submitted user content displayed on the same page doesn't
|
||||||
|
clobber each other. Ideal values are unique identifiers for the content it
|
||||||
|
represents (i.e. the id of the row in the database). Be sure to add a
|
||||||
|
seperator (like an underscore) at the end. Warning: this directive will
|
||||||
|
not work unless %Attr.IDPrefix is set to a non-empty value!
|
2
library/HTMLPurifier/ConfigSchema/Attr.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/Attr.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Attr
|
||||||
|
DESCRIPTION: Features regarding attribute validation.
|
@ -0,0 +1,30 @@
|
|||||||
|
AutoFormat.AutoParagraph
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.0.1
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This directive turns on auto-paragraphing, where double newlines are
|
||||||
|
converted in to paragraphs whenever possible. Auto-paragraphing:
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>Always applies to inline elements or text in the root node,</li>
|
||||||
|
<li>Applies to inline elements or text with double newlines in nodes
|
||||||
|
that allow paragraph tags,</li>
|
||||||
|
<li>Applies to double newlines in paragraph tags</li>
|
||||||
|
</ul>
|
||||||
|
<p>
|
||||||
|
<code>p</code> tags must be allowed for this directive to take effect.
|
||||||
|
We do not use <code>br</code> tags for paragraphing, as that is
|
||||||
|
semantically incorrect.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
To prevent auto-paragraphing as a content-producer, refrain from using
|
||||||
|
double-newlines except to specify a new paragraph or in contexts where
|
||||||
|
it has special meaning (whitespace usually has no meaning except in
|
||||||
|
tags like <code>pre</code>, so this should not be difficult.) To prevent
|
||||||
|
the paragraphing of inline text adjacent to block elements, wrap them
|
||||||
|
in <code>div</code> tags (the behavior is slightly different outside of
|
||||||
|
the root node.)
|
||||||
|
</p>
|
12
library/HTMLPurifier/ConfigSchema/AutoFormat.Custom.txt
Normal file
12
library/HTMLPurifier/ConfigSchema/AutoFormat.Custom.txt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
AutoFormat.Custom
|
||||||
|
TYPE: list
|
||||||
|
VERSION: 2.0.1
|
||||||
|
DEFAULT: array()
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This directive can be used to add custom auto-format injectors.
|
||||||
|
Specify an array of injector names (class name minus the prefix)
|
||||||
|
or concrete implementations. Injector class must exist.
|
||||||
|
</p>
|
||||||
|
|
12
library/HTMLPurifier/ConfigSchema/AutoFormat.Linkify.txt
Normal file
12
library/HTMLPurifier/ConfigSchema/AutoFormat.Linkify.txt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
AutoFormat.Linkify
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.0.1
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This directive turns on linkification, auto-linking http, ftp and
|
||||||
|
https URLs. <code>a</code> tags with the <code>href</code> attribute
|
||||||
|
must be allowed.
|
||||||
|
</p>
|
||||||
|
|
@ -0,0 +1,12 @@
|
|||||||
|
AutoFormat.PurifierLinkify
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.0.1
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Internal auto-formatter that converts configuration directives in
|
||||||
|
syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
|
||||||
|
with the <code>href</code> attribute must be allowed.
|
||||||
|
</p>
|
||||||
|
|
2
library/HTMLPurifier/ConfigSchema/AutoFormat.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/AutoFormat.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
AutoFormat
|
||||||
|
DESCRIPTION: Configuration for activating auto-formatting functionality (also known as <code>Injector</code>s)
|
@ -0,0 +1,12 @@
|
|||||||
|
AutoFormatParam.PurifierLinkifyDocURL
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.0.1
|
||||||
|
DEFAULT: '#%s'
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Location of configuration documentation to link to, let %s substitute
|
||||||
|
into the configuration's namespace and directive names sans the percent
|
||||||
|
sign.
|
||||||
|
</p>
|
||||||
|
|
2
library/HTMLPurifier/ConfigSchema/AutoFormatParam.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/AutoFormatParam.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
AutoFormatParam
|
||||||
|
DESCRIPTION: Configuration for customizing auto-formatting functionality
|
11
library/HTMLPurifier/ConfigSchema/CSS.DefinitionRev.txt
Normal file
11
library/HTMLPurifier/ConfigSchema/CSS.DefinitionRev.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
CSS.DefinitionRev
|
||||||
|
TYPE: int
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: 1
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Revision identifier for your custom definition. See
|
||||||
|
%HTML.DefinitionRev for details.
|
||||||
|
</p>
|
||||||
|
|
10
library/HTMLPurifier/ConfigSchema/CSS.Proprietary.txt
Normal file
10
library/HTMLPurifier/ConfigSchema/CSS.Proprietary.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
CSS.Proprietary
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 3.0.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Whether or not to allow safe, proprietary CSS values.
|
||||||
|
</p>
|
||||||
|
|
2
library/HTMLPurifier/ConfigSchema/CSS.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/CSS.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
CSS
|
||||||
|
DESCRIPTION: Configuration regarding allowed CSS.
|
13
library/HTMLPurifier/ConfigSchema/Cache.DefinitionImpl.txt
Normal file
13
library/HTMLPurifier/ConfigSchema/Cache.DefinitionImpl.txt
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Cache.DefinitionImpl
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: 'Serializer'
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
This directive defines which method to use when caching definitions,
|
||||||
|
the complex data-type that makes HTML Purifier tick. Set to null
|
||||||
|
to disable caching (not recommended, as you will see a definite
|
||||||
|
performance degradation).
