HTMLPurifier 4.4.0
|
00001 <?php 00002 00006 class HTMLPurifier_URIScheme_file extends HTMLPurifier_URIScheme { 00007 00008 // Generally file:// URLs are not accessible from most 00009 // machines, so placing them as an img src is incorrect. 00010 public $browsable = false; 00011 00012 // Basically the *only* URI scheme for which this is true, since 00013 // accessing files on the local machine is very common. In fact, 00014 // browsers on some operating systems don't understand the 00015 // authority, though I hear it is used on Windows to refer to 00016 // network shares. 00017 public $may_omit_host = true; 00018 00019 public function doValidate(&$uri, $config, $context) { 00020 // Authentication method is not supported 00021 $uri->userinfo = null; 00022 // file:// makes no provisions for accessing the resource 00023 $uri->port = null; 00024 // While it seems to work on Firefox, the querystring has 00025 // no possible effect and is thus stripped. 00026 $uri->query = null; 00027 return true; 00028 } 00029 00030 } 00031 00032 // vim: et sw=4 sts=4