8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt: -------------------------------------------------------------------------------- 1 | URI.DefinitionRev 2 | TYPE: int 3 | VERSION: 2.1.0 4 | DEFAULT: 1 5 | --DESCRIPTION-- 6 | 7 |8 | Revision identifier for your custom definition. See 9 | %HTML.DefinitionRev for details. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /library/HTMLPurifier.path.php: -------------------------------------------------------------------------------- 1 | target=blank attributes are added to all outgoing links. 7 | (This includes links from an HTTPS version of a page to an HTTP version.) 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt: -------------------------------------------------------------------------------- 1 | HTML.XHTML 2 | TYPE: bool 3 | DEFAULT: true 4 | VERSION: 1.1.0 5 | DEPRECATED-VERSION: 1.7.0 6 | DEPRECATED-USE: HTML.Doctype 7 | --DESCRIPTION-- 8 | Determines whether or not output is XHTML 1.0 or HTML 4.01 flavor. 9 | --ALIASES-- 10 | Core.XHTML 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /library/HTMLPurifier/Language/messages/en-x-testmini.php: -------------------------------------------------------------------------------- 1 | 'HTML Purifier XNone' 10 | ); 11 | 12 | // vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt: -------------------------------------------------------------------------------- 1 | CSS.Trusted 2 | TYPE: bool 3 | VERSION: 4.2.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Indicates whether or not the user's CSS input is trusted or not. If the 7 | input is trusted, a more expansive set of allowed properties. See 8 | also %HTML.Trusted. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt: -------------------------------------------------------------------------------- 1 | URI.DefaultScheme 2 | TYPE: string 3 | DEFAULT: 'http' 4 | --DESCRIPTION-- 5 | 6 |7 | Defines through what scheme the output will be served, in order to 8 | select the proper object validator when no scheme information is present. 9 |
10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /library/HTMLPurifier.auto.php: -------------------------------------------------------------------------------- 1 | 8 | Unique identifier for a custom-built URI definition. If you want 9 | to add custom URIFilters, you must specify this value. 10 | 11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /library/HTMLPurifier/Token/Empty.php: -------------------------------------------------------------------------------- 1 | empty = true; 11 | return $n; 12 | } 13 | } 14 | 15 | // vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt: -------------------------------------------------------------------------------- 1 | HTML.Trusted 2 | TYPE: bool 3 | VERSION: 2.0.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Indicates whether or not the user input is trusted or not. If the input is 7 | trusted, a more expansive set of allowed tags and attributes will be used. 8 | See also %CSS.Trusted. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt: -------------------------------------------------------------------------------- 1 | Cache.SerializerPermissions 2 | TYPE: int 3 | VERSION: 4.3.0 4 | DEFAULT: 0755 5 | --DESCRIPTION-- 6 | 7 |8 | Directory permissions of the files and directories created inside 9 | the DefinitionCache/Serializer or other custom serializer path. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeScripting 2 | TYPE: lookup 3 | VERSION: 4.5.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit script tags to external scripts in documents. 8 | Inline scripting is not allowed, and the script must match an explicit whitelist. 9 |
10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt: -------------------------------------------------------------------------------- 1 | Output.FlashCompat 2 | TYPE: bool 3 | VERSION: 4.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | If true, HTML Purifier will generate Internet Explorer compatibility 8 | code for all object code. This is highly recommended if you enable 9 | %HTML.SafeObject. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /deleterules/places.xml: -------------------------------------------------------------------------------- 1 | 2 |
8 | This directive turns on linkification, auto-linking http, ftp and
9 | https URLs. a tags with the href attribute
10 | must be allowed.
11 |
7 | Whether or not to normalize newlines to the operating
8 | system default. When false, HTML Purifier
9 | will attempt to preserve mixed newline files.
10 |
8 | Disables all URIs in all forms. Not sure why you'd want to do that 9 | (after all, the Internet's founded on the notion of a hyperlink). 10 |
11 | 12 | --ALIASES-- 13 | Attr.DisableURI 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultInvalidImageAlt 2 | TYPE: string 3 | DEFAULT: 'Invalid image' 4 | --DESCRIPTION-- 5 | This is the content of the alt tag of an invalid image if the user had not 6 | previously specified an alt attribute. It has no effect when the image is 7 | valid but there was no alt attribute present. 8 | --# vim: et sw=4 sts=4 9 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt: -------------------------------------------------------------------------------- 1 | Attr.DefaultTextDir 2 | TYPE: string 3 | DEFAULT: 'ltr' 4 | --DESCRIPTION-- 5 | Defines the default text direction (ltr or rtl) of the document being 6 | parsed. This generally is the same as the value of the dir attribute in 7 | HTML, or ltr if that is not specified. 8 | --ALLOWED-- 9 | 'ltr', 'rtl' 10 | --# vim: et sw=4 sts=4 11 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt: -------------------------------------------------------------------------------- 1 | Core.EnableIDNA 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.4.0 5 | --DESCRIPTION-- 6 | Allows international domain names in URLs. This configuration option 7 | requires the PEAR Net_IDNA2 module to be installed. It operates by 8 | punycoding any internationalized host names for maximum portability. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveScriptContents 2 | TYPE: bool/null 3 | DEFAULT: NULL 4 | VERSION: 2.0.0 5 | DEPRECATED-VERSION: 2.1.0 6 | DEPRECATED-USE: Core.HiddenElements 7 | --DESCRIPTION-- 8 |9 | This directive enables HTML Purifier to remove not only script tags 10 | but all of their contents. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt: -------------------------------------------------------------------------------- 1 | HTML.FlashAllowFullScreen 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | Whether or not to permit embedded Flash content from
8 | %HTML.SafeObject to expand to the full screen. Corresponds to
9 | the allowFullScreen parameter.
10 |
HTMLPurifier->addFilter()
9 | method. Specify an array of concrete implementations.
10 |
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt:
--------------------------------------------------------------------------------
1 | AutoFormat.Custom
2 | TYPE: list
3 | VERSION: 2.0.1
4 | DEFAULT: array()
5 | --DESCRIPTION--
6 |
7 | 8 | This directive can be used to add custom auto-format injectors. 9 | Specify an array of injector names (class name minus the prefix) 10 | or concrete implementations. Injector class must exist. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt: -------------------------------------------------------------------------------- 1 | Attr.IDBlacklistRegexp 2 | TYPE: string/null 3 | VERSION: 1.6.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | PCRE regular expression to be matched against all IDs. If the expression is 7 | matches, the ID is rejected. Use this with care: may cause significant 8 | degradation. ID matching is done after all other validation. 9 | --# vim: et sw=4 sts=4 10 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt: -------------------------------------------------------------------------------- 1 | HTML.Parent 2 | TYPE: string 3 | VERSION: 1.3.0 4 | DEFAULT: 'div' 5 | --DESCRIPTION-- 6 | 7 |8 | String name of element that HTML fragment passed to library will be 9 | inserted in. An interesting variation would be using span as the 10 | parent element, meaning that only inline tags would be allowed. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /library/HTMLPurifier/URIScheme/https.php: -------------------------------------------------------------------------------- 1 | 7 | This directive causesspan tags without any attributes
8 | to be removed. It will also remove spans that had all attributes
9 | removed during processing.
10 |
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt:
--------------------------------------------------------------------------------
1 | AutoFormat.DisplayLinkURI
2 | TYPE: bool
3 | VERSION: 3.2.0
4 | DEFAULT: false
5 | --DESCRIPTION--
6 | 7 | This directive turns on the in-text display of URIs in <a> tags, and disables 8 | those links. For example, example becomes 9 | example (http://example.com). 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt: -------------------------------------------------------------------------------- 1 | AutoFormat.PurifierLinkify 2 | TYPE: bool 3 | VERSION: 2.0.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |
8 | Internal auto-formatter that converts configuration directives in
9 | syntax %Namespace.Directive to links. a tags
10 | with the href attribute must be allowed.
11 |
7 | Whether or not to allow proprietary elements and attributes in your
8 | documents, as per HTMLPurifier_HTMLModule_Proprietary.
9 | Warning: This can cause your documents to stop
10 | validating!
11 |
8 | Absolute path with no trailing slash to store serialized definitions in. 9 | Default is within the 10 | HTML Purifier library inside DefinitionCache/Serializer. This 11 | path must be writable by the webserver. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveInvalidImg 2 | TYPE: bool 3 | DEFAULT: true 4 | VERSION: 1.3.0 5 | --DESCRIPTION-- 6 | 7 |
8 | This directive enables pre-emptive URI checking in img
9 | tags, as the attribute validation strategy is not authorized to
10 | remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
11 |
8 | Location of configuration documentation to link to, let %s substitute 9 | into the configuration's namespace and directive names sans the percent 10 | sign. 11 |
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowedFonts 2 | TYPE: lookup/null 3 | VERSION: 4.3.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 |
7 | Allows you to manually specify a set of allowed fonts. If
8 | NULL, all fonts are allowed. This directive
9 | affects generic names (serif, sans-serif, monospace, cursive,
10 | fantasy) as well as specific font families.
11 |
8 | Newline string to format final output with. If left null, HTML Purifier 9 | will auto-detect the default newline type of the system and use that; 10 | you can manually override it here. Remember, \r\n is Windows, \r 11 | is Mac, and \n is Unix. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /css/scroller.bootstrap.min.css: -------------------------------------------------------------------------------- 1 | div.DTS{display:block !important}div.DTS tbody th,div.DTS tbody td{white-space:nowrap}div.DTS div.DTS_Loading{z-index:1}div.DTS div.dataTables_scrollBody{ 2 | /*background:repeating-linear-gradient(45deg, #edeeff, #edeeff 10px, #fff 10px, #fff 20px)}*/ 3 | background: #f9f9f9} 4 | div.DTS div.dataTables_scrollBody table{z-index:2}div.DTS div.dataTables_paginate,div.DTS div.dataTables_length{display:none}div.DTS tbody tr.even{background-color:white} -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrDef/URI/Email.php: -------------------------------------------------------------------------------- 1 | li { position: relative; } 9 | } 10 | .@{fa-css-prefix}-li { 11 | position: absolute; 12 | left: -@fa-li-width; 13 | width: @fa-li-width; 14 | top: (2em / 14); 15 | text-align: center; 16 | &.@{fa-css-prefix}-lg { 17 | left: (-@fa-li-width + (4em / 14)); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /css/scss/_list.scss: -------------------------------------------------------------------------------- 1 | // List Icons 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix}-ul { 5 | padding-left: 0; 6 | margin-left: $fa-li-width; 7 | list-style-type: none; 8 | > li { position: relative; } 9 | } 10 | .#{$fa-css-prefix}-li { 11 | position: absolute; 12 | left: -$fa-li-width; 13 | width: $fa-li-width; 14 | top: (2em / 14); 15 | text-align: center; 16 | &.#{$fa-css-prefix}-lg { 17 | left: -$fa-li-width + (4em / 14); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/XMLCommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 15 | 'xml:lang' => 'LanguageCode', 16 | ) 17 | ); 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /deleterules/tmc.xml: -------------------------------------------------------------------------------- 1 | 2 |7 | When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp 8 | are enabled, this directive defines what HTML elements should not be 9 | removede if they have only a non-breaking space in them. 10 |
11 | --# vim: et sw=4 sts=4 12 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt: -------------------------------------------------------------------------------- 1 | Cache.DefinitionImpl 2 | TYPE: string/null 3 | VERSION: 2.0.0 4 | DEFAULT: 'Serializer' 5 | --DESCRIPTION-- 6 | 7 | This directive defines which method to use when caching definitions, 8 | the complex data-type that makes HTML Purifier tick. Set to null 9 | to disable caching (not recommended, as you will see a definite 10 | performance degradation). 11 | 12 | --ALIASES-- 13 | Core.DefinitionCache 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php: -------------------------------------------------------------------------------- 1 | array( 15 | 'lang' => 'LanguageCode', 16 | ) 17 | ); 18 | } 19 | 20 | // vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /css/scss/font-awesome.scss: -------------------------------------------------------------------------------- 1 | /*! 2 | * Font Awesome 4.4.0 by @davegandy - http://fontawesome.io - @fontawesome 3 | * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) 4 | */ 5 | 6 | @import "variables"; 7 | @import "mixins"; 8 | @import "path"; 9 | @import "core"; 10 | @import "larger"; 11 | @import "fixed-width"; 12 | @import "list"; 13 | @import "bordered-pulled"; 14 | @import "animated"; 15 | @import "rotated-flipped"; 16 | @import "stacked"; 17 | @import "icons"; 18 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt: -------------------------------------------------------------------------------- 1 | URI.MakeAbsolute 2 | TYPE: bool 3 | VERSION: 2.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | 7 |8 | Converts all URIs into absolute forms. This is useful when the HTML 9 | being filtered assumes a specific base path, but will actually be 10 | viewed in a different context (and setting an alternate base URI is 11 | not possible). %URI.Base must be set for this directive to work. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeIframe 2 | TYPE: bool 3 | VERSION: 4.4.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit iframe tags in untrusted documents. This 8 | directive must be accompanied by a whitelist of permitted iframes, 9 | such as %URI.SafeIframeRegexp, otherwise it will fatally error. 10 | This directive has no effect on strict doctypes, as iframes are not 11 | valid. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /css/less/core.less: -------------------------------------------------------------------------------- 1 | // Base Class Definition 2 | // ------------------------- 3 | 4 | .@{fa-css-prefix} { 5 | display: inline-block; 6 | font: normal normal normal @fa-font-size-base/@fa-line-height-base FontAwesome; // shortening font declaration 7 | font-size: inherit; // can't have font-size inherit on line above, so need to override 8 | text-rendering: auto; // optimizelegibility throws things off #1094 9 | -webkit-font-smoothing: antialiased; 10 | -moz-osx-font-smoothing: grayscale; 11 | 12 | } 13 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt: -------------------------------------------------------------------------------- 1 | Core.RemoveProcessingInstructions 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 | Instead of escaping processing instructions in the form<? ...
7 | ?>, remove it out-right. This may be useful if the HTML
8 | you are validating contains XML processing instruction gunk, however,
9 | it can also be user-unfriendly for people attempting to post PHP
10 | snippets.
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/css/scss/_core.scss:
--------------------------------------------------------------------------------
1 | // Base Class Definition
2 | // -------------------------
3 |
4 | .#{$fa-css-prefix} {
5 | display: inline-block;
6 | font: normal normal normal #{$fa-font-size-base}/#{$fa-line-height-base} FontAwesome; // shortening font declaration
7 | font-size: inherit; // can't have font-size inherit on line above, so need to override
8 | text-rendering: auto; // optimizelegibility throws things off #1094
9 | -webkit-font-smoothing: antialiased;
10 | -moz-osx-font-smoothing: grayscale;
11 |
12 | }
13 |
--------------------------------------------------------------------------------
/js/npm.js:
--------------------------------------------------------------------------------
1 | // This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment.
