8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt: -------------------------------------------------------------------------------- 1 | URI.DefinitionRev 2 | TYPE: int 3 | VERSION: 2.1.0 4 | DEFAULT: 1 5 | --DESCRIPTION-- 6 | 7 |8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier.path.php: -------------------------------------------------------------------------------- 1 | target=blank attributes are added to all outgoing links. 7 | (This includes links from an HTTPS version of a page to an HTTP version.) 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt: -------------------------------------------------------------------------------- 1 | HTML.XHTML 2 | TYPE: bool 3 | DEFAULT: true 4 | VERSION: 1.1.0 5 | DEPRECATED-VERSION: 1.7.0 6 | DEPRECATED-USE: HTML.Doctype 7 | --DESCRIPTION-- 8 | Determines whether or not output is XHTML 1.0 or HTML 4.01 flavor. 9 | --ALIASES-- 10 | Core.XHTML 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/Language/messages/en-x-testmini.php: -------------------------------------------------------------------------------- 1 | 'HTML Purifier XNone' 10 | ); 11 | 12 | // vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt: -------------------------------------------------------------------------------- 1 | CSS.Trusted 2 | TYPE: bool 3 | VERSION: 4.2.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Indicates whether or not the user's CSS input is trusted or not. If the 7 | input is trusted, a more expansive set of allowed properties. See 8 | also %HTML.Trusted. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /uninstall.php: -------------------------------------------------------------------------------- 1 | 8 | Unique identifier for a custom-built URI definition. If you want 9 | to add custom URIFilters, you must specify this value. 10 | 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/Token/Empty.php: -------------------------------------------------------------------------------- 1 | empty = true; 11 | return $n; 12 | } 13 | } 14 | 15 | // vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt: -------------------------------------------------------------------------------- 1 | HTML.Trusted 2 | TYPE: bool 3 | VERSION: 2.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Indicates whether or not the user input is trusted or not. If the input is 7 | trusted, a more expansive set of allowed tags and attributes will be used. 8 | See also %CSS.Trusted. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /webpack.config.js: -------------------------------------------------------------------------------- 1 | const path = require('path'); 2 | 3 | module.exports = { 4 | entry: './includes/public/js/travelersmap.js', 5 | output: { 6 | filename: 'travelersmap-bundle.js', 7 | path: path.resolve(__dirname, './includes/public/js/dist'), 8 | iife: false, 9 | }, 10 | optimization: { 11 | minimize: false, 12 | }, 13 | mode: 'production', 14 | }; 15 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeScripting 2 | TYPE: lookup 3 | VERSION: 4.5.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit script tags to external scripts in documents. 8 | Inline scripting is not allowed, and the script must match an explicit whitelist. 9 |
10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt: -------------------------------------------------------------------------------- 1 | Output.FlashCompat 2 | TYPE: bool 3 | VERSION: 4.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | If true, HTML Purifier will generate Internet Explorer compatibility 8 | code for all object code. This is highly recommended if you enable 9 | %HTML.SafeObject. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.Linkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |
8 | This directive turns on linkification, auto-linking http, ftp and
9 | https URLs. a tags with the href attribute
10 | must be allowed.
11 |
7 | By default, HTML Purifier removes duplicate CSS properties,
8 | like color:red; color:blue. If this is set to
9 | true, duplicate properties are allowed.
10 |
7 | Whether or not to normalize newlines to the operating
8 | system default. When false, HTML Purifier
9 | will attempt to preserve mixed newline files.
10 |
8 | Disables all URIs in all forms. Not sure why you'd want to do that 9 | (after all, the Internet's founded on the notion of a hyperlink). 10 |
11 | 12 | --ALIASES-- 13 | Attr.DisableURI 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultInvalidImageAlt 2 | TYPE: string 3 | DEFAULT: 'Invalid image' 4 | --DESCRIPTION-- 5 | This is the content of the alt tag of an invalid image if the user had not 6 | previously specified an alt attribute. It has no effect when the image is 7 | valid but there was no alt attribute present. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultTextDir 2 | TYPE: string 3 | DEFAULT: 'ltr' 4 | --DESCRIPTION-- 5 | Defines the default text direction (ltr or rtl) of the document being 6 | parsed. This generally is the same as the value of the dir attribute in 7 | HTML, or ltr if that is not specified. 8 | --ALLOWED-- 9 | 'ltr', 'rtl' 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt: -------------------------------------------------------------------------------- 1 | Core.EnableIDNA 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.4.0 5 | --DESCRIPTION-- 6 | Allows international domain names in URLs. This configuration option 7 | requires the PEAR Net_IDNA2 module to be installed. It operates by 8 | punycoding any internationalized host names for maximum portability. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveScriptContents 2 | TYPE: bool/null 3 | DEFAULT: NULL 4 | VERSION: 2.0.0 5 | DEPRECATED-VERSION: 2.1.0 6 | DEPRECATED-USE: Core.HiddenElements 7 | --DESCRIPTION-- 8 |9 | This directive enables HTML Purifier to remove not only script tags 10 | but all of their contents. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt: -------------------------------------------------------------------------------- 1 | HTML.FlashAllowFullScreen 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | Whether or not to permit embedded Flash content from
8 | %HTML.SafeObject to expand to the full screen. Corresponds to
9 | the allowFullScreen parameter.
10 |
HTMLPurifier->addFilter()
9 | method. Specify an array of concrete implementations.
10 |
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt:
--------------------------------------------------------------------------------
1 | --# vim: et sw=4 sts=4
2 | HTML.TargetNoopener
3 | TYPE: bool
4 | VERSION: 4.8.0
5 | DEFAULT: TRUE
6 | --DESCRIPTION--
7 | If enabled, noopener rel attributes are added to links which have
8 | a target attribute associated with them. This prevents malicious
9 | destinations from overwriting the original window.
10 | --# vim: et sw=4 sts=4
11 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt:
--------------------------------------------------------------------------------
1 | AutoFormat.Custom
2 | TYPE: list
3 | VERSION: 2.0.1
4 | DEFAULT: array()
5 | --DESCRIPTION--
6 |
7 | 8 | This directive can be used to add custom auto-format injectors. 9 | Specify an array of injector names (class name minus the prefix) 10 | or concrete implementations. Injector class must exist. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt: -------------------------------------------------------------------------------- 1 | Attr.IDBlacklistRegexp 2 | TYPE: string/null 3 | VERSION: 1.6.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | PCRE regular expression to be matched against all IDs. If the expression is 7 | matches, the ID is rejected. Use this with care: may cause significant 8 | degradation. ID matching is done after all other validation. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt: -------------------------------------------------------------------------------- 1 | HTML.Parent 2 | TYPE: string 3 | VERSION: 1.3.0 4 | DEFAULT: 'div' 5 | --DESCRIPTION-- 6 | 7 |8 | String name of element that HTML fragment passed to library will be 9 | inserted in. An interesting variation would be using span as the 10 | parent element, meaning that only inline tags would be allowed. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIScheme/https.php: -------------------------------------------------------------------------------- 1 | 7 | This directive causesspan tags without any attributes
8 | to be removed. It will also remove spans that had all attributes
9 | removed during processing.
10 |
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt:
--------------------------------------------------------------------------------
1 | AutoFormat.DisplayLinkURI
2 | TYPE: bool
3 | VERSION: 3.2.0
4 | DEFAULT: false
5 | --DESCRIPTION--
6 | 7 | This directive turns on the in-text display of URIs in <a> tags, and disables 8 | those links. For example, example becomes 9 | example (http://example.com). 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.PurifierLinkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |
8 | Internal auto-formatter that converts configuration directives in
9 | syntax %Namespace.Directive to links. a tags
10 | with the href attribute must be allowed.
11 |
7 | Whether or not to permit form elements in the user input, regardless of 8 | %HTML.Trusted value. Please be very careful when using this functionality, as 9 | enabling forms in untrusted documents may allow for phishing attacks. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt: -------------------------------------------------------------------------------- 1 | Core.AllowParseManyTags 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.10.1 5 | --DESCRIPTION-- 6 |7 | This directive allows parsing of many nested tags. 8 | If you set true, relaxes any hardcoded limit from the parser. 9 | However, in that case it may cause a Dos attack. 10 | Be careful when enabling it. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt: -------------------------------------------------------------------------------- 1 | HTML.Proprietary 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | Whether or not to allow proprietary elements and attributes in your
8 | documents, as per HTMLPurifier_HTMLModule_Proprietary.
9 | Warning: This can cause your documents to stop
10 | validating!
11 |
8 | Absolute path with no trailing slash to store serialized definitions in. 9 | Default is within the 10 | HTML Purifier library inside DefinitionCache/Serializer. This 11 | path must be writable by the webserver. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveInvalidImg 2 | TYPE: bool 3 | DEFAULT: true 4 | VERSION: 1.3.0 5 | --DESCRIPTION-- 6 | 7 |
8 | This directive enables pre-emptive URI checking in img
9 | tags, as the attribute validation strategy is not authorized to
10 | remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
11 |
8 | Location of configuration documentation to link to, let %s substitute 9 | into the configuration's namespace and directive names sans the percent 10 | sign. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowedFonts 2 | TYPE: lookup/null 3 | VERSION: 4.3.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 |
7 | Allows you to manually specify a set of allowed fonts. If
8 | NULL, all fonts are allowed. This directive
9 | affects generic names (serif, sans-serif, monospace, cursive,
10 | fantasy) as well as specific font families.
