library/HTMLPurifier/AttrTransform/SafeParam.php

Go to the documentation of this file.
00001 <?php
00002 
00015 class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform 
00016 {
00017     public $name = "SafeParam";
00018     private $uri;
00019     
00020     public function __construct() {
00021         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
00022     }
00023     
00024     public function transform($attr, $config, $context) {
00025         // If we add support for other objects, we'll need to alter the
00026         // transforms.
00027         switch ($attr['name']) {
00028             // application/x-shockwave-flash
00029             // Keep this synchronized with Injector/SafeObject.php
00030             case 'allowScriptAccess':
00031                 $attr['value'] = 'never';
00032                 break;
00033             case 'allowNetworking':
00034                 $attr['value'] = 'internal';
00035                 break;
00036             case 'wmode':
00037                 $attr['value'] = 'window';
00038                 break;
00039             case 'movie':
00040                 $attr['value'] = $this->uri->validate($attr['value'], $config, $context);
00041                 break;
00042             // add other cases to support other param name/value pairs
00043             default:
00044                 $attr['name'] = $attr['value'] = null;
00045         }
00046         return $attr;
00047     }
00048 }
Generated on Thu Jun 19 18:47:25 2008 for HTMLPurifier by  doxygen 1.5.3