2 | require('../../js/transition.js')
3 | require('../../js/alert.js')
4 | require('../../js/button.js')
5 | require('../../js/carousel.js')
6 | require('../../js/collapse.js')
7 | require('../../js/dropdown.js')
8 | require('../../js/modal.js')
9 | require('../../js/tooltip.js')
10 | require('../../js/popover.js')
11 | require('../../js/scrollspy.js')
12 | require('../../js/tab.js')
13 | require('../../js/affix.js')
--------------------------------------------------------------------------------
/lang/bootstrap-datepicker.ru.min.js:
--------------------------------------------------------------------------------
1 | !function(a){a.fn.datepicker.dates.ru={days:["Воскресенье","Понедельник","Вторник","Среда","Четверг","Пятница","Суббота","Воскресенье"],daysShort:["Вск","Пнд","Втр","Срд","Чтв","Птн","Суб","Вск"],daysMin:["Вс","Пн","Вт","Ср","Чт","Пт","Сб","Вс"],months:["Январь","Февраль","Март","Апрель","Май","Июнь","Июль","Август","Сентябрь","Октябрь","Ноябрь","Декабрь"],monthsShort:["Янв","Фев","Мар","Апр","Май","Июн","Июл","Авг","Сен","Окт","Ноя","Дек"],today:"Сегодня",clear:"Очистить",format:"dd.mm.yyyy",weekStart:1}}(jQuery);
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt:
--------------------------------------------------------------------------------
1 | Core.CollectErrors
2 | TYPE: bool
3 | VERSION: 2.0.0
4 | DEFAULT: false
5 | --DESCRIPTION--
6 |
7 | Whether or not to collect errors found while filtering the document. This
8 | is a useful way to give feedback to your users. Warning:
9 | Currently this feature is very patchy and experimental, with lots of
10 | possible error messages not yet implemented. It will not cause any
11 | problems, but it may not help your users either.
12 | --# vim: et sw=4 sts=4
13 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt:
--------------------------------------------------------------------------------
1 | URI.DisableExternal
2 | TYPE: bool
3 | VERSION: 1.2.0
4 | DEFAULT: false
5 | --DESCRIPTION--
6 | Disables links to external websites. This is a highly effective anti-spam
7 | and anti-pagerank-leech measure, but comes at a hefty price: nolinks or
8 | images outside of your domain will be allowed. Non-linkified URIs will
9 | still be preserved. If you want to be able to link to subdomains or use
10 | absolute URIs, specify %URI.Host for your website.
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt:
--------------------------------------------------------------------------------
1 | HTML.SafeObject
2 | TYPE: bool
3 | VERSION: 3.1.1
4 | DEFAULT: false
5 | --DESCRIPTION--
6 | 7 | Whether or not to permit object tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to object tags. You should also enable 10 | %Output.FlashCompat in order to generate Internet Explorer 11 | compatibility code for your object tags. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt: -------------------------------------------------------------------------------- 1 | URI.DisableResources 2 | TYPE: bool 3 | VERSION: 4.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Disables embedding resources, essentially meaning no pictures. You can 8 | still link to them though. See %URI.DisableExternalResources for why 9 | this might be a good idea. 10 |
11 |12 | Note: While this directive has been available since 1.3.0, 13 | it didn't actually start doing anything until 4.2.0. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrDef/Text.php: -------------------------------------------------------------------------------- 1 | parseCDATA($string); 18 | } 19 | } 20 | 21 | // vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /css/less/font-awesome.less: -------------------------------------------------------------------------------- 1 | /*! 2 | * Font Awesome 4.4.0 by @davegandy - http://fontawesome.io - @fontawesome 3 | * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) 4 | */ 5 | 6 | @import "variables.less"; 7 | @import "mixins.less"; 8 | @import "path.less"; 9 | @import "core.less"; 10 | @import "larger.less"; 11 | @import "fixed-width.less"; 12 | @import "list.less"; 13 | @import "bordered-pulled.less"; 14 | @import "animated.less"; 15 | @import "rotated-flipped.less"; 16 | @import "stacked.less"; 17 | @import "icons.less"; 18 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowTricky 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 3.1.0 5 | --DESCRIPTION-- 6 | This parameter determines whether or not to allow "tricky" CSS properties and 7 | values. Tricky CSS properties/values can drastically modify page layout or 8 | be used for deceptive practices but do not directly constitute a security risk. 9 | For example,display:none; is considered a tricky property that
10 | will only be allowed if this directive is set to true.
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt:
--------------------------------------------------------------------------------
1 | Core.ConvertDocumentToFragment
2 | TYPE: bool
3 | DEFAULT: true
4 | --DESCRIPTION--
5 |
6 | This parameter determines whether or not the filter should convert
7 | input that is a full document with html and body tags to a fragment
8 | of just the contents of a body tag. This parameter is simply something
9 | HTML Purifier can do during an edge-case: for most inputs, this
10 | processing is not necessary.
11 |
12 | --ALIASES--
13 | Core.AcceptFullDocuments
14 | --# vim: et sw=4 sts=4
15 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt:
--------------------------------------------------------------------------------
1 | HTML.Doctype
2 | TYPE: string/null
3 | DEFAULT: NULL
4 | --DESCRIPTION--
5 | Doctype to use during filtering. Technically speaking this is not actually
6 | a doctype (as it does not identify a corresponding DTD), but we are using
7 | this name for sake of simplicity. When non-blank, this will override any
8 | older directives like %HTML.XHTML or %HTML.Strict.