|
||||||
|
|
||||||
|
--ALIASES--
|
||||||
|
Core.DefinitionCache
|
13
library/HTMLPurifier/ConfigSchema/Cache.SerializerPath.txt
Normal file
13
library/HTMLPurifier/ConfigSchema/Cache.SerializerPath.txt
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Cache.SerializerPath
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Absolute path with no trailing slash to store serialized definitions in.
|
||||||
|
Default is within the
|
||||||
|
HTML Purifier library inside DefinitionCache/Serializer. This
|
||||||
|
path must be writable by the webserver.
|
||||||
|
</p>
|
||||||
|
|
2
library/HTMLPurifier/ConfigSchema/Cache.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/Cache.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Cache
|
||||||
|
DESCRIPTION: Configuration for DefinitionCache and related subclasses.
|
13
library/HTMLPurifier/ConfigSchema/Core.AggressivelyFixLt.txt
Normal file
13
library/HTMLPurifier/ConfigSchema/Core.AggressivelyFixLt.txt
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Core.AggressivelyFixLt
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.1.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
This directive enables aggressive pre-filter fixes HTML Purifier can
|
||||||
|
perform in order to ensure that open angled-brackets do not get killed
|
||||||
|
during parsing stage. Enabling this will result in two preg_replace_callback
|
||||||
|
calls and one preg_replace call for every bit of HTML passed through here.
|
||||||
|
It is not necessary and will have no effect for PHP 4.
|
||||||
|
|
||||||
|
|
11
library/HTMLPurifier/ConfigSchema/Core.CollectErrors.txt
Normal file
11
library/HTMLPurifier/ConfigSchema/Core.CollectErrors.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Core.CollectErrors
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
Whether or not to collect errors found while filtering the document. This
|
||||||
|
is a useful way to give feedback to your users. <strong>Warning:</strong>
|
||||||
|
Currently this feature is very patchy and experimental, with lots of
|
||||||
|
possible error messages not yet implemented. It will not cause any
|
||||||
|
problems, but it may not help your users either.
|
29
library/HTMLPurifier/ConfigSchema/Core.ColorKeywords.txt
Normal file
29
library/HTMLPurifier/ConfigSchema/Core.ColorKeywords.txt
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
Core.ColorKeywords
|
||||||
|
TYPE: hash
|
||||||
|
VERSION: 2.0.0
|
||||||
|
--DEFAULT--
|
||||||
|
array (
|
||||||
|
'maroon' => '#800000',
|
||||||
|
'red' => '#FF0000',
|
||||||
|
'orange' => '#FFA500',
|
||||||
|
'yellow' => '#FFFF00',
|
||||||
|
'olive' => '#808000',
|
||||||
|
'purple' => '#800080',
|
||||||
|
'fuchsia' => '#FF00FF',
|
||||||
|
'white' => '#FFFFFF',
|
||||||
|
'lime' => '#00FF00',
|
||||||
|
'green' => '#008000',
|
||||||
|
'navy' => '#000080',
|
||||||
|
'blue' => '#0000FF',
|
||||||
|
'aqua' => '#00FFFF',
|
||||||
|
'teal' => '#008080',
|
||||||
|
'black' => '#000000',
|
||||||
|
'silver' => '#C0C0C0',
|
||||||
|
'gray' => '#808080',
|
||||||
|
)
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
Lookup array of color names to six digit hexadecimal number corresponding
|
||||||
|
to color, with preceding hash mark. Used when parsing colors.
|
||||||
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
|||||||
|
Core.ConvertDocumentToFragment
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: true
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
This parameter determines whether or not the filter should convert
|
||||||
|
input that is a full document with html and body tags to a fragment
|
||||||
|
of just the contents of a body tag. This parameter is simply something
|
||||||
|
HTML Purifier can do during an edge-case: for most inputs, this
|
||||||
|
processing is not necessary.
|
||||||
|
|
||||||
|
--ALIASES--
|
||||||
|
Core.AcceptFullDocuments
|
@ -0,0 +1,17 @@
|
|||||||
|
Core.DirectLexLineNumberSyncInterval
|
||||||
|
TYPE: int
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: 0
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Specifies the number of tokens the DirectLex line number tracking
|
||||||
|
implementations should process before attempting to resyncronize the
|
||||||
|
current line count by manually counting all previous new-lines. When
|
||||||
|
at 0, this functionality is disabled. Lower values will decrease
|
||||||
|
performance, and this is only strictly necessary if the counting
|
||||||
|
algorithm is buggy (in which case you should report it as a bug).
|
||||||
|
This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
|
||||||
|
not being used.
|
||||||
|
</p>
|
||||||
|
|
14
library/HTMLPurifier/ConfigSchema/Core.Encoding.txt
Normal file
14
library/HTMLPurifier/ConfigSchema/Core.Encoding.txt
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
Core.Encoding
|
||||||
|
TYPE: istring
|
||||||
|
DEFAULT: 'utf-8'
|
||||||
|
--DESCRIPTION--
|
||||||
|
If for some reason you are unable to convert all webpages to UTF-8, you can
|
||||||
|
use this directive as a stop-gap compatibility change to let HTML Purifier
|
||||||
|
deal with non UTF-8 input. This technique has notable deficiencies:
|
||||||
|
absolutely no characters outside of the selected character encoding will be
|
||||||
|
preserved, not even the ones that have been ampersand escaped (this is due
|
||||||
|
to a UTF-8 specific <em>feature</em> that automatically resolves all
|
||||||
|
entities), making it pretty useless for anything except the most I18N-blind
|
||||||
|
applications, although %Core.EscapeNonASCIICharacters offers fixes this
|
||||||
|
trouble with another tradeoff. This directive only accepts ISO-8859-1 if
|
||||||
|
iconv is not enabled.
|
@ -0,0 +1,9 @@
|
|||||||
|
Core.EscapeInvalidChildren
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
When true, a child is found that is not allowed in the context of the
|
||||||
|
parent element will be transformed into text as if it were ASCII. When
|
||||||
|
false, that element and all internal tags will be dropped, though text will
|
||||||
|
be preserved. There is no option for dropping the element but preserving
|
||||||
|
child nodes.
|
@ -0,0 +1,6 @@
|
|||||||
|
Core.EscapeInvalidTags
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
When true, invalid tags will be written back to the document as plain text.
|
||||||
|
Otherwise, they are silently dropped.
|
@ -0,0 +1,12 @@
|
|||||||
|
Core.EscapeNonASCIICharacters
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 1.4.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
This directive overcomes a deficiency in %Core.Encoding by blindly
|
||||||
|
converting all non-ASCII characters into decimal numeric entities before
|
||||||
|
converting it to its native encoding. This means that even characters that
|
||||||
|
can be expressed in the non-UTF-8 encoding will be entity-ized, which can
|
||||||
|
be a real downer for encodings like Big5. It also assumes that the ASCII
|
||||||
|
repetoire is available, although this is the case for almost all encodings.
|
||||||
|
Anyway, use UTF-8!
|
19
library/HTMLPurifier/ConfigSchema/Core.HiddenElements.txt
Normal file
19
library/HTMLPurifier/ConfigSchema/Core.HiddenElements.txt
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
Core.HiddenElements
|
||||||
|
TYPE: lookup
|
||||||
|
--DEFAULT--
|
||||||
|
array (
|
||||||
|
'script' => true,
|
||||||
|
'style' => true,
|
||||||
|
)
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This directive is a lookup array of elements which should have their
|
||||||
|
contents removed when they are not allowed by the HTML definition.
|
||||||
|
For example, the contents of a <code>script</code> tag are not
|
||||||
|
normally shown in a document, so if script tags are to be removed,
|
||||||
|
their contents should be removed to. This is opposed to a <code>b</code>
|
||||||
|
tag, which defines some presentational changes but does not hide its
|
||||||
|
contents.
|
||||||
|
</p>
|
||||||
|
|
11
library/HTMLPurifier/ConfigSchema/Core.Language.txt
Normal file
11
library/HTMLPurifier/ConfigSchema/Core.Language.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Core.Language
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: 'en'
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
ISO 639 language code for localizable things in HTML Purifier to use,
|
||||||
|
which is mainly error reporting. There is currently only an English (en)
|
||||||
|
translation, so this directive is currently useless.
|
||||||
|
|
||||||
|
|
33
library/HTMLPurifier/ConfigSchema/Core.LexerImpl.txt
Normal file
33
library/HTMLPurifier/ConfigSchema/Core.LexerImpl.txt
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
Core.LexerImpl
|
||||||
|
TYPE: mixed
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This parameter determines what lexer implementation can be used. The
|
||||||
|
valid values are:
|
||||||
|
</p>
|
||||||
|
<dl>
|
||||||
|
<dt><em>null</em></dt>
|
||||||
|
<dd>
|
||||||
|
Recommended, the lexer implementation will be auto-detected based on
|
||||||
|
your PHP-version and configuration.
|
||||||
|
</dd>
|
||||||
|
<dt><em>string</em> lexer identifier</dt>
|
||||||
|
<dd>
|
||||||
|
This is a slim way of manually overridding the implementation.
|
||||||
|
Currently recognized values are: DOMLex (the default PHP5
|
||||||
|
implementation)
|
||||||
|
and DirectLex (the default PHP4 implementation). Only use this if
|
||||||
|
you know what you are doing: usually, the auto-detection will
|
||||||
|
manage things for cases you aren't even aware of.
|
||||||
|
</dd>
|
||||||
|
<dt><em>object</em> lexer instance</dt>
|
||||||
|
<dd>
|
||||||
|
Super-advanced: you can specify your own, custom, implementation that
|
||||||
|
implements the interface defined by <code>HTMLPurifier_Lexer</code>.
|
||||||
|
I may remove this option simply because I don't expect anyone
|
||||||
|
to use it.
|
||||||
|
</dd>
|
||||||
|
</dl>
|
@ -0,0 +1,16 @@
|
|||||||
|
Core.MaintainLineNumbers
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If true, HTML Purifier will add line number information to all tokens.
|
||||||
|
This is useful when error reporting is turned on, but can result in
|
||||||
|
significant performance degradation and should not be used when
|
||||||
|
unnecessary. This directive must be used with the DirectLex lexer,
|
||||||
|
as the DOMLex lexer does not (yet) support this functionality.
|
||||||
|
If the value is null, an appropriate value will be selected based
|
||||||
|
on other configuration.
|
||||||
|
</p>
|
||||||
|
|
12
library/HTMLPurifier/ConfigSchema/Core.RemoveInvalidImg.txt
Normal file
12
library/HTMLPurifier/ConfigSchema/Core.RemoveInvalidImg.txt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
Core.RemoveInvalidImg
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: true
|
||||||
|
VERSION: 1.3.0
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This directive enables pre-emptive URI checking in <code>img</code>
|
||||||
|
tags, as the attribute validation strategy is not authorized to
|
||||||
|
remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
|
||||||
|
</p>
|
||||||
|
|
@ -0,0 +1,11 @@
|
|||||||
|
Core.RemoveScriptContents
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: NULL
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEPRECATED-VERSION: 2.1.0
|
||||||
|
DEPRECATED-USE: %Core.HiddenElements
|
||||||
|
--DESCRIPTION--
|
||||||
|
<p>
|
||||||
|
This directive enables HTML Purifier to remove not only script tags
|
||||||
|
but all of their contents.
