mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-23 00:41:52 +00:00
ca1453401f
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@319 48356398-32a2-884e-a903-53898d9a118a
47 lines
1.8 KiB
Plaintext
47 lines
1.8 KiB
Plaintext
|
|
Configuration Ideas
|
|
|
|
Here are some theoretical configuration ideas that we could implement some
|
|
time. Note the naming convention: %Namespace.Directive
|
|
|
|
%Attr.IDPrefix - prefix all ids with this
|
|
|
|
%Attr.RewriteFragments - if there's %Attr.IDPrefix we may want to transparently
|
|
rewrite the URLs we parse too. However, we can only do it when it's a pure
|
|
anchor link, so it's not foolproof
|
|
|
|
%Attr.ClassBlacklist,
|
|
%Attr.ClassWhitelist,
|
|
%Attr.ClassListMode - determines what classes are allowed. When
|
|
%Attr.ClassListMode is set to Blacklist, only allow those not in
|
|
%Attr.ClassBlacklist. When it's Whitelist, only allow those in
|
|
%Attr.ClassWhitelist.
|
|
|
|
%Attr.LangAlphaOnly - designate whether or not to allow numerals in language
|
|
code subtags
|
|
* RFC 1766, the current standard referenced by XML, does not permit
|
|
numbers, but,
|
|
* RFC 3066, the superseding best practice standard since January 2001,
|
|
permits them.
|
|
We allow numbers by default, but you generally never see them
|
|
at all, which makes this a little more sane.
|
|
|
|
%Attr.MaxWidth,
|
|
%Attr.MaxHeight - caps for width and height related checks.
|
|
(a hack in Pixels for an image crashing attack could be replaced by this)
|
|
|
|
%URI.Munge - will munge all URIs to a different URI, which should redirect
|
|
the user to the applicable page. A urlencoded version of the URI
|
|
will replace any instances of %s in the string. One possible
|
|
string is 'http://www.google.com/url?q=%s'. Useful for preventing
|
|
pagerank from being sent to other sites
|
|
|
|
%URI.AddRelNofollow - will add rel="nofollow" to all links, preventing the
|
|
spread of ill-gotten pagerank
|
|
|
|
%URI.Host - host of website, for external link checks
|
|
|
|
%URI.RelativeToAbsolute - transforms all relative URIs to absolute form
|
|
|
|
%URI.DisableExternal - disable external links
|