9 | --ALLOWED--
10 | 'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
11 | --# vim: et sw=4 sts=4
12 |
--------------------------------------------------------------------------------
/css/less/stacked.less:
--------------------------------------------------------------------------------
1 | // Stacked Icons
2 | // -------------------------
3 |
4 | .@{fa-css-prefix}-stack {
5 | position: relative;
6 | display: inline-block;
7 | width: 2em;
8 | height: 2em;
9 | line-height: 2em;
10 | vertical-align: middle;
11 | }
12 | .@{fa-css-prefix}-stack-1x, .@{fa-css-prefix}-stack-2x {
13 | position: absolute;
14 | left: 0;
15 | width: 100%;
16 | text-align: center;
17 | }
18 | .@{fa-css-prefix}-stack-1x { line-height: inherit; }
19 | .@{fa-css-prefix}-stack-2x { font-size: 2em; }
20 | .@{fa-css-prefix}-inverse { color: @fa-inverse; }
21 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt:
--------------------------------------------------------------------------------
1 | Attr.IDPrefix
2 | TYPE: string
3 | VERSION: 1.2.0
4 | DEFAULT: ''
5 | --DESCRIPTION--
6 | String to prefix to IDs. If you have no idea what IDs your pages may use,
7 | you may opt to simply add a prefix to all user-submitted ID attributes so
8 | that they are still usable, but will not conflict with core page IDs.
9 | Example: setting the directive to 'user_' will result in a user submitted
10 | 'foo' to become 'user_foo' Be sure to set %HTML.EnableAttrID to true
11 | before using this.
12 | --# vim: et sw=4 sts=4
13 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt:
--------------------------------------------------------------------------------
1 | CSS.ForbiddenProperties
2 | TYPE: lookup
3 | VERSION: 4.2.0
4 | DEFAULT: array()
5 | --DESCRIPTION--
6 | 7 | This is the logical inverse of %CSS.AllowedProperties, and it will 8 | override that directive or any other directive. If possible, 9 | %CSS.AllowedProperties is recommended over this directive, 10 | because it can sometimes be difficult to tell whether or not you've 11 | forbidden all of the CSS properties you truly would like to disallow. 12 |
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt: -------------------------------------------------------------------------------- 1 | Core.DisableExcludes 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 4.5.0 5 | --DESCRIPTION-- 6 |
7 | This directive disables SGML-style exclusions, e.g. the exclusion of
8 | <object> in any descendant of a
9 | <pre> tag. Disabling excludes will allow some
10 | invalid documents to pass through HTML Purifier, but HTML Purifier
11 | will also be less likely to accidentally remove large documents during
12 | processing.
13 |
7 | When enabled, HTML Purifier will treat any elements that contain only 8 | non-breaking spaces as well as regular whitespace as empty, and remove 9 | them when %AutoForamt.RemoveEmpty is enabled. 10 |
11 |12 | See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements 13 | that don't have this behavior applied to them. 14 |
15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /css/scss/_stacked.scss: -------------------------------------------------------------------------------- 1 | // Stacked Icons 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix}-stack { 5 | position: relative; 6 | display: inline-block; 7 | width: 2em; 8 | height: 2em; 9 | line-height: 2em; 10 | vertical-align: middle; 11 | } 12 | .#{$fa-css-prefix}-stack-1x, .#{$fa-css-prefix}-stack-2x { 13 | position: absolute; 14 | left: 0; 15 | width: 100%; 16 | text-align: center; 17 | } 18 | .#{$fa-css-prefix}-stack-1x { line-height: inherit; } 19 | .#{$fa-css-prefix}-stack-2x { font-size: 2em; } 20 | .#{$fa-css-prefix}-inverse { color: $fa-inverse; } 21 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt: -------------------------------------------------------------------------------- 1 | HTML.SafeEmbed 2 | TYPE: bool 3 | VERSION: 3.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Whether or not to permit embed tags in documents, with a number of extra 8 | security features added to prevent script execution. This is similar to 9 | what websites like MySpace do to embed tags. Embed is a proprietary 10 | element and will cause your website to stop validating; you should 11 | see if you can use %Output.FlashCompat with %HTML.SafeObject instead 12 | first.
13 | --# vim: et sw=4 sts=4 14 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt: -------------------------------------------------------------------------------- 1 | URI.AllowedSchemes 2 | TYPE: lookup 3 | --DEFAULT-- 4 | array ( 5 | 'http' => true, 6 | 'https' => true, 7 | 'mailto' => true, 8 | 'ftp' => true, 9 | 'nntp' => true, 10 | 'news' => true, 11 | ) 12 | --DESCRIPTION-- 13 | Whitelist that defines the schemes that a URI is allowed to have. This 14 | prevents XSS attacks from using pseudo-schemes like javascript or mocha. 15 | There is also support for thedata and file
16 | URI schemes, but they are not enabled by default.
17 | --# vim: et sw=4 sts=4
18 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/HTMLModule/Tidy/XHTML.php:
--------------------------------------------------------------------------------
1 |
7 | This directive controls the maximum number of pixels in the width and
8 | height attributes in img tags. This is
9 | in place to prevent imagecrash attacks, disable with null at your own risk.
