Welcome! » Log In » Create A New Profile

URI.DisableResources not loading

Posted by Brent C 
Brent C
URI.DisableResources not loading
March 01, 2012 03:34PM

I'v been trying to get the URI.DisableResources directive to work, but setting the config directive to true didn't seem to actual change anything. Digging into the code (which I'm very unfamiliar with as this is my first time working with HTMLPurifier), it seems to me that the URI.DisableResources filter is not being loaded into the HTMLPurifier_URIDefinition class.

<?php
class HTMLPurifier_URIDefinition extends HTMLPurifier_Definition
{
// ...
    public function __construct() {
        $this->registerFilter(new HTMLPurifier_URIFilter_DisableExternal());
        $this->registerFilter(new HTMLPurifier_URIFilter_DisableExternalResources());
        $this->registerFilter(new HTMLPurifier_URIFilter_HostBlacklist());
        $this->registerFilter(new HTMLPurifier_URIFilter_SafeIframe());
        $this->registerFilter(new HTMLPurifier_URIFilter_MakeAbsolute());
        $this->registerFilter(new HTMLPurifier_URIFilter_Munge());
    }

Shouldn't there be a line in there for URIFilter_DisableResources?

$this->registerFilter(new HTMLPurifier_URIFilter_DisableResources());

-Brent

Re: URI.DisableResources not loading
March 01, 2012 07:25PM

Oops, that looks like a bug. Thanks for reporting.

Re: URI.DisableResources not loading
March 02, 2012 01:26PM

Fixed in head.

Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with &lt; and &gt;.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines:

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with:

.htmlpurifier-help {display:none;}

Message: