diff --git a/NEWS b/NEWS
index 3e9bada3..04a7fa9e 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
when %CSS.Trusted is on.
! Add %Cache.SerializerPermissions option for custom serializer
directory/file permissions
+! Fix longstanding bug in Flash support for non-IE browsers, and
+ allow more wmode attributes.
- Switch to an iterative traversal of the DOM, which prevents us
from running out of stack space for deeply nested documents.
Thanks Maxim Krizhanovsky for contributing a patch.
diff --git a/configdoc/usage.xml b/configdoc/usage.xml
index e962ca96..a401a9ee 100644
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@@ -367,7 +367,7 @@
- 37
+ 38
diff --git a/library/HTMLPurifier/AttrTransform/SafeParam.php b/library/HTMLPurifier/AttrTransform/SafeParam.php
index d378c4f5..bd86a745 100644
--- a/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/library/HTMLPurifier/AttrTransform/SafeParam.php
@@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
public function __construct() {
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+ $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
}
public function transform($attr, $config, $context) {
@@ -41,7 +42,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
}
break;
case 'wmode':
- $attr['value'] = 'window';
+ $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
break;
case 'movie':
case 'src':
diff --git a/library/HTMLPurifier/Generator.php b/library/HTMLPurifier/Generator.php
index e6221db7..5e589315 100644
--- a/library/HTMLPurifier/Generator.php
+++ b/library/HTMLPurifier/Generator.php
@@ -132,19 +132,7 @@ class HTMLPurifier_Generator
$_extra = '';
if ($this->_flashCompat) {
if ($token->name == "object" && !empty($this->_flashStack)) {
- $flash = array_pop($this->_flashStack);
- $compat_token = new HTMLPurifier_Token_Empty("embed");
- foreach ($flash->attr as $name => $val) {
- if ($name == "classid") continue;
- if ($name == "type") continue;
- if ($name == "data") $name = "src";
- $compat_token->attr[$name] = $val;
- }
- foreach ($flash->param as $name => $val) {
- if ($name == "movie") $name = "src";
- $compat_token->attr[$name] = $val;
- }
- $_extra = "";
+ // doesn't do anything for now
}
}
return $_extra . '' . $token->name . '>';
diff --git a/library/HTMLPurifier/HTMLModule/SafeEmbed.php b/library/HTMLPurifier/HTMLModule/SafeEmbed.php
index ea256716..9f3758a3 100644
--- a/library/HTMLPurifier/HTMLModule/SafeEmbed.php
+++ b/library/HTMLPurifier/HTMLModule/SafeEmbed.php
@@ -21,7 +21,7 @@ class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
'allowscriptaccess' => 'Enum#never',
'allownetworking' => 'Enum#internal',
'flashvars' => 'Text',
- 'wmode' => 'Enum#window',
+ 'wmode' => 'Enum#window,transparent,opaque',
'name' => 'ID',
)
);
diff --git a/library/HTMLPurifier/HTMLModule/SafeObject.php b/library/HTMLPurifier/HTMLModule/SafeObject.php
index 64ab8c07..00da342e 100644
--- a/library/HTMLPurifier/HTMLModule/SafeObject.php
+++ b/library/HTMLPurifier/HTMLModule/SafeObject.php
@@ -29,7 +29,6 @@ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
'width' => 'Pixels#' . $max,
'height' => 'Pixels#' . $max,
'data' => 'URI#embedded',
- 'classid' => 'Enum#clsid:d27cdb6e-ae6d-11cf-96b8-444553540000',
'codebase' => new HTMLPurifier_AttrDef_Enum(array(
'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
)
diff --git a/smoketests/preserveYouTube.php b/smoketests/preserveYouTube.php
index d114dbe8..1dfa85cb 100644
--- a/smoketests/preserveYouTube.php
+++ b/smoketests/preserveYouTube.php
@@ -22,6 +22,23 @@ $string = '
+
+
';
$regular_purifier = new HTMLPurifier();
diff --git a/tests/HTMLPurifier/HTMLT/double-youtube.htmlt b/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
index dd22b18b..a46ce473 100644
--- a/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
+++ b/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
@@ -2,5 +2,5 @@
HTML.SafeObject = true
Output.FlashCompat = true
--HTML--
-
+
--# vim: et sw=4 sts=4