首页 发现 帮助
登录
trxbot
/
admin
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 516b110210
分支列表 标签列表
admin
/
vendor
/
ezyang
/
htmlpurifier
/
library
/
HTMLPurifier
/
HTMLModule
/
SafeObject.php

SafeObject.php 1.9 KB
文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * A "safe" object module. In theory, objects permitted by this module will
    5. 

  5.  * be safe, and untrusted users can be allowed to embed arbitrary flash objects
    6. 

  6.  * (maybe other types too, but only Flash is supported as of right now).
    7. 

  7.  * Highly experimental.
    8. 

  8.  */
    9. 

  9. class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
    10. 

  10. {
    11. 

  11.     /**
    12. 

  12.      * @type string
    13. 

  13.      */
    14. 

  14.     public $name = 'SafeObject';
    15. 

  15. 

  16.     /**
    17. 

  17.      * @param HTMLPurifier_Config $config
    18. 

  18.      */
    19. 

  19.     public function setup($config)
    20. 

  20.     {
    21. 

  21.         // These definitions are not intrinsically safe: the attribute transforms
    22. 

  22.         // are a vital part of ensuring safety.
    23. 

  23. 

  24.         $max = $config->get('HTML.MaxImgLength');
    25. 

  25.         $object = $this->addElement(
    26. 

  26.             'object',
    27. 

  27.             'Inline',
    28. 

  28.             'Optional: param | Flow | #PCDATA',
    29. 

  29.             'Common',
    30. 

  30.             array(
    31. 

  31.                 // While technically not required by the spec, we're forcing
    32. 

  32.                 // it to this value.
    33. 

  33.                 'type' => 'Enum#application/x-shockwave-flash',
    34. 

  34.                 'width' => 'Pixels#' . $max,
    35. 

  35.                 'height' => 'Pixels#' . $max,
    36. 

  36.                 'data' => 'URI#embedded',
    37. 

  37.                 'codebase' => new HTMLPurifier_AttrDef_Enum(
    38. 

  38.                     array(
    39. 

  39.                         'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'
    40. 

  40.                     )
    41. 

  41.                 ),
    42. 

  42.             )
    43. 

  43.         );
    44. 

  44.         $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
    45. 

  45. 

  46.         $param = $this->addElement(
    47. 

  47.             'param',
    48. 

  48.             false,
    49. 

  49.             'Empty',
    50. 

  50.             false,
    51. 

  51.             array(
    52. 

  52.                 'id' => 'ID',
    53. 

  53.                 'name*' => 'Text',
    54. 

  54.                 'value' => 'Text'
    55. 

  55.             )
    56. 

  56.         );
    57. 

  57.         $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
    58. 

  58.         $this->info_injector[] = 'SafeObject';
    59. 

  59.     }
    60. 

  60. }
    61. 

  61. 

  62. // vim: et sw=4 sts=4
    63.