mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-20 19:25:19 +00:00
Code Releases Activity
d2de8d976a
htmlpurifier/library/HTMLPurifier/ConfigSchema/schema
History
Bradley M. Froehle 4164b2eb2b Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 
The purpose of this addition is twofold. In trusted mode, iframes are
now unconditionally allowed.

However, many online video providers (YouTube, Vimeo) and other web
applications (Google Maps, Google Calendar, etc) provide embed code in
iframe format, which is useful functionality in untrusted mode.
You can specify iframes as trusted elements with %HTML.SafeIframe;
however, you need to additionally specify a whitelist mechanism such as
%URI.SafeIframeRegexp to say what iframe embeds are OK (by default
everything is rejected).

Note: As iframes are invalid in strict doctypes, you will not be able to
use them there.

We also added an always_load parameter to URIFilters in order to support
the strange nature of the SafeIframe URIFilter (it always needs to be
loaded, due to the inability of accessing the %HTML.SafeIframe directive
to see if it's needed!)  We expect this URIFilter can expand in the future
to offer more complex validation mechanisms.

Signed-off-by: Bradley M. Froehle <brad.froehle@gmail.com>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-12-26 21:50:53 +08:00
..
Attr.AllowedClasses.txt Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses. 2009-05-25 22:08:45 -04:00
Attr.AllowedFrameTargets.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.AllowedRel.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.AllowedRev.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.ClassUseCDATA.txt Relax allowed values of class for certain doctypes, see %Attr.ClassUseCDATA 2009-05-26 01:07:40 -04:00
Attr.DefaultImageAlt.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.DefaultInvalidImage.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.DefaultInvalidImageAlt.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.DefaultTextDir.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.EnableID.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.ForbiddenClasses.txt Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses. 2009-05-25 22:08:45 -04:00
Attr.IDBlacklist.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.IDBlacklistRegexp.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.IDPrefix.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Attr.IDPrefixLocal.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AutoFormat.AutoParagraph.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AutoFormat.Custom.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AutoFormat.DisplayLinkURI.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AutoFormat.Linkify.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AutoFormat.PurifierLinkify.DocURL.txt Rename AutoFormatParam.PurifierLinkifyDocURL. 2009-05-25 21:51:08 -04:00
AutoFormat.PurifierLinkify.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt Implement %AutoFormat.RemoveEmpty.RemoveNbsp, by popular demand. 2009-04-09 00:53:19 -04:00
AutoFormat.RemoveEmpty.RemoveNbsp.txt Implement %AutoFormat.RemoveEmpty.RemoveNbsp, by popular demand. 2009-04-09 00:53:19 -04:00
AutoFormat.RemoveEmpty.txt Implement %AutoFormat.RemoveEmpty.RemoveNbsp, by popular demand. 2009-04-09 00:53:19 -04:00
AutoFormat.RemoveSpansWithoutAttributes.txt Reword documentation to be clearer, and give warning on common user error. 2010-09-04 01:31:20 -04:00
Cache.DefinitionImpl.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Cache.SerializerPath.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Cache.SerializerPermissions.txt Bump version number for Cache.SerializerPermissions. 2011-01-14 00:40:39 +00:00
Core.AggressivelyFixLt.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.CollectErrors.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.ColorKeywords.txt Color keywords now case-insensitive. 2011-04-10 12:45:02 +01:00
Core.ConvertDocumentToFragment.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.DirectLexLineNumberSyncInterval.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.Encoding.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.EscapeInvalidChildren.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.EscapeInvalidTags.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.EscapeNonASCIICharacters.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.HiddenElements.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.Language.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.LexerImpl.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.MaintainLineNumbers.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.NormalizeNewlines.txt Rename newline normalization directive to something better. 2010-09-15 02:50:39 -04:00
Core.RemoveInvalidImg.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Core.RemoveProcessingInstructions.txt Shift to 4.2.0 release cycle. 2010-09-14 23:38:51 -04:00
Core.RemoveScriptContents.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSS.AllowedFonts.txt Implement CSS.AllowedFonts. 2011-03-24 22:54:39 +00:00
