http://www.google.com/url?q=%s). '. 'This prevents PageRank leaks, while being as transparent as possible '. 'to users (you may also want to add some client side JavaScript to '. 'override the text in the statusbar). Warning: many security experts '. 'believe that this form of protection does not deter spam-bots. '. 'You can also use this directive to redirect users to a splash page '. 'telling them they are leaving your website. '. 'This directive has been available since 1.3.0.' ); HTMLPurifier_ConfigSchema::define( 'URI', 'Disable', false, 'bool', 'Disables all URIs in all forms. Not sure why you\'d want to do that '. '(after all, the Internet\'s founded on the notion of a hyperlink). '. 'This directive has been available since 1.3.0.' ); HTMLPurifier_ConfigSchema::defineAlias('Attr', 'DisableURI', 'URI', 'Disable'); /** * Validates a URI as defined by RFC 3986. * @note Scheme-specific mechanics deferred to HTMLPurifier_URIScheme */ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef { var $parser, $percentEncoder; var $embedsResource; /** * @param $embeds_resource_resource Does the URI here result in an extra HTTP request? */ function HTMLPurifier_AttrDef_URI($embeds_resource = false) { $this->parser = new HTMLPurifier_URIParser(); $this->percentEncoder = new HTMLPurifier_PercentEncoder(); $this->embedsResource = (bool) $embeds_resource; } function validate($uri, $config, &$context) { if ($config->get('URI', 'Disable')) return false; // initial operations $uri = $this->parseCDATA($uri); $uri = $this->percentEncoder->normalize($uri); // parse the URI $uri = $this->parser->parse($uri); if ($uri === false) return false; // add embedded flag to context for validators $context->register('EmbeddedURI', $this->embedsResource); $ok = false; do { // generic validation $result = $uri->validate($config, $context); if (!$result) break; // chained validation $uri_def =& $config->getDefinition('URI'); $result = $uri_def->filter($uri, $config, $context); if (!$result) break; // scheme-specific validation $scheme_obj = $uri->getSchemeObj($config, $context); if (!$scheme_obj) break; if ($this->embedsResource && !$scheme_obj->browsable) break; $result = $scheme_obj->validate($uri, $config, $context); if (!$result) break; // survived gauntlet $ok = true; } while (false); $context->destroy('EmbeddedURI'); if (!$ok) return false; // munge scheme off if necessary (this must be last) if (!is_null($uri->scheme) && is_null($uri->host)) { if ($config->get('URI', 'DefaultScheme') == $uri->scheme) { $uri->scheme = null; } } // back to string $result = $uri->toString(); // munge entire URI if necessary if ( !is_null($uri->host) && // indicator for authority !empty($scheme_obj->browsable) && !is_null($munge = $config->get('URI', 'Munge')) ) { $result = str_replace('%s', rawurlencode($result), $munge); } return $result; } }