11 |
8 | Newline string to format final output with. If left null, HTML Purifier 9 | will auto-detect the default newline type of the system and use that; 10 | you can manually override it here. Remember, \r\n is Windows, \r 11 | is Mac, and \n is Unix. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/URI/Email.php: -------------------------------------------------------------------------------- 1 | array( 15 | 'xml:lang' => 'LanguageCode', 16 | ) 17 | ); 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions 2 | TYPE: lookup 3 | VERSION: 4.0.0 4 | DEFAULT: array('td' => true, 'th' => true) 5 | --DESCRIPTION-- 6 |7 | When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp 8 | are enabled, this directive defines what HTML elements should not be 9 | removede if they have only a non-breaking space in them. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt: -------------------------------------------------------------------------------- 1 | Cache.DefinitionImpl 2 | TYPE: string/null 3 | VERSION: 2.0.0 4 | DEFAULT: 'Serializer' 5 | --DESCRIPTION-- 6 | 7 | This directive defines which method to use when caching definitions, 8 | the complex data-type that makes HTML Purifier tick. Set to null 9 | to disable caching (not recommended, as you will see a definite 10 | performance degradation). 11 | 12 | --ALIASES-- 13 | Core.DefinitionCache 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 15 | 'lang' => 'LanguageCode', 16 | ) 17 | ); 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt: -------------------------------------------------------------------------------- 1 | URI.MakeAbsolute 2 | TYPE: bool 3 | VERSION: 2.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |8 | Converts all URIs into absolute forms. This is useful when the HTML 9 | being filtered assumes a specific base path, but will actually be 10 | viewed in a different context (and setting an alternate base URI is 11 | not possible). %URI.Base must be set for this directive to work. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeIframe 2 | TYPE: bool 3 | VERSION: 4.4.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit iframe tags in untrusted documents. This 8 | directive must be accompanied by a whitelist of permitted iframes, 9 | such as %URI.SafeIframeRegexp, otherwise it will fatally error. 10 | This directive has no effect on strict doctypes, as iframes are not 11 | valid. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveProcessingInstructions 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Instead of escaping processing instructions in the form<? ...
7 | ?>, remove it out-right. This may be useful if the HTML
8 | you are validating contains XML processing instruction gunk, however,
9 | it can also be user-unfriendly for people attempting to post PHP
10 | snippets.
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt:
--------------------------------------------------------------------------------
1 | URI.DefaultScheme
2 | TYPE: string/null
3 | DEFAULT: 'http'
4 | --DESCRIPTION--
5 |
6 | 7 | Defines through what scheme the output will be served, in order to 8 | select the proper object validator when no scheme information is present. 9 |
10 | 11 |12 | Starting with HTML Purifier 4.9.0, the default scheme can be null, in 13 | which case we reject all URIs which do not have explicit schemes. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt: -------------------------------------------------------------------------------- 1 | Core.CollectErrors 2 | TYPE: bool 3 | VERSION: 2.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 | Whether or not to collect errors found while filtering the document. This 8 | is a useful way to give feedback to your users. Warning: 9 | Currently this feature is very patchy and experimental, with lots of 10 | possible error messages not yet implemented. It will not cause any 11 | problems, but it may not help your users either. 12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt: -------------------------------------------------------------------------------- 1 | Cache.SerializerPermissions 2 | TYPE: int/null 3 | VERSION: 4.3.0 4 | DEFAULT: 0755 5 | --DESCRIPTION-- 6 | 7 |8 | Directory permissions of the files and directories created inside 9 | the DefinitionCache/Serializer or other custom serializer path. 10 |
11 |
12 | In HTML Purifier 4.8.0, this also supports NULL,
13 | which means that no chmod'ing or directory creation shall
14 | occur.
15 |
7 | Whether or not to permit object tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to object tags. You should also enable 10 | %Output.FlashCompat in order to generate Internet Explorer 11 | compatibility code for your object tags. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt: -------------------------------------------------------------------------------- 1 | URI.DisableResources 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Disables embedding resources, essentially meaning no pictures. You can 8 | still link to them though. See %URI.DisableExternalResources for why 9 | this might be a good idea. 10 |
11 |12 | Note: While this directive has been available since 1.3.0, 13 | it didn't actually start doing anything until 4.2.0. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/Text.php: -------------------------------------------------------------------------------- 1 | parseCDATA($string); 18 | } 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowTricky 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 3.1.0 5 | --DESCRIPTION-- 6 | This parameter determines whether or not to allow "tricky" CSS properties and 7 | values. Tricky CSS properties/values can drastically modify page layout or 8 | be used for deceptive practices but do not directly constitute a security risk. 9 | For example,display:none; is considered a tricky property that
10 | will only be allowed if this directive is set to true.
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt:
--------------------------------------------------------------------------------
1 | Core.ConvertDocumentToFragment
2 | TYPE: bool
3 | DEFAULT: true
4 | --DESCRIPTION--
5 |
6 | This parameter determines whether or not the filter should convert
7 | input that is a full document with html and body tags to a fragment
8 | of just the contents of a body tag. This parameter is simply something
9 | HTML Purifier can do during an edge-case: for most inputs, this
10 | processing is not necessary.
11 |
12 | --ALIASES--
13 | Core.AcceptFullDocuments
14 | --# vim: et sw=4 sts=4
15 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt:
--------------------------------------------------------------------------------
1 | HTML.Doctype
2 | TYPE: string/null
3 | DEFAULT: NULL
4 | --DESCRIPTION--
5 | Doctype to use during filtering. Technically speaking this is not actually
6 | a doctype (as it does not identify a corresponding DTD), but we are using
7 | this name for sake of simplicity. When non-blank, this will override any
8 | older directives like %HTML.XHTML or %HTML.Strict.
9 | --ALLOWED--
10 | 'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt:
--------------------------------------------------------------------------------
1 | Attr.IDPrefix
2 | TYPE: string
3 | VERSION: 1.2.0
4 | DEFAULT: ''
5 | --DESCRIPTION--
6 | String to prefix to IDs. If you have no idea what IDs your pages may use,
7 | you may opt to simply add a prefix to all user-submitted ID attributes so
8 | that they are still usable, but will not conflict with core page IDs.
9 | Example: setting the directive to 'user_' will result in a user submitted
10 | 'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
11 | before using this.
12 | --# vim: et sw=4 sts=4
13 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt:
--------------------------------------------------------------------------------
1 | CSS.ForbiddenProperties
2 | TYPE: lookup
3 | VERSION: 4.2.0
4 | DEFAULT: array()
5 | --DESCRIPTION--
6 | 7 | This is the logical inverse of %CSS.AllowedProperties, and it will 8 | override that directive or any other directive. If possible, 9 | %CSS.AllowedProperties is recommended over this directive, 10 | because it can sometimes be difficult to tell whether or not you've 11 | forbidden all of the CSS properties you truly would like to disallow. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt: -------------------------------------------------------------------------------- 1 | Core.DisableExcludes 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.5.0 5 | --DESCRIPTION-- 6 |
7 | This directive disables SGML-style exclusions, e.g. the exclusion of
8 | <object> in any descendant of a
9 | <pre> tag. Disabling excludes will allow some
10 | invalid documents to pass through HTML Purifier, but HTML Purifier
11 | will also be less likely to accidentally remove large documents during
12 | processing.
13 |
7 | When enabled, HTML Purifier will treat any elements that contain only 8 | non-breaking spaces as well as regular whitespace as empty, and remove 9 | them when %AutoFormat.RemoveEmpty is enabled. 10 |
11 |12 | See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements 13 | that don't have this behavior applied to them. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeEmbed 2 | TYPE: bool 3 | VERSION: 3.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit embed tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to embed tags. Embed is a proprietary 10 | element and will cause your website to stop validating; you should 11 | see if you can use %Output.FlashCompat with %HTML.SafeObject instead 12 | first.
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Tidy/XHTML.php: -------------------------------------------------------------------------------- 1 | 7 | This directive controls the maximum number of pixels in the width and 8 | height attributes inimg tags. This is
9 | in place to prevent imagecrash attacks, disable with null at your own risk.
10 | This directive is similar to %CSS.MaxImgLength, and both should be
11 | concurrently edited, although there are
12 | subtle differences in the input format (the HTML max is an integer).