10 | This directive is similar to %CSS.MaxImgLength, and both should be
11 | concurrently edited, although there are
12 | subtle differences in the input format (the HTML max is an integer).
13 |
14 | --# vim: et sw=4 sts=4
15 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/URIFilter/DisableResources.php:
--------------------------------------------------------------------------------
1 | get('EmbeddedURI', true);
19 | }
20 | }
21 |
22 | // vim: et sw=4 sts=4
23 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt:
--------------------------------------------------------------------------------
1 | Core.EscapeInvalidChildren
2 | TYPE: bool
3 | DEFAULT: false
4 | --DESCRIPTION--
5 | Warning: this configuration option is no longer does anything as of 4.6.0.
6 | 7 |When true, a child is found that is not allowed in the context of the 8 | parent element will be transformed into text as if it were ASCII. When 9 | false, that element and all internal tags will be dropped, though text will 10 | be preserved. There is no option for dropping the element but preserving 11 | child nodes.
12 | --# vim: et sw=4 sts=4 13 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt: -------------------------------------------------------------------------------- 1 | Filter.ExtractStyleBlocks.Escaping 2 | TYPE: bool 3 | VERSION: 3.0.0 4 | DEFAULT: true 5 | ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping 6 | --DESCRIPTION-- 7 | 8 |9 | Whether or not to escape the dangerous characters <, > and & 10 | as \3C, \3E and \26, respectively. This is can be safely set to false 11 | if the contents of StyleBlocks will be placed in an external stylesheet, 12 | where there is no risk of it being interpreted as HTML. 13 |
14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt: -------------------------------------------------------------------------------- 1 | Filter.YouTube 2 | TYPE: bool 3 | VERSION: 3.1.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Warning: Deprecated in favor of %HTML.SafeObject and 8 | %Output.FlashCompat (turn both on to allow YouTube videos and other 9 | Flash content). 10 |
11 |12 | This directive enables YouTube video embedding in HTML Purifier. Check 13 | this document 14 | on embedding videos for more information on what this filter does. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt: -------------------------------------------------------------------------------- 1 | Output.SortAttr 2 | TYPE: bool 3 | VERSION: 3.2.0 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |
7 | If true, HTML Purifier will sort attributes by name before writing them back
8 | to the document, converting a tag like: <el b="" a="" c="" />
9 | to <el a="" b="" c="" />. This is a workaround for
10 | a bug in FCKeditor which causes it to swap attributes order, adding noise
11 | to text diffs. If you're not seeing this bug, chances are, you don't need
12 | this directive.
13 |
8 | Revision identifier for your custom definition specified in 9 | %HTML.DefinitionID. This serves the same purpose: uniquely identifying 10 | your custom definition, but this one does so in a chronological 11 | context: revision 3 is more up-to-date then revision 2. Thus, when 12 | this gets incremented, the cache handling is smart enough to clean 13 | up any older revisions of your definition as well as flush the 14 | cache. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Nofollow.php: -------------------------------------------------------------------------------- 1 | addBlankElement('a'); 21 | $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_Nofollow(); 22 | } 23 | } 24 | 25 | // vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt: -------------------------------------------------------------------------------- 1 | Output.FixInnerHTML 2 | TYPE: bool 3 | VERSION: 4.3.0 4 | DEFAULT: true 5 | --DESCRIPTION-- 6 |
7 | If true, HTML Purifier will protect against Internet Explorer's
8 | mishandling of the innerHTML attribute by appending
9 | a space to any attribute that does not contain angled brackets, spaces
10 | or quotes, but contains a backtick. This slightly changes the
11 | semantics of any given attribute, so if this is unacceptable and
12 | you do not use innerHTML on any of your pages, you can
13 | turn this directive off.
14 |
8 | If true, HTML Purifier will add line number information to all tokens. 9 | This is useful when error reporting is turned on, but can result in 10 | significant performance degradation and should not be used when 11 | unnecessary. This directive must be used with the DirectLex lexer, 12 | as the DOMLex lexer does not (yet) support this functionality. 13 | If the value is null, an appropriate value will be selected based 14 | on other configuration. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt: -------------------------------------------------------------------------------- 1 | HTML.BlockWrapper 2 | TYPE: string 3 | VERSION: 1.3.0 4 | DEFAULT: 'p' 5 | --DESCRIPTION-- 6 | 7 |8 | String name of element to wrap inline elements that are inside a block 9 | context. This only occurs in the children of blockquote in strict mode. 10 |
11 |
12 | Example: by default value,
13 | <blockquote>Foo</blockquote> would become
14 | <blockquote><p>Foo</p></blockquote>.
15 | The <p> tags can be replaced with whatever you desire,
16 | as long as it is a block level element.
17 |
7 | By RFC 1123, underscores are not permitted in host names. 8 | (This is in contrast to the specification for DNS, RFC 9 | 2181, which allows underscores.) 10 | However, most browsers do the right thing when faced with 11 | an underscore in the host name, and so some poorly written 12 | websites are written with the expectation this should work. 13 | Setting this parameter to true relaxes our allowed character 14 | check so that underscores are permitted. 15 |
16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt: -------------------------------------------------------------------------------- 1 | Core.HiddenElements 2 | TYPE: lookup 3 | --DEFAULT-- 4 | array ( 5 | 'script' => true, 6 | 'style' => true, 7 | ) 8 | --DESCRIPTION-- 9 | 10 |
11 | This directive is a lookup array of elements which should have their
12 | contents removed when they are not allowed by the HTML definition.
