0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 00:41:52 +00:00
htmlpurifier/library/HTMLPurifier/HTMLModule
Bradley M. Froehle 4164b2eb2b Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage.
The purpose of this addition is twofold. In trusted mode, iframes are
now unconditionally allowed.

However, many online video providers (YouTube, Vimeo) and other web
applications (Google Maps, Google Calendar, etc) provide embed code in
iframe format, which is useful functionality in untrusted mode.
You can specify iframes as trusted elements with %HTML.SafeIframe;
however, you need to additionally specify a whitelist mechanism such as
%URI.SafeIframeRegexp to say what iframe embeds are OK (by default
everything is rejected).

Note: As iframes are invalid in strict doctypes, you will not be able to
use them there.

We also added an always_load parameter to URIFilters in order to support
the strange nature of the SafeIframe URIFilter (it always needs to be
loaded, due to the inability of accessing the %HTML.SafeIframe directive
to see if it's needed!)  We expect this URIFilter can expand in the future
to offer more complex validation mechanisms.

Signed-off-by: Bradley M. Froehle <brad.froehle@gmail.com>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-12-26 21:50:53 +08:00
..
Tidy Support proprietary height attribute on table. 2009-08-27 20:17:24 -04:00
Bdo.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CommonAttributes.php Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses. 2009-05-25 22:08:45 -04:00
Edit.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Forms.php Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
Hypertext.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
Iframe.php Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
Image.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Legacy.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
List.php Properly handle nested sublists by folding into previous list item. 2011-12-26 14:00:34 +08:00
Name.php Implement %HTML.Attr.Name.UseCDATA which relaxes name validation rules. 2009-03-20 19:34:38 -04:00
Nofollow.php Implement HTML.Nofollow for external links. 2010-09-28 12:01:57 -04:00
NonXMLCommonAttributes.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Object.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Presentation.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
Proprietary.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Ruby.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
SafeEmbed.php Fix embedding flash on non-IE browsers and allow more wmode. 2011-01-22 12:28:57 +00:00
SafeObject.php Fix embedding flash on non-IE browsers and allow more wmode. 2011-01-22 12:28:57 +00:00
Scripting.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
StyleAttribute.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Tables.php Add support for scope attribute on td and th. 2011-12-25 23:31:13 +08:00
Target.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
TargetBlank.php Implement %HTML.TargetBlank 2011-12-26 08:36:00 +08:00
Text.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
Tidy.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
XMLCommonAttributes.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00