mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-20 03:05:18 +00:00
Code Releases Activity
4164b2eb2b
htmlpurifier/library/HTMLPurifier
History
Bradley M. Froehle 4164b2eb2b Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 
The purpose of this addition is twofold. In trusted mode, iframes are
now unconditionally allowed.

However, many online video providers (YouTube, Vimeo) and other web
applications (Google Maps, Google Calendar, etc) provide embed code in
iframe format, which is useful functionality in untrusted mode.
You can specify iframes as trusted elements with %HTML.SafeIframe;
however, you need to additionally specify a whitelist mechanism such as
%URI.SafeIframeRegexp to say what iframe embeds are OK (by default
everything is rejected).

Note: As iframes are invalid in strict doctypes, you will not be able to
use them there.

We also added an always_load parameter to URIFilters in order to support
the strange nature of the SafeIframe URIFilter (it always needs to be
loaded, due to the inability of accessing the %HTML.SafeIframe directive
to see if it's needed!)  We expect this URIFilter can expand in the future
to offer more complex validation mechanisms.

Signed-off-by: Bradley M. Froehle <brad.froehle@gmail.com>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-12-26 21:50:53 +08:00
..
AttrDef Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
AttrTransform Implement %HTML.TargetBlank 2011-12-26 08:36:00 +08:00
ChildDef Fix broken table content model, easily seen in XHTML1.1 2011-12-26 14:49:26 +08:00
ConfigSchema Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
DefinitionCache Add new Cache.SerializerPermissions option. 2011-01-13 22:57:40 +00:00
EntityLookup Fix missing numeric entities (shows up when DirectLexing). 2011-02-27 11:58:37 +00:00
Filter Support YouTube slideshow embedding. 2010-03-07 18:57:22 -05:00
HTMLModule Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
Injector Implement HTML.FlashAllowFullScreen. 2010-09-08 23:39:20 -04:00
Language Emit errors when body is extracted. 2010-05-04 13:41:09 -04:00
Lexer Iterative traversal of DOM. 2011-01-19 22:06:40 +00:00
Printer Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Strategy Implement %HTML.AllowedComments and %HTML.AllowedCommentsRegexp 2011-12-26 15:34:42 +08:00
TagTransform Fix E_NOTICE from indexing into empty string. 2011-03-17 17:33:11 +00:00
Token Fix removal of id with DirectLex by preserving armor. 2010-10-28 17:25:31 +01:00
URIFilter Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
URIScheme URI.Munge munges https to http URIs. 2011-04-10 13:09:24 +01:00
VarParser Add documentation about configuration directive types. 2010-09-04 02:28:53 -04:00
AttrCollections.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AttrDef.php Rewrite CSS url() and font-family output logic. 2010-05-31 18:45:21 -07:00
AttrTransform.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AttrTypes.php Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses. 2009-05-25 22:08:45 -04:00
AttrValidator.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Bootstrap.php Fix bad interaction between bootstrap autoloader and Zend Debugger/APC. 2010-12-31 09:48:28 +00:00
ChildDef.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
Config.php Don't unset parser variable; plays poorly with serialize. 2011-12-18 13:27:51 -05:00
ConfigSchema.php Check if schema.ser was corrupted. 2010-10-29 14:47:40 +01:00
ContentSets.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Context.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSSDefinition.php Add initial implementation of CSS.Trusted. 2010-11-12 18:45:03 +00:00
Definition.php Fix two bugs with caching of customized raw definitions. 2010-12-30 23:51:53 +00:00
DefinitionCache.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
DefinitionCacheFactory.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Doctype.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
DoctypeRegistry.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
ElementDef.php Handle <ol><ol> properly by adding missing <li> tag. 2010-03-10 00:58:37 -05:00
Encoder.php Core.EscapeNonASCIICharacters now always works, even if target is UTF-8. 2011-12-25 23:31:15 +08:00
EntityLookup.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
EntityParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
ErrorCollector.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
ErrorStruct.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Exception.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Filter.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Generator.php Fix Internet Explorer innerHTML bug. 2011-03-27 11:50:52 +01:00
HTMLDefinition.php Explicitly initialize anonModule to null. 2011-04-19 22:46:17 +01:00
HTMLModule.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTMLModuleManager.php Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
IDAccumulator.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Injector.php Fix allowsElement() bug manifesting in LinkifyTest. 2009-06-10 18:11:34 -04:00
Language.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
LanguageFactory.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Length.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Lexer.php Escape CDATA before handling conditional comments. 2010-09-28 12:11:26 -04:00
PercentEncoder.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Printer.php Fix CSSDefinition Printer problems with important decorator. 2009-02-15 14:11:22 -05:00
PropertyList.php Convert HTMLPurifier_Config to use property list backend. 2009-02-02 18:42:23 -05:00
PropertyListIterator.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Strategy.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
StringHash.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
StringHashParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
TagTransform.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Token.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
TokenFactory.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
UnitConverter.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.php Add isBenign and getDefaultScheme methods. 2011-12-25 23:31:15 +08:00
URIDefinition.php Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
URIFilter.php Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
URIParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URIScheme.php URI.Munge munges https to http URIs. 2011-04-10 13:09:24 +01:00
URISchemeRegistry.php Remove PHP4 cruft from URISchemeRegistry. 2009-05-13 16:14:57 -04:00
VarParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
VarParserException.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00