13 |
14 | --# vim: et sw=4 sts=4
15 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer/URI/4.13.0,3478238e680361cd87bf880f5b3cc50a1e7abc6c,1.ser:
--------------------------------------------------------------------------------
1 | O:26:"HTMLPurifier_URIDefinition":8:{s:4:"type";s:3:"URI";s:10:"�*�filters";a:2:{s:13:"HostBlacklist";O:36:"HTMLPurifier_URIFilter_HostBlacklist":4:{s:4:"name";s:13:"HostBlacklist";s:12:"�*�blacklist";a:0:{}s:4:"post";b:0;s:11:"always_load";b:0;}s:10:"SafeIframe";O:33:"HTMLPurifier_URIFilter_SafeIframe":4:{s:4:"name";s:10:"SafeIframe";s:11:"always_load";b:1;s:9:"�*�regexp";N;s:4:"post";b:0;}}s:14:"�*�postFilters";a:0:{}s:4:"base";N;s:4:"host";N;s:13:"defaultScheme";s:4:"http";s:5:"setup";b:1;s:9:"optimized";N;}
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer/URI/4.15.0,3478238e680361cd87bf880f5b3cc50a1e7abc6c,1.ser:
--------------------------------------------------------------------------------
1 | O:26:"HTMLPurifier_URIDefinition":8:{s:5:"setup";b:1;s:9:"optimized";N;s:4:"type";s:3:"URI";s:10:"�*�filters";a:2:{s:13:"HostBlacklist";O:36:"HTMLPurifier_URIFilter_HostBlacklist":4:{s:4:"name";s:13:"HostBlacklist";s:4:"post";b:0;s:11:"always_load";b:0;s:12:"�*�blacklist";a:0:{}}s:10:"SafeIframe";O:33:"HTMLPurifier_URIFilter_SafeIframe":4:{s:4:"name";s:10:"SafeIframe";s:4:"post";b:0;s:11:"always_load";b:1;s:9:"�*�regexp";N;}}s:14:"�*�postFilters";a:0:{}s:4:"base";N;s:4:"host";N;s:13:"defaultScheme";s:4:"http";}
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/URIFilter/DisableResources.php:
--------------------------------------------------------------------------------
1 | get('EmbeddedURI', true);
19 | }
20 | }
21 |
22 | // vim: et sw=4 sts=4
23 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt:
--------------------------------------------------------------------------------
1 | Core.EscapeInvalidChildren
2 | TYPE: bool
3 | DEFAULT: false
4 | --DESCRIPTION--
5 | Warning: this configuration option is no longer does anything as of 4.6.0.
6 | 7 |When true, a child is found that is not allowed in the context of the 8 | parent element will be transformed into text as if it were ASCII. When 9 | false, that element and all internal tags will be dropped, though text will 10 | be preserved. There is no option for dropping the element but preserving 11 | child nodes.
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt: -------------------------------------------------------------------------------- 1 | Filter.ExtractStyleBlocks.Escaping 2 | TYPE: bool 3 | VERSION: 3.0.0 4 | DEFAULT: true 5 | ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping 6 | --DESCRIPTION-- 7 | 8 |9 | Whether or not to escape the dangerous characters <, > and & 10 | as \3C, \3E and \26, respectively. This is can be safely set to false 11 | if the contents of StyleBlocks will be placed in an external stylesheet, 12 | where there is no risk of it being interpreted as HTML. 13 |
14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt: -------------------------------------------------------------------------------- 1 | Filter.YouTube 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Warning: Deprecated in favor of %HTML.SafeObject and 8 | %Output.FlashCompat (turn both on to allow YouTube videos and other 9 | Flash content). 10 |
11 |12 | This directive enables YouTube video embedding in HTML Purifier. Check 13 | this document 14 | on embedding videos for more information on what this filter does. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt: -------------------------------------------------------------------------------- 1 | Output.SortAttr 2 | TYPE: bool 3 | VERSION: 3.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | If true, HTML Purifier will sort attributes by name before writing them back
8 | to the document, converting a tag like: <el b="" a="" c="" />
9 | to <el a="" b="" c="" />. This is a workaround for
10 | a bug in FCKeditor which causes it to swap attributes order, adding noise
11 | to text diffs. If you're not seeing this bug, chances are, you don't need
12 | this directive.
13 |
data and file
17 | URI schemes, but they are not enabled by default.
18 | --# vim: et sw=4 sts=4
19 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/Strategy/Core.php:
--------------------------------------------------------------------------------
1 | strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
11 | $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
12 | $this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
13 | $this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
14 | }
15 | }
16 |
17 | // vim: et sw=4 sts=4
18 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/TargetNoopener.php:
--------------------------------------------------------------------------------
1 | addBlankElement('a');
19 | $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_TargetNoopener();
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt:
--------------------------------------------------------------------------------
1 | HTML.DefinitionRev
2 | TYPE: int
3 | VERSION: 2.0.0
4 | DEFAULT: 1
5 | --DESCRIPTION--
6 |
7 | 8 | Revision identifier for your custom definition specified in 9 | %HTML.DefinitionID. This serves the same purpose: uniquely identifying 10 | your custom definition, but this one does so in a chronological 11 | context: revision 3 is more up-to-date then revision 2. Thus, when 12 | this gets incremented, the cache handling is smart enough to clean 13 | up any older revisions of your definition as well as flush the 14 | cache. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Nofollow.php: -------------------------------------------------------------------------------- 1 | addBlankElement('a'); 21 | $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_Nofollow(); 22 | } 23 | } 24 | 25 | // vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt: -------------------------------------------------------------------------------- 1 | Output.FixInnerHTML 2 | TYPE: bool 3 | VERSION: 4.3.0 4 | DEFAULT: true 5 | --DESCRIPTION-- 6 |
7 | If true, HTML Purifier will protect against Internet Explorer's
8 | mishandling of the innerHTML attribute by appending
9 | a space to any attribute that does not contain angled brackets, spaces
10 | or quotes, but contains a backtick. This slightly changes the
11 | semantics of any given attribute, so if this is unacceptable and
12 | you do not use innerHTML on any of your pages, you can
13 | turn this directive off.
14 |
8 | If true, HTML Purifier will add line number information to all tokens. 9 | This is useful when error reporting is turned on, but can result in 10 | significant performance degradation and should not be used when 11 | unnecessary. This directive must be used with the DirectLex lexer, 12 | as the DOMLex lexer does not (yet) support this functionality. 13 | If the value is null, an appropriate value will be selected based 14 | on other configuration. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt: -------------------------------------------------------------------------------- 1 | Core.AggressivelyRemoveScript 2 | TYPE: bool 3 | VERSION: 4.9.0 4 | DEFAULT: true 5 | --DESCRIPTION-- 6 |7 | This directive enables aggressive pre-filter removal of 8 | script tags. This is not necessary for security, 9 | but it can help work around a bug in libxml where embedded 10 | HTML elements inside script sections cause the parser to 11 | choke. To revert to pre-4.9.0 behavior, set this to false. 12 | This directive has no effect if %Core.Trusted is true, 13 | %Core.RemoveScriptContents is false, or %Core.HiddenElements 14 | does not contain script. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt: -------------------------------------------------------------------------------- 1 | HTML.BlockWrapper 2 | TYPE: string 3 | VERSION: 1.3.0 4 | DEFAULT: 'p' 5 | --DESCRIPTION-- 6 | 7 |8 | String name of element to wrap inline elements that are inside a block 9 | context. This only occurs in the children of blockquote in strict mode. 10 |
11 |
12 | Example: by default value,
13 | <blockquote>Foo</blockquote> would become
14 | <blockquote><p>Foo</p></blockquote>.
15 | The <p> tags can be replaced with whatever you desire,
16 | as long as it is a block level element.
17 |
7 | By RFC 1123, underscores are not permitted in host names. 8 | (This is in contrast to the specification for DNS, RFC 9 | 2181, which allows underscores.) 10 | However, most browsers do the right thing when faced with 11 | an underscore in the host name, and so some poorly written 12 | websites are written with the expectation this should work. 13 | Setting this parameter to true relaxes our allowed character 14 | check so that underscores are permitted. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt: -------------------------------------------------------------------------------- 1 | Core.HiddenElements 2 | TYPE: lookup 3 | --DEFAULT-- 4 | array ( 5 | 'script' => true, 6 | 'style' => true, 7 | ) 8 | --DESCRIPTION-- 9 | 10 |
11 | This directive is a lookup array of elements which should have their
12 | contents removed when they are not allowed by the HTML definition.
13 | For example, the contents of a script tag are not
14 | normally shown in a document, so if script tags are to be removed,
15 | their contents should be removed to. This is opposed to a b
16 | tag, which defines some presentational changes but does not hide its
17 | contents.
18 |
8 | If left NULL, HTML Purifier will attempt to instantiate a csstidy
9 | class to use for internal cleaning. This will usually be good enough.
10 |
12 | However, for trusted user input, you can set this to false to
13 | disable cleaning. In addition, you can supply your own concrete implementation
14 | of Tidy's interface to use, although I don't know why you'd want to do that.
15 |
<img src="">.
9 | Be careful enabling this directive if you have a redirector script
10 | that does not use the Location HTTP header; all of your images
11 | and other embedded resources will break.
12 |
13 | 14 | Warning: It is strongly advised you use this in conjunction 15 | %URI.MungeSecretKey to mitigate the security risk of an open redirector. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowedProperties 2 | TYPE: lookup/null 3 | VERSION: 3.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | If HTML Purifier's style attributes set is unsatisfactory for your needs, 9 | you can overload it with your own list of tags to allow. Note that this 10 | method is subtractive: it does its job by taking away from HTML Purifier 11 | usual feature set, so you cannot add an attribute that HTML Purifier never 12 | supported in the first place. 13 |
14 |15 | Warning: If another directive conflicts with the 16 | elements here, that directive will win and override. 17 |
18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt: -------------------------------------------------------------------------------- 1 | CSS.MaxImgLength 2 | TYPE: string/null 3 | DEFAULT: '1200px' 4 | VERSION: 3.1.1 5 | --DESCRIPTION-- 6 |
7 | This parameter sets the maximum allowed length on img tags,
8 | effectively the width and height properties.