13 | For example, the contents of a script tag are not
14 | normally shown in a document, so if script tags are to be removed,
15 | their contents should be removed to. This is opposed to a b
16 | tag, which defines some presentational changes but does not hide its
17 | contents.
18 |
8 | If left NULL, HTML Purifier will attempt to instantiate a csstidy
9 | class to use for internal cleaning. This will usually be good enough.
10 |
12 | However, for trusted user input, you can set this to false to
13 | disable cleaning. In addition, you can supply your own concrete implementation
14 | of Tidy's interface to use, although I don't know why you'd want to do that.
15 |
<img src="">.
9 | Be careful enabling this directive if you have a redirector script
10 | that does not use the Location HTTP header; all of your images
11 | and other embedded resources will break.
12 |
13 | 14 | Warning: It is strongly advised you use this in conjunction 15 | %URI.MungeSecretKey to mitigate the security risk of an open redirector. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt: -------------------------------------------------------------------------------- 1 | CSS.AllowedProperties 2 | TYPE: lookup/null 3 | VERSION: 3.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | If HTML Purifier's style attributes set is unsatisfactory for your needs, 9 | you can overload it with your own list of tags to allow. Note that this 10 | method is subtractive: it does its job by taking away from HTML Purifier 11 | usual feature set, so you cannot add an attribute that HTML Purifier never 12 | supported in the first place. 13 |
14 |15 | Warning: If another directive conflicts with the 16 | elements here, that directive will win and override. 17 |
18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt: -------------------------------------------------------------------------------- 1 | CSS.MaxImgLength 2 | TYPE: string/null 3 | DEFAULT: '1200px' 4 | VERSION: 3.1.1 5 | --DESCRIPTION-- 6 |
7 | This parameter sets the maximum allowed length on img tags,
8 | effectively the width and height properties.
9 | Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
10 | in place to prevent imagecrash attacks, disable with null at your own risk.
11 | This directive is similar to %HTML.MaxImgLength, and both should be
12 | concurrently edited, although there are
13 | subtle differences in the input format (the CSS max is a number with
14 | a unit).
15 |
8 | If HTML Purifier's attribute set is unsatisfactory, overload it! 9 | The syntax is "tag.attr" or "*.attr" for the global attributes 10 | (style, id, class, dir, lang, xml:lang). 11 |
12 |13 | Warning: If another directive conflicts with the 14 | elements here, that directive will win and override. For 15 | example, %HTML.EnableAttrID will take precedence over *.id in this 16 | directive. You must set that directive to true before you can use 17 | IDs at all. 18 |
19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /library/HTMLPurifier/URIFilter/DisableExternalResources.php: -------------------------------------------------------------------------------- 1 | get('EmbeddedURI', true)) { 19 | return true; 20 | } 21 | return parent::filter($uri, $config, $context); 22 | } 23 | } 24 | 25 | // vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrTransform/Textarea.php: -------------------------------------------------------------------------------- 1 | 5 | */ 6 | class HTMLPurifier_AttrTransform_Textarea extends HTMLPurifier_AttrTransform 7 | { 8 | /** 9 | * @param array $attr 10 | * @param HTMLPurifier_Config $config 11 | * @param HTMLPurifier_Context $context 12 | * @return array 13 | */ 14 | public function transform($attr, $config, $context) 15 | { 16 | // Calculated from Firefox 17 | if (!isset($attr['cols'])) { 18 | $attr['cols'] = '22'; 19 | } 20 | if (!isset($attr['rows'])) { 21 | $attr['rows'] = '3'; 22 | } 23 | return $attr; 24 | } 25 | } 26 | 27 | // vim: et sw=4 sts=4 28 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Target.php: -------------------------------------------------------------------------------- 1 | addBlankElement($name); 21 | $e->attr = array( 22 | 'target' => new HTMLPurifier_AttrDef_HTML_FrameTarget() 23 | ); 24 | } 25 | } 26 | } 27 | 28 | // vim: et sw=4 sts=4 29 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt: -------------------------------------------------------------------------------- 1 | Attr.EnableID 2 | TYPE: bool 3 | DEFAULT: false 4 | VERSION: 1.2.0 5 | --DESCRIPTION-- 6 | Allows the ID attribute in HTML. This is disabled by default due to the 7 | fact that without proper configuration user input can easily break the 8 | validation of a webpage by specifying an ID that is already on the 9 | surrounding HTML. If you don't mind throwing caution to the wind, enable 10 | this directive, but I strongly recommend you also consider blacklisting IDs 11 | you use (%Attr.IDBlacklist) or prefixing all user supplied IDs 12 | (%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of 13 | pre-1.2.0 versions. 14 | --ALIASES-- 15 | HTML.EnableAttrID 16 | --# vim: et sw=4 sts=4 17 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/URI.Base.txt: -------------------------------------------------------------------------------- 1 | URI.Base 2 | TYPE: string/null 3 | VERSION: 2.1.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | The base URI is the URI of the document this purified HTML will be 9 | inserted into. This information is important if HTML Purifier needs 10 | to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute 11 | is on. You may use a non-absolute URI for this value, but behavior 12 | may vary (%URI.MakeAbsolute deals nicely with both absolute and 13 | relative paths, but forwards-compatibility is not guaranteed). 14 | Warning: If set, the scheme on this URI 15 | overrides the one specified by %URI.DefaultScheme. 16 |