|
||||||
|
</p>
|
2
library/HTMLPurifier/ConfigSchema/Core.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/Core.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Core
|
||||||
|
DESCRIPTION: Core features that are always available.
|
@ -0,0 +1,13 @@
|
|||||||
|
Filter.ExtractStyleBlocksEscaping
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 3.0.0
|
||||||
|
DEFAULT: true
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Whether or not to escape the dangerous characters <, > and &
|
||||||
|
as \3C, \3E and \26, respectively. This is can be safely set to false
|
||||||
|
if the contents of StyleBlocks will be placed in an external stylesheet,
|
||||||
|
where there is no risk of it being interpreted as HTML.
|
||||||
|
</p>
|
||||||
|
|
@ -0,0 +1,27 @@
|
|||||||
|
Filter.ExtractStyleBlocksScope
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 3.0.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If you would like users to be able to define external stylesheets, but
|
||||||
|
only allow them to specify CSS declarations for a specific node and
|
||||||
|
prevent them from fiddling with other elements, use this directive.
|
||||||
|
It accepts any valid CSS selector, and will prepend this to any
|
||||||
|
CSS declaration extracted from the document. For example, if this
|
||||||
|
directive is set to <code>#user-content</code> and a user uses the
|
||||||
|
selector <code>a:hover</code>, the final selector will be
|
||||||
|
<code>#user-content a:hover</code>.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
The comma shorthand may be used; consider the above example, with
|
||||||
|
<code>#user-content, #user-content2</code>, the final selector will
|
||||||
|
be <code>#user-content a:hover, #user-content2 a:hover</code>.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<strong>Warning:</strong> It is possible for users to bypass this measure
|
||||||
|
using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML
|
||||||
|
Purifier, and I am working to get it fixed. Until then, HTML Purifier
|
||||||
|
performs a basic check to prevent this.
|
||||||
|
</p>
|
2
library/HTMLPurifier/ConfigSchema/Filter.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/Filter.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Filter
|
||||||
|
DESCRIPTION: Configuration for filters
|
22
library/HTMLPurifier/ConfigSchema/HTML.Allowed.txt
Normal file
22
library/HTMLPurifier/ConfigSchema/HTML.Allowed.txt
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
HTML.Allowed
|
||||||
|
TYPE: itext
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This is a convenience directive that rolls the functionality of
|
||||||
|
%HTML.AllowedElements and %HTML.AllowedAttributes into one directive.
|
||||||
|
Specify elements and attributes that are allowed using:
|
||||||
|
<code>element1[attr1|attr2],element2...</code>. You can also use
|
||||||
|
newlines instead of commas to separate elements.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<strong>Warning</strong>:
|
||||||
|
All of the constraints on the component directives are still enforced.
|
||||||
|
The syntax is a <em>subset</em> of TinyMCE's <code>valid_elements</code>
|
||||||
|
whitelist: directly copy-pasting it here will probably result in
|
||||||
|
broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
|
||||||
|
are set, this directive has no effect.
|
||||||
|
</p>
|
||||||
|
|
19
library/HTMLPurifier/ConfigSchema/HTML.AllowedAttributes.txt
Normal file
19
library/HTMLPurifier/ConfigSchema/HTML.AllowedAttributes.txt
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
HTML.AllowedAttributes
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If HTML Purifier's attribute set is unsatisfactory, overload it!
|
||||||
|
The syntax is "tag.attr" or "*.attr" for the global attributes
|
||||||
|
(style, id, class, dir, lang, xml:lang).
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<strong>Warning:</strong> If another directive conflicts with the
|
||||||
|
elements here, <em>that</em> directive will win and override. For
|
||||||
|
example, %HTML.EnableAttrID will take precedence over *.id in this
|
||||||
|
directive. You must set that directive to true before you can use
|
||||||
|
IDs at all.
|
||||||
|
</p>
|
||||||
|
|
21
library/HTMLPurifier/ConfigSchema/HTML.AllowedElements.txt
Normal file
21
library/HTMLPurifier/ConfigSchema/HTML.AllowedElements.txt
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
HTML.AllowedElements
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If HTML Purifier's tag set is unsatisfactory for your needs, you
|
||||||
|
can overload it with your own list of tags to allow. Note that this
|
||||||
|
method is subtractive: it does its job by taking away from HTML
|
||||||
|
Purifier
|
||||||
|
usual feature set, so you cannot add a tag that HTML Purifier never
|
||||||
|
supported in the first place (like embed, form or head). If you
|
||||||
|
change this, you probably also want to change %HTML.AllowedAttributes.
|
||||||
|
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<strong>Warning:</strong> If another directive conflicts with the
|
||||||
|
elements here, <em>that</em> directive will win and override.
|
||||||
|
</p>
|
||||||
|
|
20
library/HTMLPurifier/ConfigSchema/HTML.AllowedModules.txt
Normal file
20
library/HTMLPurifier/ConfigSchema/HTML.AllowedModules.txt
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
HTML.AllowedModules
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
A doctype comes with a set of usual modules to use. Without having
|
||||||
|
to mucking about with the doctypes, you can quickly activate or
|
||||||
|
disable these modules by specifying which modules you wish to allow
|
||||||
|
with this directive. This is most useful for unit testing specific
|
||||||
|
modules, although end users may find it useful for their own ends.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
If you specify a module that does not exist, the manager will silently
|
||||||
|
fail to use it, so be careful! User-defined modules are not affected
|
||||||
|
by this directive. Modules defined in %HTML.CoreModules are not
|
||||||
|
affected by this directive.
|
||||||
|
</p>
|
||||||
|
|
18
library/HTMLPurifier/ConfigSchema/HTML.BlockWrapper.txt
Normal file
18
library/HTMLPurifier/ConfigSchema/HTML.BlockWrapper.txt
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
HTML.BlockWrapper
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: 'p'
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
String name of element to wrap inline elements that are inside a block
|
||||||
|
context. This only occurs in the children of blockquote in strict mode.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Example: by default value,
|
||||||
|
<code><blockquote>Foo</blockquote></code> would become
|
||||||
|
<code><blockquote><p>Foo</p></blockquote></code>.
|
||||||
|
The <code><p></code> tags can be replaced with whatever you desire,
|
||||||
|
as long as it is a block level element.
|
||||||
|
</p>
|
||||||
|
|
23
library/HTMLPurifier/ConfigSchema/HTML.CoreModules.txt
Normal file
23
library/HTMLPurifier/ConfigSchema/HTML.CoreModules.txt
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
HTML.CoreModules
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 2.0.0
|
||||||
|
--DEFAULT--
|
||||||
|
array (
|
||||||
|
'Structure' => true,
|
||||||
|
'Text' => true,
|
||||||
|
'Hypertext' => true,
|
||||||
|
'List' => true,
|
||||||
|
'NonXMLCommonAttributes' => true,
|
||||||
|
'XMLCommonAttributes' => true,
|
||||||
|
'CommonAttributes' => true,
|
||||||
|
)
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Certain modularized doctypes (XHTML, namely), have certain modules
|
||||||
|
that must be included for the doctype to be an conforming document
|
||||||
|
type: put those modules here. By default, XHTML's core modules
|
||||||
|
are used. You can set this to a blank array to disable core module
|
||||||
|
protection, but this is not recommended.
|
||||||
|
</p>
|
||||||
|
|
10
library/HTMLPurifier/ConfigSchema/HTML.CustomDoctype.txt
Normal file
10
library/HTMLPurifier/ConfigSchema/HTML.CustomDoctype.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
HTML.CustomDoctype
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.0.1
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
A custom doctype for power-users who defined there own document
|
||||||
|
type. This directive only applies when %HTML.Doctype is blank.
|
||||||
|
|
||||||
|
|
33
library/HTMLPurifier/ConfigSchema/HTML.DefinitionID.txt
Normal file
33
library/HTMLPurifier/ConfigSchema/HTML.DefinitionID.txt
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
HTML.DefinitionID
|
||||||
|
TYPE: string
|
||||||
|
DEFAULT: NULL
|
||||||
|
VERSION: 2.0.0
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Unique identifier for a custom-built HTML definition. If you edit
|
||||||
|
the raw version of the HTMLDefinition, introducing changes that the
|
||||||
|
configuration object does not reflect, you must specify this variable.
|
||||||
|
If you change your custom edits, you should change this directive, or
|
||||||
|
clear your cache. Example:
|
||||||
|
</p>
|
||||||
|
<pre>
|
||||||
|
$config = HTMLPurifier_Config::createDefault();
|
||||||
|
$config->set('HTML', 'DefinitionID', '1');
|
||||||
|
$def = $config->getHTMLDefinition();
|
||||||
|
$def->addAttribute('a', 'tabindex', 'Number');
|
||||||
|
</pre>
|
||||||
|
<p>
|
||||||
|
In the above example, the configuration is still at the defaults, but
|
||||||
|
using the advanced API, an extra attribute has been added. The
|
||||||
|
configuration object normally has no way of knowing that this change
|
||||||
|
has taken place, so it needs an extra directive: %HTML.DefinitionID.
|
||||||
|
If someone else attempts to use the default configuration, these two
|
||||||
|
pieces of code will not clobber each other in the cache, since one has
|
||||||
|
an extra directive attached to it.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
You <em>must</em> specify a value to this directive to use the
|
||||||
|
advanced API features.
|
||||||
|
</p>
|
||||||
|
|
16
library/HTMLPurifier/ConfigSchema/HTML.DefinitionRev.txt
Normal file
16
library/HTMLPurifier/ConfigSchema/HTML.DefinitionRev.txt
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
HTML.DefinitionRev
|
||||||
|
TYPE: int
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: 1
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Revision identifier for your custom definition specified in
|
||||||
|
%HTML.DefinitionID. This serves the same purpose: uniquely identifying
|
||||||
|
your custom definition, but this one does so in a chronological
|
||||||
|
context: revision 3 is more up-to-date then revision 2. Thus, when
|
||||||
|
this gets incremented, the cache handling is smart enough to clean
|
||||||
|
up any older revisions of your definition as well as flush the
|
||||||
|
cache.
|
||||||
|
</p>
|
||||||
|
|
10
library/HTMLPurifier/ConfigSchema/HTML.Doctype.txt
Normal file
10
library/HTMLPurifier/ConfigSchema/HTML.Doctype.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
HTML.Doctype
|
||||||
|
TYPE: string
|
||||||
|
DEFAULT: ''
|
||||||
|
--DESCRIPTION--
|
||||||
|
Doctype to use during filtering. Technically speaking this is not actually
|
||||||
|
a doctype (as it does not identify a corresponding DTD), but we are using
|
||||||
|
this name for sake of simplicity. When non-blank, this will override any
|
||||||
|
older directives like %HTML.XHTML or %HTML.Strict.
|
||||||
|
--ALLOWED--
|
||||||
|
'', 'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
|
12
library/HTMLPurifier/ConfigSchema/HTML.Parent.txt
Normal file
12
library/HTMLPurifier/ConfigSchema/HTML.Parent.txt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
HTML.Parent
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: 'div'
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
String name of element that HTML fragment passed to library will be
|
||||||
|
inserted in. An interesting variation would be using span as the
|
||||||
|
parent element, meaning that only inline tags would be allowed.
|
||||||
|
</p>
|
||||||
|
|
7
library/HTMLPurifier/ConfigSchema/HTML.Strict.txt
Normal file
7
library/HTMLPurifier/ConfigSchema/HTML.Strict.txt
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
HTML.Strict
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
Determines whether or not to use Transitional (loose) or Strict rulesets.
|
||||||
|
This directive is deprecated in favor of %HTML.Doctype.
|
8
library/HTMLPurifier/ConfigSchema/HTML.TidyAdd.txt
Normal file
8
library/HTMLPurifier/ConfigSchema/HTML.TidyAdd.txt
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
HTML.TidyAdd
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: array()
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
Fixes to add to the default set of Tidy fixes as per your level.
|
||||||
|
|
23
library/HTMLPurifier/ConfigSchema/HTML.TidyLevel.txt
Normal file
23
library/HTMLPurifier/ConfigSchema/HTML.TidyLevel.txt
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
HTML.TidyLevel
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: 'medium'
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>General level of cleanliness the Tidy module should enforce.
|
||||||
|
There are four allowed values:</p>
|
||||||
|
<dl>
|
||||||
|
<dt>none</dt>
|
||||||
|
<dd>No extra tidying should be done</dd>
|
||||||
|
<dt>light</dt>
|
||||||
|
<dd>Only fix elements that would be discarded otherwise due to
|
||||||
|
lack of support in doctype</dd>
|
||||||
|
<dt>medium</dt>
|
||||||
|
<dd>Enforce best practices</dd>
|
||||||
|
<dt>heavy</dt>
|
||||||
|
<dd>Transform all deprecated elements and attributes to standards
|
||||||
|
compliant equivalents</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
|
--ALLOWED--
|
||||||
|
'none', 'light', 'medium', 'heavy'
|
8
library/HTMLPurifier/ConfigSchema/HTML.TidyRemove.txt
Normal file
8
library/HTMLPurifier/ConfigSchema/HTML.TidyRemove.txt
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
HTML.TidyRemove
|
||||||
|
TYPE: lookup
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: array()
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
Fixes to remove from the default set of Tidy fixes as per your level.
|
||||||
|
|
7
library/HTMLPurifier/ConfigSchema/HTML.Trusted.txt
Normal file
7
library/HTMLPurifier/ConfigSchema/HTML.Trusted.txt
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
HTML.Trusted
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
Indicates whether or not the user input is trusted or not. If the input is
|
||||||
|
trusted, a more expansive set of allowed tags and attributes will be used.
|
9
library/HTMLPurifier/ConfigSchema/HTML.XHTML.txt
Normal file
9
library/HTMLPurifier/ConfigSchema/HTML.XHTML.txt
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
HTML.XHTML
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: true
|
||||||
|
VERSION: 1.1.0
|
||||||
|
--DESCRIPTION--
|
||||||
|
Determines whether or not output is XHTML 1.0 or HTML 4.01 flavor. This
|
||||||
|
directive is deprecated in favor of %HTML.Doctype.
|
||||||
|
--ALIASES--
|
||||||
|
Core.XHTML
|
2
library/HTMLPurifier/ConfigSchema/HTML.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/HTML.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
HTML
|
||||||
|
DESCRIPTION: Configuration regarding allowed HTML.
|
@ -0,0 +1,9 @@
|
|||||||
|
Output.CommentScriptContents
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.0.0
|
||||||
|
DEFAULT: true
|
||||||
|
--DESCRIPTION--
|
||||||
|
Determines whether or not HTML Purifier should attempt to fix up the
|
||||||
|
contents of script tags for legacy browsers with comments.
|
||||||
|
--ALIASES--
|
||||||
|
Core.CommentScriptContents
|
13
library/HTMLPurifier/ConfigSchema/Output.Newline.txt
Normal file
13
library/HTMLPurifier/ConfigSchema/Output.Newline.txt
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Output.Newline
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.0.1
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Newline string to format final output with. If left null, HTML Purifier
|
||||||
|
will auto-detect the default newline type of the system and use that;
|
||||||
|
you can manually override it here. Remember, \r\n is Windows, \r
|
||||||
|
is Mac, and \n is Unix.
|
||||||
|
</p>
|
||||||
|
|
24
library/HTMLPurifier/ConfigSchema/Output.TidyFormat.txt
Normal file
24
library/HTMLPurifier/ConfigSchema/Output.TidyFormat.txt
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Output.TidyFormat
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 1.1.1
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
<p>
|
||||||
|
Determines whether or not to run Tidy on the final output for pretty
|
||||||
|
formatting reasons, such as indentation and wrap.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
This can greatly improve readability for editors who are hand-editing
|
||||||
|
the HTML, but is by no means necessary as HTML Purifier has already
|
||||||
|
fixed all major errors the HTML may have had. Tidy is a non-default
|
||||||
|
extension, and this directive will silently fail if Tidy is not
|
||||||
|
available.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
If you are looking to make the overall look of your page's source
|
||||||
|
better, I recommend running Tidy on the entire page rather than just
|
||||||
|
user-content (after all, the indentation relative to the containing
|
||||||
|
blocks will be incorrect).
