mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2025-12-29 05:11:28 +00:00
update HTMLPurifier; enable embedded flash video in articles
This commit is contained in:
Andrew Dolgov
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
Executable file → Normal file
2
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
Executable file → Normal file
2
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
Executable file → Normal file
@@ -10,7 +10,7 @@ class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
if (isset($attr['dir'])) return $attr;
|
||||
$attr['dir'] = $config->get('Attr', 'DefaultTextDir');
|
||||
$attr['dir'] = $config->get('Attr.DefaultTextDir');
|
||||
return $attr;
|
||||
}
|
||||
|
||||
|
||||
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
Executable file → Normal file
11
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
Executable file → Normal file
11
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
Executable file → Normal file
@@ -15,21 +15,22 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
|
||||
|
||||
$src = true;
|
||||
if (!isset($attr['src'])) {
|
||||
if ($config->get('Core', 'RemoveInvalidImg')) return $attr;
|
||||
$attr['src'] = $config->get('Attr', 'DefaultInvalidImage');
|
||||
if ($config->get('Core.RemoveInvalidImg')) return $attr;
|
||||
$attr['src'] = $config->get('Attr.DefaultInvalidImage');
|
||||
$src = false;
|
||||
}
|
||||
|
||||
if (!isset($attr['alt'])) {
|
||||
if ($src) {
|
||||
$alt = $config->get('Attr', 'DefaultImageAlt');
|
||||
$alt = $config->get('Attr.DefaultImageAlt');
|
||||
if ($alt === null) {
|
||||
$attr['alt'] = basename($attr['src']);
|
||||
// truncate if the alt is too long
|
||||
$attr['alt'] = substr(basename($attr['src']),0,40);
|
||||
} else {
|
||||
$attr['alt'] = $alt;
|
||||
}
|
||||
} else {
|
||||
$attr['alt'] = $config->get('Attr', 'DefaultInvalidImageAlt');
|
||||
$attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
Executable file → Normal file
2
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
Executable file → Normal file
2
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
Executable file → Normal file
@@ -7,6 +7,8 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
// Abort early if we're using relaxed definition of name
|
||||
if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr;
|
||||
if (!isset($attr['name'])) return $attr;
|
||||
$id = $this->confiscateAttr($attr, 'name');
|
||||
if ( isset($attr['id'])) return $attr;
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Post-transform that performs validation to the name attribute; if
|
||||
* it is present with an equivalent id attribute, it is passed through;
|
||||
* otherwise validation is performed.
|
||||
*/
|
||||
class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
public function __construct() {
|
||||
$this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
|
||||
}
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
if (!isset($attr['name'])) return $attr;
|
||||
$name = $attr['name'];
|
||||
if (isset($attr['id']) && $attr['id'] === $name) return $attr;
|
||||
$result = $this->idDef->validate($name, $config, $context);
|
||||
if ($result === false) unset($attr['name']);
|
||||
else $attr['name'] = $result;
|
||||
return $attr;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
@@ -0,0 +1,41 @@
|
||||
<?php
|
||||
|
||||
// must be called POST validation
|
||||
|
||||
/**
|
||||
* Adds rel="nofollow" to all outbound links. This transform is
|
||||
* only attached if Attr.Nofollow is TRUE.
|
||||
*/
|
||||
class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
private $parser;
|
||||
|
||||
public function __construct() {
|
||||
$this->parser = new HTMLPurifier_URIParser();
|
||||
}
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
|
||||
if (!isset($attr['href'])) {
|
||||
return $attr;
|
||||
}
|
||||
|
||||
// XXX Kind of inefficient
|
||||
$url = $this->parser->parse($attr['href']);
|
||||
$scheme = $url->getSchemeObj($config, $context);
|
||||
|
||||
if (!is_null($url->host) && $scheme !== false && $scheme->browsable) {
|
||||
if (isset($attr['rel'])) {
|
||||
$attr['rel'] .= ' nofollow';
|
||||
} else {
|
||||
$attr['rel'] = 'nofollow';
|
||||
}
|
||||
}
|
||||
|
||||
return $attr;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
Executable file → Normal file
16
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
Executable file → Normal file
16
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
Executable file → Normal file
@@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
||||
|
||||
public function __construct() {
|
||||
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
|
||||
$this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
|
||||
}
|
||||
|
||||
public function transform($attr, $config, $context) {
|
||||
@@ -33,12 +34,25 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
||||
case 'allowNetworking':
|
||||
$attr['value'] = 'internal';
|
||||
break;
|
||||
case 'allowFullScreen':
|
||||
if ($config->get('HTML.FlashAllowFullScreen')) {
|
||||
$attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
|
||||
} else {
|
||||
$attr['value'] = 'false';
|
||||
}
|
||||
break;
|
||||
case 'wmode':
|
||||
$attr['value'] = 'window';
|
||||
$attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
|
||||
break;
|
||||
case 'movie':
|
||||
case 'src':
|
||||
$attr['name'] = "movie";
|
||||
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
|
||||
break;
|
||||
case 'flashvars':
|
||||
// we're going to allow arbitrary inputs to the SWF, on
|
||||
// the reasoning that it could only hack the SWF, not us.
|
||||
break;
|
||||
// add other cases to support other param name/value pairs
|
||||
default:
|
||||
$attr['name'] = $attr['value'] = null;
|
||||
|
||||
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php
Executable file → Normal file
0
lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php
Executable file → Normal file
Reference in New Issue
Block a user