9 | Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
10 | in place to prevent imagecrash attacks, disable with null at your own risk.
11 | This directive is similar to %HTML.MaxImgLength, and both should be
12 | concurrently edited, although there are
13 | subtle differences in the input format (the CSS max is a number with
14 | a unit).
15 |
8 | If HTML Purifier's attribute set is unsatisfactory, overload it! 9 | The syntax is "tag.attr" or "*.attr" for the global attributes 10 | (style, id, class, dir, lang, xml:lang). 11 |
12 |13 | Warning: If another directive conflicts with the 14 | elements here, that directive will win and override. For 15 | example, %HTML.EnableAttrID will take precedence over *.id in this 16 | directive. You must set that directive to true before you can use 17 | IDs at all. 18 |
19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIFilter/DisableExternalResources.php: -------------------------------------------------------------------------------- 1 | get('EmbeddedURI', true)) { 19 | return true; 20 | } 21 | return parent::filter($uri, $config, $context); 22 | } 23 | } 24 | 25 | // vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/Textarea.php: -------------------------------------------------------------------------------- 1 | 5 | */ 6 | class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform 7 | { 8 | /** 9 | * @param array $attr 10 | * @param HTMLPurifier_Config $config 11 | * @param HTMLPurifier_Context $context 12 | * @return array 13 | */ 14 | public function transform($attr, $config, $context) 15 | { 16 | // Calculated from Firefox 17 | if (!isset($attr['cols'])) { 18 | $attr['cols'] = '22'; 19 | } 20 | if (!isset($attr['rows'])) { 21 | $attr['rows'] = '3'; 22 | } 23 | return $attr; 24 | } 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.RemoveEmpty.Predicate 2 | TYPE: hash 3 | VERSION: 4.7.0 4 | DEFAULT: array('colgroup' => array(), 'th' => array(), 'td' => array(), 'iframe' => array('src')) 5 | --DESCRIPTION-- 6 |
7 | Given that an element has no contents, it will be removed by default, unless
8 | this predicate dictates otherwise. The predicate can either be an associative
9 | map from tag name to list of attributes that must be present for the element
10 | to be considered preserved: thus, the default always preserves colgroup,
11 | th and td, and also iframe if it
12 | has a src.
13 |
8 | The base URI is the URI of the document this purified HTML will be 9 | inserted into. This information is important if HTML Purifier needs 10 | to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute 11 | is on. You may use a non-absolute URI for this value, but behavior 12 | may vary (%URI.MakeAbsolute deals nicely with both absolute and 13 | relative paths, but forwards-compatibility is not guaranteed). 14 | Warning: If set, the scheme on this URI 15 | overrides the one specified by %URI.DefaultScheme. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt: -------------------------------------------------------------------------------- 1 | Attr.IDPrefixLocal 2 | TYPE: string 3 | VERSION: 1.2.0 4 | DEFAULT: '' 5 | --DESCRIPTION-- 6 | Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you 7 | need to allow multiple sets of user content on web page, you may need to 8 | have a seperate prefix that changes with each iteration. This way, 9 | seperately submitted user content displayed on the same page doesn't 10 | clobber each other. Ideal values are unique identifiers for the content it 11 | represents (i.e. the id of the row in the database). Be sure to add a 12 | seperator (like an underscore) at the end. Warning: this directive will 13 | not work unless %Attr.IDPrefix is set to a non-empty value! 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/SafeObject.php: -------------------------------------------------------------------------------- 1 | 8 | Specifies the number of tokens the DirectLex line number tracking 9 | implementations should process before attempting to resyncronize the 10 | current line count by manually counting all previous new-lines. When 11 | at 0, this functionality is disabled. Lower values will decrease 12 | performance, and this is only strictly necessary if the counting 13 | algorithm is buggy (in which case you should report it as a bug). 14 | This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is 15 | not being used. 16 | 17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt: -------------------------------------------------------------------------------- 1 | HTML.CoreModules 2 | TYPE: lookup 3 | VERSION: 2.0.0 4 | --DEFAULT-- 5 | array ( 6 | 'Structure' => true, 7 | 'Text' => true, 8 | 'Hypertext' => true, 9 | 'List' => true, 10 | 'NonXMLCommonAttributes' => true, 11 | 'XMLCommonAttributes' => true, 12 | 'CommonAttributes' => true, 13 | ) 14 | --DESCRIPTION-- 15 | 16 |17 | Certain modularized doctypes (XHTML, namely), have certain modules 18 | that must be included for the doctype to be an conforming document 19 | type: put those modules here. By default, XHTML's core modules 20 | are used. You can set this to a blank array to disable core module 21 | protection, but this is not recommended. 22 |
23 | --# vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt: -------------------------------------------------------------------------------- 1 | HTML.TidyLevel 2 | TYPE: string 3 | VERSION: 2.0.0 4 | DEFAULT: 'medium' 5 | --DESCRIPTION-- 6 | 7 |General level of cleanliness the Tidy module should enforce. 8 | There are four allowed values:
9 |7 | This directive enables aggressive pre-filter fixes HTML Purifier can 8 | perform in order to ensure that open angled-brackets do not get killed 9 | during parsing stage. Enabling this will result in two preg_replace_callback 10 | calls and at least two preg_replace calls for every HTML document parsed; 11 | if your users make very well-formed HTML, you can set this directive false. 12 | This has no effect when DirectLex is used. 13 |
14 |15 | Notice: This directive's default turned from false to true 16 | in HTML Purifier 3.2.0. 17 |
18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIScheme/nntp.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 27 | $uri->query = null; 28 | return true; 29 | } 30 | } 31 | 32 | // vim: et sw=4 sts=4 33 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Name.php: -------------------------------------------------------------------------------- 1 | addBlankElement($name); 18 | $element->attr['name'] = 'CDATA'; 19 | if (!$config->get('HTML.Attr.Name.UseCDATA')) { 20 | $element->attr_transform_post[] = new HTMLPurifier_AttrTransform_NameSync(); 21 | } 22 | } 23 | } 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/Border.php: -------------------------------------------------------------------------------- 1 | confiscateAttr($attr, 'border'); 20 | // some validation should happen here 21 | $this->prependCSS($attr, "border:{$border_width}px solid;"); 22 | return $attr; 23 | } 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt: -------------------------------------------------------------------------------- 1 | HTML.AllowedCommentsRegexp 2 | TYPE: string/null 3 | VERSION: 4.4.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | A regexp, which if it matches the body of a comment, indicates that 7 | it should be allowed. Trailing and leading spaces are removed prior 8 | to running this regular expression. 9 | Warning: Make sure you specify 10 | correct anchor metacharacters^regex$, otherwise you may accept
11 | comments that you did not mean to! In particular, the regex /foo|bar/
12 | is probably not sufficiently strict, since it also allows foobar.
13 | See also %HTML.AllowedComments (these directives are union'ed together,
14 | so a comment is considered valid if any directive deems it valid.)
15 | --# vim: et sw=4 sts=4
16 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/BgColor.php:
--------------------------------------------------------------------------------
1 | confiscateAttr($attr, 'bgcolor');
21 | // some validation should happen here
22 |
23 | $this->prependCSS($attr, "background-color:$bgcolor;");
24 | return $attr;
25 | }
26 | }
27 |
28 | // vim: et sw=4 sts=4
29 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/URIScheme/http.php:
--------------------------------------------------------------------------------
1 | userinfo = null;
32 | return true;
33 | }
34 | }
35 |
36 | // vim: et sw=4 sts=4
37 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/Background.php:
--------------------------------------------------------------------------------
1 | confiscateAttr($attr, 'background');
21 | // some validation should happen here
22 |
23 | $this->prependCSS($attr, "background-image:url($background);");
24 | return $attr;
25 | }
26 | }
27 |
28 | // vim: et sw=4 sts=4
29 |
--------------------------------------------------------------------------------
/includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt:
--------------------------------------------------------------------------------
1 | HTML.AllowedModules
2 | TYPE: lookup/null
3 | VERSION: 2.0.0
4 | DEFAULT: NULL
5 | --DESCRIPTION--
6 |
7 | 8 | A doctype comes with a set of usual modules to use. Without having 9 | to mucking about with the doctypes, you can quickly activate or 10 | disable these modules by specifying which modules you wish to allow 11 | with this directive. This is most useful for unit testing specific 12 | modules, although end users may find it useful for their own ends. 13 |
14 |15 | If you specify a module that does not exist, the manager will silently 16 | fail to use it, so be careful! User-defined modules are not affected 17 | by this directive. Modules defined in %HTML.CoreModules are not 18 | affected by this directive. 19 |
20 | --# vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt: -------------------------------------------------------------------------------- 1 | Core.Encoding 2 | TYPE: istring 3 | DEFAULT: 'utf-8' 4 | --DESCRIPTION-- 5 | If for some reason you are unable to convert all webpages to UTF-8, you can 6 | use this directive as a stop-gap compatibility change to let HTML Purifier 7 | deal with non UTF-8 input. This technique has notable deficiencies: 8 | absolutely no characters outside of the selected character encoding will be 9 | preserved, not even the ones that have been ampersand escaped (this is due 10 | to a UTF-8 specific feature that automatically resolves all 11 | entities), making it pretty useless for anything except the most I18N-blind 12 | applications, although %Core.EscapeNonASCIICharacters offers fixes this 13 | trouble with another tradeoff. This directive only accepts ISO-8859-1 if 14 | iconv is not enabled. 15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIScheme/news.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 27 | $uri->host = null; 28 | $uri->port = null; 29 | $uri->query = null; 30 | // typecode check needed on path 31 | return true; 32 | } 33 | } 34 | 35 | // vim: et sw=4 sts=4 36 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt: -------------------------------------------------------------------------------- 1 | HTML.ForbiddenElements 2 | TYPE: lookup 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |7 | This was, perhaps, the most requested feature ever in HTML 8 | Purifier. Please don't abuse it! This is the logical inverse of 9 | %HTML.AllowedElements, and it will override that directive, or any 10 | other directive. 11 |
12 |
13 | If possible, %HTML.Allowed is recommended over this directive, because it
14 | can sometimes be difficult to tell whether or not you've forbidden all of
15 | the behavior you would like to disallow. If you forbid img
16 | with the expectation of preventing images on your site, you'll be in for
17 | a nasty surprise when people start using the background-image
18 | CSS property.