|
||||||
|
</p>
|
||||||
|
--ALIASES--
|
||||||
|
Core.TidyFormat
|
2
library/HTMLPurifier/ConfigSchema/Output.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/Output.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Output
|
||||||
|
DESCRIPTION: Configuration relating to the generation of (X)HTML.
|
6
library/HTMLPurifier/ConfigSchema/Test.ForceNoIconv.txt
Normal file
6
library/HTMLPurifier/ConfigSchema/Test.ForceNoIconv.txt
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
Test.ForceNoIconv
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
When set to true, HTMLPurifier_Encoder will act as if iconv does not exist
|
||||||
|
and use only pure PHP implementations.
|
2
library/HTMLPurifier/ConfigSchema/Test.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/Test.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Test
|
||||||
|
DESCRIPTION: Developer testing configuration for our unit tests.
|
14
library/HTMLPurifier/ConfigSchema/URI.AllowedSchemes.txt
Normal file
14
library/HTMLPurifier/ConfigSchema/URI.AllowedSchemes.txt
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
URI.AllowedSchemes
|
||||||
|
TYPE: lookup
|
||||||
|
--DEFAULT--
|
||||||
|
array (
|
||||||
|
'http' => true,
|
||||||
|
'https' => true,
|
||||||
|
'mailto' => true,
|
||||||
|
'ftp' => true,
|
||||||
|
'nntp' => true,
|
||||||
|
'news' => true,
|
||||||
|
)
|
||||||
|
--DESCRIPTION--
|
||||||
|
Whitelist that defines the schemes that a URI is allowed to have. This
|
||||||
|
prevents XSS attacks from using pseudo-schemes like javascript or mocha.
|
17
library/HTMLPurifier/ConfigSchema/URI.Base.txt
Normal file
17
library/HTMLPurifier/ConfigSchema/URI.Base.txt
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
URI.Base
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.1.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
The base URI is the URI of the document this purified HTML will be
|
||||||
|
inserted into. This information is important if HTML Purifier needs
|
||||||
|
to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute
|
||||||
|
is on. You may use a non-absolute URI for this value, but behavior
|
||||||
|
may vary (%URI.MakeAbsolute deals nicely with both absolute and
|
||||||
|
relative paths, but forwards-compatibility is not guaranteed).
|
||||||
|
<strong>Warning:</strong> If set, the scheme on this URI
|
||||||
|
overrides the one specified by %URI.DefaultScheme.
|
||||||
|
</p>
|
||||||
|
|
10
library/HTMLPurifier/ConfigSchema/URI.DefaultScheme.txt
Normal file
10
library/HTMLPurifier/ConfigSchema/URI.DefaultScheme.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
URI.DefaultScheme
|
||||||
|
TYPE: string
|
||||||
|
DEFAULT: 'http'
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Defines through what scheme the output will be served, in order to
|
||||||
|
select the proper object validator when no scheme information is present.
|
||||||
|
</p>
|
||||||
|
|
11
library/HTMLPurifier/ConfigSchema/URI.DefinitionID.txt
Normal file
11
library/HTMLPurifier/ConfigSchema/URI.DefinitionID.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
URI.DefinitionID
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 2.1.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Unique identifier for a custom-built URI definition. If you want
|
||||||
|
to add custom URIFilters, you must specify this value.
|
||||||
|
</p>
|
||||||
|
|
11
library/HTMLPurifier/ConfigSchema/URI.DefinitionRev.txt
Normal file
11
library/HTMLPurifier/ConfigSchema/URI.DefinitionRev.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
URI.DefinitionRev
|
||||||
|
TYPE: int
|
||||||
|
VERSION: 2.1.0
|
||||||
|
DEFAULT: 1
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Revision identifier for your custom definition. See
|
||||||
|
%HTML.DefinitionRev for details.
|
||||||
|
</p>
|
||||||
|
|
13
library/HTMLPurifier/ConfigSchema/URI.Disable.txt
Normal file
13
library/HTMLPurifier/ConfigSchema/URI.Disable.txt
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
URI.Disable
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Disables all URIs in all forms. Not sure why you'd want to do that
|
||||||
|
(after all, the Internet's founded on the notion of a hyperlink).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
--ALIASES--
|
||||||
|
Attr.DisableURI
|
10
library/HTMLPurifier/ConfigSchema/URI.DisableExternal.txt
Normal file
10
library/HTMLPurifier/ConfigSchema/URI.DisableExternal.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
URI.DisableExternal
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 1.2.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
Disables links to external websites. This is a highly effective anti-spam
|
||||||
|
and anti-pagerank-leech measure, but comes at a hefty price: nolinks or
|
||||||
|
images outside of your domain will be allowed. Non-linkified URIs will
|
||||||
|
still be preserved. If you want to be able to link to subdomains or use
|
||||||
|
absolute URIs, specify %URI.Host for your website.
|
@ -0,0 +1,12 @@
|
|||||||
|
URI.DisableExternalResources
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
Disables the embedding of external resources, preventing users from
|
||||||
|
embedding things like images from other hosts. This prevents access
|
||||||
|
tracking (good for email viewers), bandwidth leeching, cross-site request
|
||||||
|
forging, goatse.cx posting, and other nasties, but also results in a loss
|
||||||
|
of end-user functionality (they can't directly post a pic they posted from
|
||||||
|
Flickr anymore). Use it if you don't have a robust user-content moderation
|
||||||
|
team.
