uri = new HTMLPurifier_AttrDef_URI(true); // embedded } function transform($attr, $config, $context) { // If we add support for other objects, we'll need to alter the // transforms. switch ($attr['name']) { // application/x-shockwave-flash // Keep this synchronized with Injector/SafeObject.php case 'allowScriptAccess': $attr['value'] = 'never'; break; case 'allowNetworking': $attr['value'] = 'internal'; break; case 'wmode': $attr['value'] = 'window'; break; case 'movie': $attr['value'] = $this->uri->validate($attr['value'], $config, $context); break; // add other cases to support other param name/value pairs default: $attr['name'] = $attr['value'] = null; } return $attr; } }