19 |
8 | Defines the domain name of the server, so we can determine whether or 9 | an absolute URI is from your website or not. Not strictly necessary, 10 | as users should be using relative URIs to reference resources on your 11 | website. It will, however, let you use absolute URIs to link to 12 | subdomains of the domain you post here: i.e. example.com will allow 13 | sub.example.com. However, higher up domains will still be excluded: 14 | if you set %URI.Host to sub.example.com, example.com will be blocked. 15 | Note: This directive overrides %URI.Base because 16 | a given page may be on a sub-domain, but you wish HTML Purifier to be 17 | more relaxed and allow some of the parent domains too. 18 |
19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/CommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 15 | 0 => array('Style'), 16 | // 'xml:space' => false, 17 | 'class' => 'Class', 18 | 'id' => 'ID', 19 | 'title' => 'CDATA', 20 | 'contenteditable' => 'ContentEditable', 21 | ), 22 | 'Lang' => array(), 23 | 'I18N' => array( 24 | 0 => array('Lang'), // proprietary, for xml:lang/lang 25 | ), 26 | 'Common' => array( 27 | 0 => array('Core', 'I18N') 28 | ) 29 | ); 30 | } 31 | 32 | // vim: et sw=4 sts=4 33 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Tidy/Name.php: -------------------------------------------------------------------------------- 1 | data = $data; 29 | $this->line = $line; 30 | $this->col = $col; 31 | } 32 | 33 | public function toNode() { 34 | return new HTMLPurifier_Node_Comment($this->data, $this->line, $this->col); 35 | } 36 | } 37 | 38 | // vim: et sw=4 sts=4 39 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/StyleAttribute.php: -------------------------------------------------------------------------------- 1 | array('style' => false), // see constructor 21 | 'Core' => array(0 => array('Style')) 22 | ); 23 | 24 | /** 25 | * @param HTMLPurifier_Config $config 26 | */ 27 | public function setup($config) 28 | { 29 | $this->attr_collections['Style']['style'] = new HTMLPurifier_AttrDef_CSS(); 30 | } 31 | } 32 | 33 | // vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php: -------------------------------------------------------------------------------- 1 | 1.0) { 28 | $result = '1'; 29 | } 30 | return $result; 31 | } 32 | } 33 | 34 | // vim: et sw=4 sts=4 35 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/Name.php: -------------------------------------------------------------------------------- 1 | get('HTML.Attr.Name.UseCDATA')) { 19 | return $attr; 20 | } 21 | if (!isset($attr['name'])) { 22 | return $attr; 23 | } 24 | $id = $this->confiscateAttr($attr, 'name'); 25 | if (isset($attr['id'])) { 26 | return $attr; 27 | } 28 | $attr['id'] = $id; 29 | return $attr; 30 | } 31 | } 32 | 33 | // vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt: -------------------------------------------------------------------------------- 1 | Output.TidyFormat 2 | TYPE: bool 3 | VERSION: 1.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Determines whether or not to run Tidy on the final output for pretty 8 | formatting reasons, such as indentation and wrap. 9 |
10 |11 | This can greatly improve readability for editors who are hand-editing 12 | the HTML, but is by no means necessary as HTML Purifier has already 13 | fixed all major errors the HTML may have had. Tidy is a non-default 14 | extension, and this directive will silently fail if Tidy is not 15 | available. 16 |
17 |18 | If you are looking to make the overall look of your page's source 19 | better, I recommend running Tidy on the entire page rather than just 20 | user-content (after all, the indentation relative to the containing 21 | blocks will be incorrect). 22 |
23 | --ALIASES-- 24 | Core.TidyFormat 25 | --# vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php: -------------------------------------------------------------------------------- 1 | " 19 | // that needs more percent encoding to be done 20 | if ($string == '') { 21 | return false; 22 | } 23 | $string = trim($string); 24 | $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); 25 | return $result ? $string : false; 26 | } 27 | } 28 | 29 | // vim: et sw=4 sts=4 30 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt: -------------------------------------------------------------------------------- 1 | HTML.ForbiddenAttributes 2 | TYPE: lookup 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |
7 | While this directive is similar to %HTML.AllowedAttributes, for
8 | forwards-compatibility with XML, this attribute has a different syntax. Instead of
9 | tag.attr, use tag@attr. To disallow href
10 | attributes in a tags, set this directive to
11 | a@href. You can also disallow an attribute globally with
12 | attr or *@attr (either syntax is fine; the latter
13 | is provided for consistency with %HTML.AllowedAttributes).
14 |
16 | Warning: This directive complements %HTML.ForbiddenElements, 17 | accordingly, check 18 | out that directive for a discussion of why you 19 | should think twice before using this directive. 20 |
21 | --# vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "travelers-map", 3 | "version": "2.3.2", 4 | "description": "=== Travelers' Map ===\r Contributors: socrapop\r Donate link: https://www.paypal.me/CamilleVerrier\r Tags: geolocalize, openstreetmap, leaftlet, map, pin, travelers, markers, travel blog\r Requires at least: 4.6\r Tested up to: 5.8.1\r Requires PHP: 5.2.4\r Stable tag: 2.0.1\r License: GPLv3 or later\r License URI: https://www.gnu.org/licenses/gpl-3.0.html\r Version 2.0.1", 5 | "main": "index.js", 6 | "scripts": { 7 | "build": "webpack", 8 | "watch": "webpack --watch" 9 | }, 10 | "repository": { 11 | "type": "git", 12 | "url": "git+https://github.com/Socrapop/travelers-map.git" 13 | }, 14 | "author": "", 15 | "license": "ISC", 16 | "bugs": { 17 | "url": "https://github.com/Socrapop/travelers-map/issues" 18 | }, 19 | "homepage": "https://github.com/Socrapop/travelers-map#readme", 20 | "devDependencies": { 21 | "webpack": "^5.94.0", 22 | "webpack-cli": "^4.10.0" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/Lang.php: -------------------------------------------------------------------------------- 1 | 7 | If HTML Purifier's tag set is unsatisfactory for your needs, you can 8 | overload it with your own list of tags to allow. If you change 9 | this, you probably also want to change %HTML.AllowedAttributes; see 10 | also %HTML.Allowed which lets you set allowed elements and 11 | attributes at the same time. 12 | 13 |14 | If you attempt to allow an element that HTML Purifier does not know 15 | about, HTML Purifier will raise an error. You will need to manually 16 | tell HTML Purifier about this element by using the 17 | advanced customization features. 18 |
19 |20 | Warning: If another directive conflicts with the 21 | elements here, that directive will win and override. 22 |
23 | --# vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier.autoload.php: -------------------------------------------------------------------------------- 1 | 7 | A PCRE regular expression that will be matched against an iframe URI. This is 8 | a relatively inflexible scheme, but works well enough for the most common 9 | use-case of iframes: embedded video. This directive only has an effect if 10 | %HTML.SafeIframe is enabled. Here are some example values: 11 | 12 |%^http://www.youtube.com/embed/% - Allow YouTube videos%^http://player.vimeo.com/video/% - Allow Vimeo videos%^http://(www.youtube.com/embed/|player.vimeo.com/video/)% - Allow both
18 | Note that this directive does not give you enough granularity to, say, disable
19 | all autoplay videos. Pipe up on the HTML Purifier forums if this
20 | is a capability you want.
21 |
8 | This is a preferred convenience directive that combines
9 | %HTML.AllowedElements and %HTML.AllowedAttributes.
10 | Specify elements and attributes that are allowed using:
11 | element1[attr1|attr2],element2.... For example,
12 | if you would like to only allow paragraphs and links, specify
13 | a[href],p. You can specify attributes that apply
14 | to all elements using an asterisk, e.g. *[lang].
15 | You can also use newlines instead of commas to separate elements.
16 |
18 | Warning:
19 | All of the constraints on the component directives are still enforced.
20 | The syntax is a subset of TinyMCE's valid_elements
21 | whitelist: directly copy-pasting it here will probably result in
22 | broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
23 | are set, this directive has no effect.
