HTMLPurifier 4.4.0
|
00001 <?php 00002 00009 class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule 00010 { 00011 00012 public $name = 'SafeObject'; 00013 00014 public function setup($config) { 00015 00016 // These definitions are not intrinsically safe: the attribute transforms 00017 // are a vital part of ensuring safety. 00018 00019 $max = $config->get('HTML.MaxImgLength'); 00020 $object = $this->addElement( 00021 'object', 00022 'Inline', 00023 'Optional: param | Flow | #PCDATA', 00024 'Common', 00025 array( 00026 // While technically not required by the spec, we're forcing 00027 // it to this value. 00028 'type' => 'Enum#application/x-shockwave-flash', 00029 'width' => 'Pixels#' . $max, 00030 'height' => 'Pixels#' . $max, 00031 'data' => 'URI#embedded', 00032 'codebase' => new HTMLPurifier_AttrDef_Enum(array( 00033 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')), 00034 ) 00035 ); 00036 $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject(); 00037 00038 $param = $this->addElement('param', false, 'Empty', false, 00039 array( 00040 'id' => 'ID', 00041 'name*' => 'Text', 00042 'value' => 'Text' 00043 ) 00044 ); 00045 $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam(); 00046 $this->info_injector[] = 'SafeObject'; 00047 00048 } 00049 00050 } 00051 00052 // vim: et sw=4 sts=4