$name
$name
Short unique string identifier of the module.
XHTML 1.1 Scripting module, defines elements that are used to contain information pertaining to executable scripts or the lack of support for executable scripts.
$attr_collections
Associative array of attribute collection names to attribute collection additions. More rarely used for adding attributes to the global collections. Example is the StyleAttribute module adding the style attribute to the Core. Corresponds to HTMLDefinition's attr_collections->info, since the object's data is only info, with extra behavior associated with it.
$safe
Boolean flag whether or not this module is safe. If it is not safe, all of its members are unsafe. Modules are safe by default (this might be slightly dangerous, but it doesn't make much sense to force HTML Purifier, which is based off of safe HTML, to explicitly say, "This is safe," even though there are modules which are "unsafe")
getChildDef(\HTMLPurifier_ElementDef $def) : \HTMLPurifier_ChildDef
Retrieves a proper HTMLPurifier_ChildDef subclass based on content_model and content_model_type member variables of the HTMLPurifier_ElementDef class. There is a similar function in HTMLPurifier_HTMLDefinition.
\HTMLPurifier_ElementDef | $def |
subclass
addElement(string $element, string|bool $type, string|\HTMLPurifier_ChildDef $contents, array|string $attr_includes = array(), array $attr = array()) : \HTMLPurifier_ElementDef
Convenience function that sets up a new element
string | $element | Name of element to add |
string|bool | $type | What content set should element be registered to? Set as false to skip this step. |
string|\HTMLPurifier_ChildDef | $contents | Allowed children in form of: "$content_model_type: $content_model" |
array|string | $attr_includes | What attribute collections to register to element? |
array | $attr | What unique attributes does the element define? |
Created element definition object, so you can set advanced parameters
addElementToContentSet(string $element, string $type) : mixed
Convenience function that registers an element to a content set
string | $element | Element to register |
string | $type | Name content set (warning: case sensitive, usually upper-case first letter) |
mergeInAttrIncludes(array $attr, array $attr_includes) : mixed
Convenience function that merges a list of attribute includes into an attribute array.
array | $attr | Reference to attr array to modify |
array | $attr_includes | Array of includes / string include to merge in |
<?php
/*
WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
*/
/**
* XHTML 1.1 Scripting module, defines elements that are used to contain
* information pertaining to executable scripts or the lack of support
* for executable scripts.
* @note This module does not contain inline scripting elements
*/
class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
{
/**
* @type string
*/
public $name = 'Scripting';
/**
* @type array
*/
public $elements = array('script', 'noscript');
/**
* @type array
*/
public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');
/**
* @type bool
*/
public $safe = false;
/**
* @param HTMLPurifier_Config $config
*/
public function setup($config)
{
// TODO: create custom child-definition for noscript that
// auto-wraps stray #PCDATA in a similar manner to
// blockquote's custom definition (we would use it but
// blockquote's contents are optional while noscript's contents
// are required)
// TODO: convert this to new syntax, main problem is getting
// both content sets working
// In theory, this could be safe, but I don't see any reason to
// allow it.
$this->info['noscript'] = new HTMLPurifier_ElementDef();
$this->info['noscript']->attr = array(0 => array('Common'));
$this->info['noscript']->content_model = 'Heading | List | Block';
$this->info['noscript']->content_model_type = 'required';
$this->info['script'] = new HTMLPurifier_ElementDef();
$this->info['script']->attr = array(
'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
'src' => new HTMLPurifier_AttrDef_URI(true),
'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))
);
$this->info['script']->content_model = '#PCDATA';
$this->info['script']->content_model_type = 'optional';
$this->info['script']->attr_transform_pre[] =
$this->info['script']->attr_transform_post[] =
new HTMLPurifier_AttrTransform_ScriptRequired();
}
}
// vim: et sw=4 sts=4