24 |
7 | This directive enables secure checksum generation along with %URI.Munge. 8 | It should be set to a secure key that is not shared with anyone else. 9 | The checksum can be placed in the URI using %t. Use of this checksum 10 | affords an additional level of protection by allowing a redirector 11 | to check if a URI has passed through HTML Purifier with this line: 12 |
13 | 14 |$checksum === hash_hmac("sha256", $url, $secret_key)
15 |
16 | 17 | If the output is TRUE, the redirector script should accept the URI. 18 |
19 | 20 |21 | Please note that it would still be possible for an attacker to procure 22 | secure hashes en-mass by abusing your website's Preview feature or the 23 | like, but this service affords an additional level of protection 24 | that should be combined with website blacklisting. 25 |
26 | 27 |28 | Remember this has no effect if %URI.Munge is not on. 29 |
30 | --# vim: et sw=4 sts=4 31 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/PropertyListIterator.php: -------------------------------------------------------------------------------- 1 | l = strlen($filter); 26 | $this->filter = $filter; 27 | } 28 | 29 | /** 30 | * @return bool 31 | */ 32 | #[\ReturnTypeWillChange] 33 | public function accept() 34 | { 35 | $key = $this->getInnerIterator()->key(); 36 | if (strncmp($key, $this->filter, $this->l) !== 0) { 37 | return false; 38 | } 39 | return true; 40 | } 41 | } 42 | 43 | // vim: et sw=4 sts=4 44 | -------------------------------------------------------------------------------- /includes/public/css/leaflet.fullscreen.css: -------------------------------------------------------------------------------- 1 | .leaflet-control-fullscreen a { 2 | background:#fff url(../images/fullscreen.png) no-repeat 0 0; 3 | background-size:26px 52px; 4 | } 5 | .leaflet-touch .leaflet-control-fullscreen a { 6 | background-position: 2px 2px; 7 | } 8 | .leaflet-fullscreen-on .leaflet-control-fullscreen a { 9 | background-position:0 -26px; 10 | } 11 | .leaflet-touch.leaflet-fullscreen-on .leaflet-control-fullscreen a { 12 | background-position: 2px -24px; 13 | } 14 | 15 | /* Do not combine these two rules; IE will break. */ 16 | .leaflet-container:-webkit-full-screen { 17 | width:100%!important; 18 | height:100%!important; 19 | } 20 | .leaflet-container.leaflet-fullscreen-on { 21 | width:100%!important; 22 | height:100%!important; 23 | } 24 | 25 | .leaflet-pseudo-fullscreen { 26 | position:fixed!important; 27 | width:100%!important; 28 | height:100%!important; 29 | top:0!important; 30 | left:0!important; 31 | z-index:99999; 32 | } 33 | 34 | @media 35 | (-webkit-min-device-pixel-ratio:2), 36 | (min-resolution:192dpi) { 37 | .leaflet-control-fullscreen a { 38 | background-image:url(../images/fullscreen@2x.png); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Hypertext.php: -------------------------------------------------------------------------------- 1 | addElement( 20 | 'a', 21 | 'Inline', 22 | 'Inline', 23 | 'Common', 24 | array( 25 | // 'accesskey' => 'Character', 26 | // 'charset' => 'Charset', 27 | 'href' => 'URI', 28 | // 'hreflang' => 'LanguageCode', 29 | 'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'), 30 | 'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'), 31 | // 'tabindex' => 'Number', 32 | // 'type' => 'ContentType', 33 | ) 34 | ); 35 | $a->formatting = true; 36 | $a->excludes = array('a' => true); 37 | } 38 | } 39 | 40 | // vim: et sw=4 sts=4 41 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Proprietary.php: -------------------------------------------------------------------------------- 1 | addElement( 20 | 'marquee', 21 | 'Inline', 22 | 'Flow', 23 | 'Common', 24 | array( 25 | 'direction' => 'Enum#left,right,up,down', 26 | 'behavior' => 'Enum#alternate', 27 | 'width' => 'Length', 28 | 'height' => 'Length', 29 | 'scrolldelay' => 'Number', 30 | 'scrollamount' => 'Number', 31 | 'loop' => 'Number', 32 | 'bgcolor' => 'Color', 33 | 'hspace' => 'Pixels', 34 | 'vspace' => 'Pixels', 35 | ) 36 | ); 37 | } 38 | } 39 | 40 | // vim: et sw=4 sts=4 41 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Tidy/Proprietary.php: -------------------------------------------------------------------------------- 1 | name = $name; 22 | $this->cssName = $css_name ? $css_name : $name; 23 | } 24 | 25 | /** 26 | * @param array $attr 27 | * @param HTMLPurifier_Config $config 28 | * @param HTMLPurifier_Context $context 29 | * @return array 30 | */ 31 | public function transform($attr, $config, $context) 32 | { 33 | if (!isset($attr[$this->name])) { 34 | return $attr; 35 | } 36 | $length = $this->confiscateAttr($attr, $this->name); 37 | if (ctype_digit($length)) { 38 | $length .= 'px'; 39 | } 40 | $this->prependCSS($attr, $this->cssName . ":$length;"); 41 | return $attr; 42 | } 43 | } 44 | 45 | // vim: et sw=4 sts=4 46 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/TargetNoopener.php: -------------------------------------------------------------------------------- 1 | ip4) { 25 | $this->_loadRegex(); 26 | } 27 | 28 | if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) { 29 | return $aIP; 30 | } 31 | return false; 32 | } 33 | 34 | /** 35 | * Lazy load function to prevent regex from being stuffed in 36 | * cache. 37 | */ 38 | protected function _loadRegex() 39 | { 40 | $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 41 | $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; 42 | } 43 | } 44 | 45 | // vim: et sw=4 sts=4 46 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/TargetNoreferrer.php: -------------------------------------------------------------------------------- 1 | 8 | This parameter determines what lexer implementation can be used. The 9 | valid values are: 10 | 11 |HTMLPurifier_Lexer.
30 | I may remove this option simply because I don't expect anyone
31 | to use it.
32 | 8 | This directive turns on auto-paragraphing, where double newlines are 9 | converted in to paragraphs whenever possible. Auto-paragraphing: 10 |
11 |
18 | p tags must be allowed for this directive to take effect.
19 | We do not use br tags for paragraphing, as that is
20 | semantically incorrect.
21 |
23 | To prevent auto-paragraphing as a content-producer, refrain from using
24 | double-newlines except to specify a new paragraph or in contexts where
25 | it has special meaning (whitespace usually has no meaning except in
26 | tags like pre, so this should not be difficult.) To prevent
27 | the paragraphing of inline text adjacent to block elements, wrap them
28 | in div tags (the behavior is slightly different outside of
29 | the root node.)
30 |
9 | If you would like users to be able to define external stylesheets, but
10 | only allow them to specify CSS declarations for a specific node and
11 | prevent them from fiddling with other elements, use this directive.
12 | It accepts any valid CSS selector, and will prepend this to any
13 | CSS declaration extracted from the document. For example, if this
14 | directive is set to #user-content and a user uses the
15 | selector a:hover, the final selector will be
16 | #user-content a:hover.
17 |
19 | The comma shorthand may be used; consider the above example, with
20 | #user-content, #user-content2, the final selector will
21 | be #user-content a:hover, #user-content2 a:hover.
