HTMLPurifier 4.4.0
/home/ezyang/Dev/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeObject.php
Go to the documentation of this file.
00001 <?php
00002 
00009 class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
00010 {
00011 
00012     public $name = 'SafeObject';
00013 
00014     public function setup($config) {
00015 
00016         // These definitions are not intrinsically safe: the attribute transforms
00017         // are a vital part of ensuring safety.
00018 
00019         $max = $config->get('HTML.MaxImgLength');
00020         $object = $this->addElement(
00021             'object',
00022             'Inline',
00023             'Optional: param | Flow | #PCDATA',
00024             'Common',
00025             array(
00026                 // While technically not required by the spec, we're forcing
00027                 // it to this value.
00028                 'type'   => 'Enum#application/x-shockwave-flash',
00029                 'width'  => 'Pixels#' . $max,
00030                 'height' => 'Pixels#' . $max,
00031                 'data'   => 'URI#embedded',
00032                 'codebase' => new HTMLPurifier_AttrDef_Enum(array(
00033                     'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
00034             )
00035         );
00036         $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
00037 
00038         $param = $this->addElement('param', false, 'Empty', false,
00039             array(
00040                 'id' => 'ID',
00041                 'name*' => 'Text',
00042                 'value' => 'Text'
00043             )
00044         );
00045         $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
00046         $this->info_injector[] = 'SafeObject';
00047 
00048     }
00049 
00050 }
00051 
00052 // vim: et sw=4 sts=4