mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-14 01:08:41 +00:00
3bdc031224
The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted value. This adds support for form elements without enabling other unsafe modules, such as Scripts, Iframe or Object. To achieve the same effect without this directive one has to explicitly list all enabled modules in %HTML.AllowedModules, and any not listed will be removed. This however is not very convenient, as the allowed modules may vary between doctypes. Resolves #213.
12 lines
333 B
Plaintext
12 lines
333 B
Plaintext
HTML.Forms
|
|
TYPE: bool
|
|
VERSION: 4.13.0
|
|
DEFAULT: false
|
|
--DESCRIPTION--
|
|
<p>
|
|
Whether or not to permit form elements in the user input, regardless of
|
|
%HTML.Trusted value. Please be very careful when using this functionality, as
|
|
enabling forms in untrusted documents may allow for phishing attacks.
|
|
</p>
|
|
--# vim: et sw=4 sts=4
|