22 |
24 | Warning: It is possible for users to bypass this measure 25 | using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML 26 | Purifier, and I am working to get it fixed. Until then, HTML Purifier 27 | performs a basic check to prevent this. 28 |
29 | --# vim: et sw=4 sts=4 30 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/StringHash.php: -------------------------------------------------------------------------------- 1 | accessed[$index] = true; 27 | return parent::offsetGet($index); 28 | } 29 | 30 | /** 31 | * Returns a lookup array of all array indexes that have been accessed. 32 | * @return array in form array($index => true). 33 | */ 34 | public function getAccessed() 35 | { 36 | return $this->accessed; 37 | } 38 | 39 | /** 40 | * Resets the access array. 41 | */ 42 | public function resetAccessed() 43 | { 44 | $this->accessed = array(); 45 | } 46 | } 47 | 48 | // vim: et sw=4 sts=4 49 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php: -------------------------------------------------------------------------------- 1 | true, 21 | 'overline' => true, 22 | 'underline' => true, 23 | ); 24 | 25 | $string = strtolower($this->parseCDATA($string)); 26 | 27 | if ($string === 'none') { 28 | return $string; 29 | } 30 | 31 | $parts = explode(' ', $string); 32 | $final = ''; 33 | foreach ($parts as $part) { 34 | if (isset($allowed_values[$part])) { 35 | $final .= $part . ' '; 36 | } 37 | } 38 | $final = rtrim($final); 39 | if ($final === '') { 40 | return false; 41 | } 42 | return $final; 43 | } 44 | } 45 | 46 | // vim: et sw=4 sts=4 47 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt: -------------------------------------------------------------------------------- 1 | HTML.DefinitionID 2 | TYPE: string/null 3 | DEFAULT: NULL 4 | VERSION: 2.0.0 5 | --DESCRIPTION-- 6 | 7 |8 | Unique identifier for a custom-built HTML definition. If you edit 9 | the raw version of the HTMLDefinition, introducing changes that the 10 | configuration object does not reflect, you must specify this variable. 11 | If you change your custom edits, you should change this directive, or 12 | clear your cache. Example: 13 |
14 |
15 | $config = HTMLPurifier_Config::createDefault();
16 | $config->set('HTML', 'DefinitionID', '1');
17 | $def = $config->getHTMLDefinition();
18 | $def->addAttribute('a', 'tabindex', 'Number');
19 |
20 | 21 | In the above example, the configuration is still at the defaults, but 22 | using the advanced API, an extra attribute has been added. The 23 | configuration object normally has no way of knowing that this change 24 | has taken place, so it needs an extra directive: %HTML.DefinitionID. 25 | If someone else attempts to use the default configuration, these two 26 | pieces of code will not clobber each other in the cache, since one has 27 | an extra directive attached to it. 28 |
29 |30 | You must specify a value to this directive to use the 31 | advanced API features. 32 |
33 | --# vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/TagTransform/Simple.php: -------------------------------------------------------------------------------- 1 | transform_to = $transform_to; 22 | $this->style = $style; 23 | } 24 | 25 | /** 26 | * @param HTMLPurifier_Token_Tag $tag 27 | * @param HTMLPurifier_Config $config 28 | * @param HTMLPurifier_Context $context 29 | * @return string 30 | */ 31 | public function transform($tag, $config, $context) 32 | { 33 | $new_tag = clone $tag; 34 | $new_tag->name = $this->transform_to; 35 | if (!is_null($this->style) && 36 | ($new_tag instanceof HTMLPurifier_Token_Start || $new_tag instanceof HTMLPurifier_Token_Empty) 37 | ) { 38 | $this->prependCSS($new_tag->attr, $this->style); 39 | } 40 | return $new_tag; 41 | } 42 | } 43 | 44 | // vim: et sw=4 sts=4 45 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/NameSync.php: -------------------------------------------------------------------------------- 1 | idDef = new HTMLPurifier_AttrDef_HTML_ID(); 19 | } 20 | 21 | /** 22 | * @param array $attr 23 | * @param HTMLPurifier_Config $config 24 | * @param HTMLPurifier_Context $context 25 | * @return array 26 | */ 27 | public function transform($attr, $config, $context) 28 | { 29 | if (!isset($attr['name'])) { 30 | return $attr; 31 | } 32 | $name = $attr['name']; 33 | if (isset($attr['id']) && $attr['id'] === $name) { 34 | return $attr; 35 | } 36 | $result = $this->idDef->validate($name, $config, $context); 37 | if ($result === false) { 38 | unset($attr['name']); 39 | } else { 40 | $attr['name'] = $result; 41 | } 42 | return $attr; 43 | } 44 | } 45 | 46 | // vim: et sw=4 sts=4 47 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIScheme/tel.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 33 | $uri->host = null; 34 | $uri->port = null; 35 | 36 | // Delete all non-numeric characters, non-x characters 37 | // from phone number, EXCEPT for a leading plus sign. 38 | $uri->path = preg_replace('/(?!^\+)[^\dx]/', '', 39 | // Normalize e(x)tension to lower-case 40 | str_replace('X', 'x', $uri->path)); 41 | 42 | return true; 43 | } 44 | } 45 | 46 | // vim: et sw=4 sts=4 47 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/Printer/CSSDefinition.php: -------------------------------------------------------------------------------- 1 | def = $config->getCSSDefinition(); 17 | $ret = ''; 18 | 19 | $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer')); 20 | $ret .= $this->start('table'); 21 | 22 | $ret .= $this->element('caption', 'Properties ($info)'); 23 | 24 | $ret .= $this->start('thead'); 25 | $ret .= $this->start('tr'); 26 | $ret .= $this->element('th', 'Property', array('class' => 'heavy')); 27 | $ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;')); 28 | $ret .= $this->end('tr'); 29 | $ret .= $this->end('thead'); 30 | 31 | ksort($this->def->info); 32 | foreach ($this->def->info as $property => $obj) { 33 | $name = $this->getClass($obj, 'AttrDef_'); 34 | $ret .= $this->row($property, $name); 35 | } 36 | 37 | $ret .= $this->end('table'); 38 | $ret .= $this->end('div'); 39 | 40 | return $ret; 41 | } 42 | } 43 | 44 | // vim: et sw=4 sts=4 45 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ChildDef/Optional.php: -------------------------------------------------------------------------------- 1 | whitespace) { 36 | return $children; 37 | } else { 38 | return array(); 39 | } 40 | } 41 | return $result; 42 | } 43 | } 44 | 45 | // vim: et sw=4 sts=4 46 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/Iframe.php: -------------------------------------------------------------------------------- 1 | get('HTML.SafeIframe')) { 29 | $this->safe = true; 30 | } 31 | $this->addElement( 32 | 'iframe', 33 | 'Inline', 34 | 'Flow', 35 | 'Common', 36 | array( 37 | 'src' => 'URI#embedded', 38 | 'width' => 'Length', 39 | 'height' => 'Length', 40 | 'name' => 'ID', 41 | 'scrolling' => 'Enum#yes,no,auto', 42 | 'frameborder' => 'Enum#0,1', 43 | 'longdesc' => 'URI', 44 | 'marginheight' => 'Pixels', 45 | 'marginwidth' => 'Pixels', 46 | ) 47 | ); 48 | } 49 | } 50 | 51 | // vim: et sw=4 sts=4 52 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/HTML/Color.php: -------------------------------------------------------------------------------- 1 | get('Core.ColorKeywords'); 20 | } 21 | 22 | $string = trim($string); 23 | 24 | if (empty($string)) { 25 | return false; 26 | } 27 | $lower = strtolower($string); 28 | if (isset($colors[$lower])) { 29 | return $colors[$lower]; 30 | } 31 | if ($string[0] === '#') { 32 | $hex = substr($string, 1); 33 | } else { 34 | $hex = $string; 35 | } 36 | 37 | $length = strlen($hex); 38 | if ($length !== 3 && $length !== 6) { 39 | return false; 40 | } 41 | if (!ctype_xdigit($hex)) { 42 | return false; 43 | } 44 | if ($length === 3) { 45 | $hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2]; 46 | } 47 | return "#$hex"; 48 | } 49 | } 50 | 51 | // vim: et sw=4 sts=4 52 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIFilter/HostBlacklist.php: -------------------------------------------------------------------------------- 1 | blacklist = $config->get('URI.HostBlacklist'); 26 | return true; 27 | } 28 | 29 | /** 30 | * @param HTMLPurifier_URI $uri 31 | * @param HTMLPurifier_Config $config 32 | * @param HTMLPurifier_Context $context 33 | * @return bool 34 | */ 35 | public function filter(&$uri, $config, $context) 36 | { 37 | foreach ($this->blacklist as $blacklisted_host_fragment) { 38 | if ($uri->host !== null && strpos($uri->host, $blacklisted_host_fragment) !== false) { 39 | return false; 40 | } 41 | } 42 | return true; 43 | } 44 | } 45 | 46 | // vim: et sw=4 sts=4 47 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/HTMLModule/SafeScripting.php: -------------------------------------------------------------------------------- 1 | get('HTML.SafeScripting'); 23 | $script = $this->addElement( 24 | 'script', 25 | 'Inline', 26 | 'Optional:', // Not `Empty` to not allow to autoclose the tag @see https://www.w3.org/TR/html4/interact/scripts.html 27 | null, 28 | array( 29 | // While technically not required by the spec, we're forcing 30 | // it to this value. 31 | 'type' => 'Enum#text/javascript', 32 | 'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true) 33 | ) 34 | ); 35 | $script->attr_transform_pre[] = 36 | $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired(); 37 | } 38 | } 39 | 40 | // vim: et sw=4 sts=4 41 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/Strategy/ValidateAttributes.php: -------------------------------------------------------------------------------- 1 | register('CurrentToken', $token); 23 | 24 | foreach ($tokens as $key => $token) { 25 | 26 | // only process tokens that have attributes, 27 | // namely start and empty tags 28 | if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) { 29 | continue; 30 | } 31 | 32 | // skip tokens that are armored 33 | if (!empty($token->armor['ValidateAttributes'])) { 34 | continue; 35 | } 36 | 37 | // note that we have no facilities here for removing tokens 38 | $validator->validateToken($token, $config, $context); 39 | } 40 | $context->destroy('CurrentToken'); 41 | return $tokens; 42 | } 43 | } 44 | 45 | // vim: et sw=4 sts=4 46 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIScheme/file.