mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-09-18 18:25:18 +00:00
Fix embedding flash on non-IE browsers and allow more wmode.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
parent
a3d71fe606
commit
a32d5b52e1
2
NEWS
2
NEWS
@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
when %CSS.Trusted is on.
|
when %CSS.Trusted is on.
|
||||||
! Add %Cache.SerializerPermissions option for custom serializer
|
! Add %Cache.SerializerPermissions option for custom serializer
|
||||||
directory/file permissions
|
directory/file permissions
|
||||||
|
! Fix longstanding bug in Flash support for non-IE browsers, and
|
||||||
|
allow more wmode attributes.
|
||||||
- Switch to an iterative traversal of the DOM, which prevents us
|
- Switch to an iterative traversal of the DOM, which prevents us
|
||||||
from running out of stack space for deeply nested documents.
|
from running out of stack space for deeply nested documents.
|
||||||
Thanks Maxim Krizhanovsky for contributing a patch.
|
Thanks Maxim Krizhanovsky for contributing a patch.
|
||||||
|
|||||||
@ -367,7 +367,7 @@
|
|||||||
</directive>
|
</directive>
|
||||||
<directive id="HTML.FlashAllowFullScreen">
|
<directive id="HTML.FlashAllowFullScreen">
|
||||||
<file name="HTMLPurifier/AttrTransform/SafeParam.php">
|
<file name="HTMLPurifier/AttrTransform/SafeParam.php">
|
||||||
<line>37</line>
|
<line>38</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="Core.EscapeInvalidChildren">
|
<directive id="Core.EscapeInvalidChildren">
|
||||||
|
|||||||
@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
|||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
|
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
|
||||||
|
$this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function transform($attr, $config, $context) {
|
public function transform($attr, $config, $context) {
|
||||||
@ -41,7 +42,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'wmode':
|
case 'wmode':
|
||||||
$attr['value'] = 'window';
|
$attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
|
||||||
break;
|
break;
|
||||||
case 'movie':
|
case 'movie':
|
||||||
case 'src':
|
case 'src':
|
||||||
|
|||||||
@ -132,19 +132,7 @@ class HTMLPurifier_Generator
|
|||||||
$_extra = '';
|
$_extra = '';
|
||||||
if ($this->_flashCompat) {
|
if ($this->_flashCompat) {
|
||||||
if ($token->name == "object" && !empty($this->_flashStack)) {
|
if ($token->name == "object" && !empty($this->_flashStack)) {
|
||||||
$flash = array_pop($this->_flashStack);
|
// doesn't do anything for now
|
||||||
$compat_token = new HTMLPurifier_Token_Empty("embed");
|
|
||||||
foreach ($flash->attr as $name => $val) {
|
|
||||||
if ($name == "classid") continue;
|
|
||||||
if ($name == "type") continue;
|
|
||||||
if ($name == "data") $name = "src";
|
|
||||||
$compat_token->attr[$name] = $val;
|
|
||||||
}
|
|
||||||
foreach ($flash->param as $name => $val) {
|
|
||||||
if ($name == "movie") $name = "src";
|
|
||||||
$compat_token->attr[$name] = $val;
|
|
||||||
}
|
|
||||||
$_extra = "<!--[if IE]>".$this->generateFromToken($compat_token)."<![endif]-->";
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $_extra . '</' . $token->name . '>';
|
return $_extra . '</' . $token->name . '>';
|
||||||
|
|||||||
@ -21,7 +21,7 @@ class HTMLPurifier_HTMLModule_SafeEmbed extends HTMLPurifier_HTMLModule
|
|||||||
'allowscriptaccess' => 'Enum#never',
|
'allowscriptaccess' => 'Enum#never',
|
||||||
'allownetworking' => 'Enum#internal',
|
'allownetworking' => 'Enum#internal',
|
||||||
'flashvars' => 'Text',
|
'flashvars' => 'Text',
|
||||||
'wmode' => 'Enum#window',
|
'wmode' => 'Enum#window,transparent,opaque',
|
||||||
'name' => 'ID',
|
'name' => 'ID',
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|||||||
@ -29,7 +29,6 @@ class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
|
|||||||
'width' => 'Pixels#' . $max,
|
'width' => 'Pixels#' . $max,
|
||||||
'height' => 'Pixels#' . $max,
|
'height' => 'Pixels#' . $max,
|
||||||
'data' => 'URI#embedded',
|
'data' => 'URI#embedded',
|
||||||
'classid' => 'Enum#clsid:d27cdb6e-ae6d-11cf-96b8-444553540000',
|
|
||||||
'codebase' => new HTMLPurifier_AttrDef_Enum(array(
|
'codebase' => new HTMLPurifier_AttrDef_Enum(array(
|
||||||
'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
|
'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
|
||||||
)
|
)
|
||||||
|
|||||||
@ -22,6 +22,23 @@ $string = '<object width="425" height="350"><param name="movie" value="http://ww
|
|||||||
<object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>
|
<object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>
|
||||||
|
|
||||||
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="385" width="480"><param name="width" value="480" /><param name="height" value="385" /><param name="src" value="http://www.youtube.com/p/E37ADDDFCA0FD050&hl=en" /><embed height="385" src="http://www.youtube.com/p/E37ADDDFCA0FD050&hl=en" type="application/x-shockwave-flash" width="480"></embed></object>
|
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="385" width="480"><param name="width" value="480" /><param name="height" value="385" /><param name="src" value="http://www.youtube.com/p/E37ADDDFCA0FD050&hl=en" /><embed height="385" src="http://www.youtube.com/p/E37ADDDFCA0FD050&hl=en" type="application/x-shockwave-flash" width="480"></embed></object>
|
||||||
|
|
||||||
|
<object
|
||||||
|
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
|
||||||
|
id="ooyalaPlayer_229z0_gbps1mrs" width="630" height="354"
|
||||||
|
codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param
|
||||||
|
name="movie" value="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
|
||||||
|
/><param name="bgcolor" value="#000000" /><param
|
||||||
|
name="allowScriptAccess" value="always" /><param
|
||||||
|
name="allowFullScreen" value="true" /><param name="flashvars"
|
||||||
|
value="embedType=noscriptObjectTag&embedCode=pteGRrMTpcKMyQ052c8NwYZ5M5FdSV3j"
|
||||||
|
/><embed src="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
|
||||||
|
bgcolor="#000000" width="630" height="354"
|
||||||
|
name="ooyalaPlayer_229z0_gbps1mrs" align="middle" play="true"
|
||||||
|
loop="false" allowscriptaccess="always" allowfullscreen="true"
|
||||||
|
type="application/x-shockwave-flash"
|
||||||
|
flashvars="&embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za"
|
||||||
|
pluginspage="http://www.adobe.com/go/getflashplayer"></embed></object>
|
||||||
';
|
';
|
||||||
|
|
||||||
$regular_purifier = new HTMLPurifier();
|
$regular_purifier = new HTMLPurifier();
|
||||||
|
|||||||
@ -2,5 +2,5 @@
|
|||||||
HTML.SafeObject = true
|
HTML.SafeObject = true
|
||||||
Output.FlashCompat = true
|
Output.FlashCompat = true
|
||||||
--HTML--
|
--HTML--
|
||||||
<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /><!--[if IE]><embed width="425" height="350" src="http://www.youtube.com/v/BdU--T8rLns" allowScriptAccess="never" allowNetworking="internal" wmode="window" /><![endif]--></object>
|
<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /></object>
|
||||||
--# vim: et sw=4 sts=4
|
--# vim: et sw=4 sts=4
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user