CSS.AllowedProperties.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSS.AllowImportant.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSS.AllowTricky.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSS.DefinitionRev.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSS.ForbiddenProperties.txt Shift to 4.2.0 release cycle. 2010-09-14 23:38:51 -04:00
CSS.MaxImgLength.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSS.Proprietary.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSS.Trusted.txt Add initial implementation of CSS.Trusted. 2010-11-12 18:45:03 +00:00
Filter.Custom.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Filter.ExtractStyleBlocks.Escaping.txt Rename ExtractStyleBlocks configuration parameters. 2009-05-25 21:54:39 -04:00
Filter.ExtractStyleBlocks.Scope.txt Rename ExtractStyleBlocks configuration parameters. 2009-05-25 21:54:39 -04:00
Filter.ExtractStyleBlocks.TidyImpl.txt Rename ExtractStyleBlocks configuration parameters. 2009-05-25 21:54:39 -04:00
Filter.ExtractStyleBlocks.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Filter.YouTube.txt Implement HTML.FlashAllowFullScreen. 2010-09-08 23:39:20 -04:00
HTML.Allowed.txt Reword documentation to be clearer, and give warning on common user error. 2010-09-04 01:31:20 -04:00
HTML.AllowedAttributes.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.AllowedComments.txt Implement %HTML.AllowedComments and %HTML.AllowedCommentsRegexp 2011-12-26 15:34:42 +08:00
HTML.AllowedCommentsRegexp.txt Implement %HTML.AllowedComments and %HTML.AllowedCommentsRegexp 2011-12-26 15:34:42 +08:00
HTML.AllowedElements.txt Reword documentation to be clearer, and give warning on common user error. 2010-09-04 01:31:20 -04:00
HTML.AllowedModules.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.Attr.Name.UseCDATA.txt Implement %HTML.Attr.Name.UseCDATA which relaxes name validation rules. 2009-03-20 19:34:38 -04:00
HTML.BlockWrapper.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.CoreModules.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.CustomDoctype.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.DefinitionID.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.DefinitionRev.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.Doctype.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.FlashAllowFullScreen.txt Shift to 4.2.0 release cycle. 2010-09-14 23:38:51 -04:00
HTML.ForbiddenAttributes.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.ForbiddenElements.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.MaxImgLength.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.Nofollow.txt Fix two bugs with caching of customized raw definitions. 2010-12-30 23:51:53 +00:00
HTML.Parent.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.Proprietary.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.SafeEmbed.txt Implement Internet Explorer compatibility code for embedded content. 2010-03-08 01:56:40 -05:00
HTML.SafeIframe.txt Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00
HTML.SafeObject.txt Implement Internet Explorer compatibility code for embedded content. 2010-03-08 01:56:40 -05:00
HTML.Strict.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.TargetBlank.txt Implement %HTML.TargetBlank 2011-12-26 08:36:00 +08:00
HTML.TidyAdd.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.TidyLevel.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.TidyRemove.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTML.Trusted.txt Add initial implementation of CSS.Trusted. 2010-11-12 18:45:03 +00:00
HTML.XHTML.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
info.ini Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Output.CommentScriptContents.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Output.FixInnerHTML.txt Fix Internet Explorer innerHTML bug. 2011-03-27 11:50:52 +01:00
Output.FlashCompat.txt Implement Internet Explorer compatibility code for embedded content. 2010-03-08 01:56:40 -05:00
Output.Newline.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Output.SortAttr.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Output.TidyFormat.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Test.ForceNoIconv.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.AllowedSchemes.txt Add support for file:// URI scheme. 2010-09-09 00:01:26 -04:00
URI.Base.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.DefaultScheme.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.DefinitionID.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.DefinitionRev.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.Disable.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.DisableExternal.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.DisableExternalResources.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.DisableResources.txt Shift to 4.2.0 release cycle. 2010-09-14 23:38:51 -04:00
URI.Host.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.HostBlacklist.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.MakeAbsolute.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.Munge.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.MungeResources.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.MungeSecretKey.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.OverrideAllowedSchemes.txt Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.SafeIframeRegexp.txt Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage. 2011-12-26 21:50:53 +08:00