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 35 | // file:// makes no provisions for accessing the resource 36 | $uri->port = null; 37 | // While it seems to work on Firefox, the querystring has 38 | // no possible effect and is thus stripped. 39 | $uri->query = null; 40 | return true; 41 | } 42 | } 43 | 44 | // vim: et sw=4 sts=4 45 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/Node.php: -------------------------------------------------------------------------------- 1 | array(directive info) 19 | * @type HTMLPurifier_ConfigSchema_Interchange_Directive[] 20 | */ 21 | public $directives = array(); 22 | 23 | /** 24 | * Adds a directive array to $directives 25 | * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive 26 | * @throws HTMLPurifier_ConfigSchema_Exception 27 | */ 28 | public function addDirective($directive) 29 | { 30 | if (isset($this->directives[$i = $directive->id->toString()])) { 31 | throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'"); 32 | } 33 | $this->directives[$i] = $directive; 34 | } 35 | 36 | /** 37 | * Convenience function to perform standard validation. Throws exception 38 | * on failed validation. 39 | */ 40 | public function validate() 41 | { 42 | $validator = new HTMLPurifier_ConfigSchema_Validator(); 43 | return $validator->validate($this); 44 | } 45 | } 46 | 47 | // vim: et sw=4 sts=4 48 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/HTML/Length.php: -------------------------------------------------------------------------------- 1 | 100) { 50 | return '100%'; 51 | } 52 | return ((string)$points) . '%'; 53 | } 54 | } 55 | 56 | // vim: et sw=4 sts=4 57 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php: -------------------------------------------------------------------------------- 1 | directives as $d) { 18 | $schema->add( 19 | $d->id->key, 20 | $d->default, 21 | $d->type, 22 | $d->typeAllowsNull 23 | ); 24 | if ($d->allowed !== null) { 25 | $schema->addAllowedValues( 26 | $d->id->key, 27 | $d->allowed 28 | ); 29 | } 30 | foreach ($d->aliases as $alias) { 31 | $schema->addAlias( 32 | $alias->key, 33 | $d->id->key 34 | ); 35 | } 36 | if ($d->valueAliases !== null) { 37 | $schema->addValueAliases( 38 | $d->id->key, 39 | $d->valueAliases 40 | ); 41 | } 42 | } 43 | $schema->postProcess(); 44 | return $schema; 45 | } 46 | } 47 | 48 | // vim: et sw=4 sts=4 49 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/CSS/Percentage.php: -------------------------------------------------------------------------------- 1 | number_def = new HTMLPurifier_AttrDef_CSS_Number($non_negative); 21 | } 22 | 23 | /** 24 | * @param string $string 25 | * @param HTMLPurifier_Config $config 26 | * @param HTMLPurifier_Context $context 27 | * @return bool|string 28 | */ 29 | public function validate($string, $config, $context) 30 | { 31 | $string = $this->parseCDATA($string); 32 | 33 | if ($string === '') { 34 | return false; 35 | } 36 | $length = strlen($string); 37 | if ($length === 1) { 38 | return false; 39 | } 40 | if ($string[$length - 1] !== '%') { 41 | return false; 42 | } 43 | 44 | $number = substr($string, 0, $length - 1); 45 | $number = $this->number_def->validate($number, $config, $context); 46 | 47 | if ($number === false) { 48 | return false; 49 | } 50 | return "$number%"; 51 | } 52 | } 53 | 54 | // vim: et sw=4 sts=4 55 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/Switch.php: -------------------------------------------------------------------------------- 1 | tag = $tag; 32 | $this->withTag = $with_tag; 33 | $this->withoutTag = $without_tag; 34 | } 35 | 36 | /** 37 | * @param string $string 38 | * @param HTMLPurifier_Config $config 39 | * @param HTMLPurifier_Context $context 40 | * @return bool|string 41 | */ 42 | public function validate($string, $config, $context) 43 | { 44 | $token = $context->get('CurrentToken', true); 45 | if (!$token || $token->name !== $this->tag) { 46 | return $this->withoutTag->validate($string, $config, $context); 47 | } else { 48 | return $this->withTag->validate($string, $config, $context); 49 | } 50 | } 51 | } 52 | 53 | // vim: et sw=4 sts=4 54 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/URIFilter/DisableExternal.php: -------------------------------------------------------------------------------- 1 | getDefinition('URI')->host; 22 | if ($our_host !== null) { 23 | $this->ourHostParts = array_reverse(explode('.', $our_host)); 24 | } 25 | } 26 | 27 | /** 28 | * @param HTMLPurifier_URI $uri Reference 29 | * @param HTMLPurifier_Config $config 30 | * @param HTMLPurifier_Context $context 31 | * @return bool 32 | */ 33 | public function filter(&$uri, $config, $context) 34 | { 35 | if (is_null($uri->host)) { 36 | return true; 37 | } 38 | if ($this->ourHostParts === false) { 39 | return false; 40 | } 41 | $host_parts = array_reverse(explode('.', $uri->host)); 42 | foreach ($this->ourHostParts as $i => $x) { 43 | if (!isset($host_parts[$i])) { 44 | return false; 45 | } 46 | if ($host_parts[$i] != $this->ourHostParts[$i]) { 47 | return false; 48 | } 49 | } 50 | return true; 51 | } 52 | } 53 | 54 | // vim: et sw=4 sts=4 55 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/ImgRequired.php: -------------------------------------------------------------------------------- 1 | get('Core.RemoveInvalidImg')) { 25 | return $attr; 26 | } 27 | $attr['src'] = $config->get('Attr.DefaultInvalidImage'); 28 | $src = false; 29 | } 30 | 31 | if (!isset($attr['alt'])) { 32 | if ($src) { 33 | $alt = $config->get('Attr.DefaultImageAlt'); 34 | if ($alt === null) { 35 | $attr['alt'] = basename($attr['src']); 36 | } else { 37 | $attr['alt'] = $alt; 38 | } 39 | } else { 40 | $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt'); 41 | } 42 | } 43 | return $attr; 44 | } 45 | } 46 | 47 | // vim: et sw=4 sts=4 48 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrTransform/Nofollow.php: -------------------------------------------------------------------------------- 1 | parser = new HTMLPurifier_URIParser(); 19 | } 20 | 21 | /** 22 | * @param array $attr 23 | * @param HTMLPurifier_Config $config 24 | * @param HTMLPurifier_Context $context 25 | * @return array 26 | */ 27 | public function transform($attr, $config, $context) 28 | { 29 | if (!isset($attr['href'])) { 30 | return $attr; 31 | } 32 | 33 | // XXX Kind of inefficient 34 | $url = $this->parser->parse($attr['href']); 35 | $scheme = $url->getSchemeObj($config, $context); 36 | 37 | if ($scheme->browsable && !$url->isLocal($config, $context)) { 38 | if (isset($attr['rel'])) { 39 | $rels = explode(' ', $attr['rel']); 40 | if (!in_array('nofollow', $rels)) { 41 | $rels[] = 'nofollow'; 42 | } 43 | $attr['rel'] = implode(' ', $rels); 44 | } else { 45 | $attr['rel'] = 'nofollow'; 46 | } 47 | } 48 | return $attr; 49 | } 50 | } 51 | 52 | // vim: et sw=4 sts=4 53 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/AttrDef/CSS/Composite.php: -------------------------------------------------------------------------------- 1 | defs = $defs; 28 | } 29 | 30 | /** 31 | * @param string $string 32 | * @param HTMLPurifier_Config $config 33 | * @param HTMLPurifier_Context $context 34 | * @return bool|string 35 | */ 36 | public function validate($string, $config, $context) 37 | { 38 | foreach ($this->defs as $i => $def) { 39 | $result = $this->defs[$i]->validate($string, $config, $context); 40 | if ($result !== false) { 41 | return $result; 42 | } 43 | } 44 | return false; 45 | } 46 | } 47 | 48 | // vim: et sw=4 sts=4 49 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/Token/Text.php: -------------------------------------------------------------------------------- 1 | data = $data; 43 | $this->is_whitespace = ctype_space($data); 44 | $this->line = $line; 45 | $this->col = $col; 46 | } 47 | 48 | public function toNode() { 49 | return new HTMLPurifier_Node_Text($this->data, $this->is_whitespace, $this->line, $this->col); 50 | } 51 | } 52 | 53 | // vim: et sw=4 sts=4 54 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt: -------------------------------------------------------------------------------- 1 | Core.LegacyEntityDecoder 2 | TYPE: bool 3 | VERSION: 4.9.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Prior to HTML Purifier 4.9.0, entities were decoded by performing 8 | a global search replace for all entities whose decoded versions 9 | did not have special meanings under HTML, and replaced them with 10 | their decoded versions. We would match all entities, even if they did 11 | not have a trailing semicolon, but only if there weren't any trailing 12 | alphanumeric characters. 13 |
14 || Original | Text | Attribute |
|---|---|---|
| ¥ | ¥ | ¥ |
| ¥ | ¥ | ¥ |
| ¥a | ¥a | ¥a |
| ¥= | ¥= | ¥= |
22 | In HTML Purifier 4.9.0, we changed the behavior of entity parsing 23 | to match entities that had missing trailing semicolons in less 24 | cases, to more closely match HTML5 parsing behavior: 25 |
26 || Original | Text | Attribute |
|---|---|---|
| ¥ | ¥ | ¥ |
| ¥ | ¥ | ¥ |
| ¥a | ¥a | ¥a |
| ¥= | ¥= | ¥= |
34 | This flag reverts back to pre-HTML Purifier 4.9.0 behavior. 35 |
36 | --# vim: et sw=4 sts=4 37 | -------------------------------------------------------------------------------- /includes/admin/HTMLPurifier/HTMLPurifier/Definition.php: -------------------------------------------------------------------------------- 1 | setup) { 48 | return; 49 | } 50 | $this->setup = true; 51 | $this->doSetup($config); 52 | } 53 | } 54 | 55 | // vim: et sw=4 sts=4 56 | --------------------------------------------------------------------------------