|
12
library/HTMLPurifier/ConfigSchema/URI.DisableResources.txt
Normal file
12
library/HTMLPurifier/ConfigSchema/URI.DisableResources.txt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
URI.DisableResources
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Disables embedding resources, essentially meaning no pictures. You can
|
||||||
|
still link to them though. See %URI.DisableExternalResources for why
|
||||||
|
this might be a good idea.
|
||||||
|
</p>
|
||||||
|
|
19
library/HTMLPurifier/ConfigSchema/URI.Host.txt
Normal file
19
library/HTMLPurifier/ConfigSchema/URI.Host.txt
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
URI.Host
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 1.2.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Defines the domain name of the server, so we can determine whether or
|
||||||
|
an absolute URI is from your website or not. Not strictly necessary,
|
||||||
|
as users should be using relative URIs to reference resources on your
|
||||||
|
website. It will, however, let you use absolute URIs to link to
|
||||||
|
subdomains of the domain you post here: i.e. example.com will allow
|
||||||
|
sub.example.com. However, higher up domains will still be excluded:
|
||||||
|
if you set %URI.Host to sub.example.com, example.com will be blocked.
|
||||||
|
<strong>Note:</strong> This directive overrides %URI.Base because
|
||||||
|
a given page may be on a sub-domain, but you wish HTML Purifier to be
|
||||||
|
more relaxed and allow some of the parent domains too.
|
||||||
|
</p>
|
||||||
|
|
8
library/HTMLPurifier/ConfigSchema/URI.HostBlacklist.txt
Normal file
8
library/HTMLPurifier/ConfigSchema/URI.HostBlacklist.txt
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
URI.HostBlacklist
|
||||||
|
TYPE: list
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: array()
|
||||||
|
--DESCRIPTION--
|
||||||
|
List of strings that are forbidden in the host of any URI. Use it to kill
|
||||||
|
domain names of spam, etc. Note that it will catch anything in the domain,
|
||||||
|
so <tt>moo.com</tt> will catch <tt>moo.com.example.com</tt>.
|
12
library/HTMLPurifier/ConfigSchema/URI.MakeAbsolute.txt
Normal file
12
library/HTMLPurifier/ConfigSchema/URI.MakeAbsolute.txt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
URI.MakeAbsolute
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 2.1.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Converts all URIs into absolute forms. This is useful when the HTML
|
||||||
|
being filtered assumes a specific base path, but will actually be
|
||||||
|
viewed in a different context (and setting an alternate base URI is
|
||||||
|
not possible). %URI.Base must be set for this directive to work.
|
||||||
|
</p>
|
31
library/HTMLPurifier/ConfigSchema/URI.Munge.txt
Normal file
31
library/HTMLPurifier/ConfigSchema/URI.Munge.txt
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
URI.Munge
|
||||||
|
TYPE: string
|
||||||
|
VERSION: 1.3.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Munges all browsable (usually http, https and ftp)
|
||||||
|
absolute URI's into another URI, usually a URI redirection service.
|
||||||
|
This directive accepts a URI, formatted with a <code>%s</code> where
|
||||||
|
the url-encoded original URI should be inserted (sample:
|
||||||
|
<code>http://www.google.com/url?q=%s</code>).
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Uses for this directive:
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
Prevent PageRank leaks, while being fairly transparent
|
||||||
|
to users (you may also want to add some client side JavaScript to
|
||||||
|
override the text in the statusbar). <strong>Notice</strong>:
|
||||||
|
Many security experts believe that this form of protection does
|
||||||
|
not deter spam-bots.
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
Redirect users to a splash page telling them they are leaving your
|
||||||
|
website. While this is poor usability practice, it is often
|
||||||
|
mandated
|
||||||
|
in corporate environments.
|
||||||
|
</li>
|
||||||
|
</ul>
|
@ -0,0 +1,8 @@
|
|||||||
|
URI.OverrideAllowedSchemes
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: true
|
||||||
|
--DESCRIPTION--
|
||||||
|
If this is set to true (which it is by default), you can override
|
||||||
|
%URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme to the
|
||||||
|
registry. If false, you will also have to update that directive in order
|
||||||
|
to add more schemes.
|
2
library/HTMLPurifier/ConfigSchema/URI.txt
Normal file
2
library/HTMLPurifier/ConfigSchema/URI.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
URI
|
||||||
|
DESCRIPTION: Features regarding Uniform Resource Identifiers.
|
@ -28,12 +28,12 @@ require_once 'HTMLPurifier/Filter/ExtractStyleBlocks.php';
|
|||||||
*/
|
*/
|
||||||
function saveHash($hash) {
|
function saveHash($hash) {
|
||||||
if ($hash === false) return;
|
if ($hash === false) return;
|
||||||
$dir = realpath(dirname(__FILE__) . '/../library/HTMLPurifier/ConfigSchema/');
|
$dir = realpath(dirname(__FILE__) . '/../library/HTMLPurifier/ConfigSchema');
|
||||||
$name = $hash['ID'] . '.txt';
|
$name = $hash['ID'] . '.txt';
|
||||||
$file = $dir . $name;
|
$file = $dir . '/' . $name;
|
||||||
if (file_exists($file)) {
|
if (file_exists($file)) {
|
||||||
//trigger_error("File already exists; skipped $name");
|
trigger_error("File already exists; skipped $name");
|
||||||
//return;
|
return;
|
||||||
}
|
}
|
||||||
$file = new FSTools_File($file);
|
$file = new FSTools_File($file);
|
||||||
$file->open('w');
|
$file->open('w');
|
||||||
|
Loading…
Reference in New Issue
Block a user