17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt: -------------------------------------------------------------------------------- 1 | Attr.IDPrefixLocal 2 | TYPE: string 3 | VERSION: 1.2.0 4 | DEFAULT: '' 5 | --DESCRIPTION-- 6 | Temporary prefix for IDs used in conjunction with %Attr.IDPrefix. If you 7 | need to allow multiple sets of user content on web page, you may need to 8 | have a seperate prefix that changes with each iteration. This way, 9 | seperately submitted user content displayed on the same page doesn't 10 | clobber each other. Ideal values are unique identifiers for the content it 11 | represents (i.e. the id of the row in the database). Be sure to add a 12 | seperator (like an underscore) at the end. Warning: this directive will 13 | not work unless %Attr.IDPrefix is set to a non-empty value! 14 | --# vim: et sw=4 sts=4 15 | -------------------------------------------------------------------------------- /css/scss/_rotated-flipped.scss: -------------------------------------------------------------------------------- 1 | // Rotated & Flipped Icons 2 | // ------------------------- 3 | 4 | .#{$fa-css-prefix}-rotate-90 { @include fa-icon-rotate(90deg, 1); } 5 | .#{$fa-css-prefix}-rotate-180 { @include fa-icon-rotate(180deg, 2); } 6 | .#{$fa-css-prefix}-rotate-270 { @include fa-icon-rotate(270deg, 3); } 7 | 8 | .#{$fa-css-prefix}-flip-horizontal { @include fa-icon-flip(-1, 1, 0); } 9 | .#{$fa-css-prefix}-flip-vertical { @include fa-icon-flip(1, -1, 2); } 10 | 11 | // Hook for IE8-9 12 | // ------------------------- 13 | 14 | :root .#{$fa-css-prefix}-rotate-90, 15 | :root .#{$fa-css-prefix}-rotate-180, 16 | :root .#{$fa-css-prefix}-rotate-270, 17 | :root .#{$fa-css-prefix}-flip-horizontal, 18 | :root .#{$fa-css-prefix}-flip-vertical { 19 | filter: none; 20 | } 21 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrTransform/SafeObject.php: -------------------------------------------------------------------------------- 1 | 8 | Specifies the number of tokens the DirectLex line number tracking 9 | implementations should process before attempting to resyncronize the 10 | current line count by manually counting all previous new-lines. When 11 | at 0, this functionality is disabled. Lower values will decrease 12 | performance, and this is only strictly necessary if the counting 13 | algorithm is buggy (in which case you should report it as a bug). 14 | This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is 15 | not being used. 16 | 17 | --# vim: et sw=4 sts=4 18 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt: -------------------------------------------------------------------------------- 1 | HTML.CoreModules 2 | TYPE: lookup 3 | VERSION: 2.0.0 4 | --DEFAULT-- 5 | array ( 6 | 'Structure' => true, 7 | 'Text' => true, 8 | 'Hypertext' => true, 9 | 'List' => true, 10 | 'NonXMLCommonAttributes' => true, 11 | 'XMLCommonAttributes' => true, 12 | 'CommonAttributes' => true, 13 | ) 14 | --DESCRIPTION-- 15 | 16 |17 | Certain modularized doctypes (XHTML, namely), have certain modules 18 | that must be included for the doctype to be an conforming document 19 | type: put those modules here. By default, XHTML's core modules 20 | are used. You can set this to a blank array to disable core module 21 | protection, but this is not recommended. 22 |
23 | --# vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt: -------------------------------------------------------------------------------- 1 | HTML.TidyLevel 2 | TYPE: string 3 | VERSION: 2.0.0 4 | DEFAULT: 'medium' 5 | --DESCRIPTION-- 6 | 7 |General level of cleanliness the Tidy module should enforce. 8 | There are four allowed values:
9 |7 | This directive enables aggressive pre-filter fixes HTML Purifier can 8 | perform in order to ensure that open angled-brackets do not get killed 9 | during parsing stage. Enabling this will result in two preg_replace_callback 10 | calls and at least two preg_replace calls for every HTML document parsed; 11 | if your users make very well-formed HTML, you can set this directive false. 12 | This has no effect when DirectLex is used. 13 |
14 |15 | Notice: This directive's default turned from false to true 16 | in HTML Purifier 3.2.0. 17 |
18 | --# vim: et sw=4 sts=4 19 | -------------------------------------------------------------------------------- /library/HTMLPurifier/URIScheme/nntp.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 27 | $uri->query = null; 28 | return true; 29 | } 30 | } 31 | 32 | // vim: et sw=4 sts=4 33 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Name.php: -------------------------------------------------------------------------------- 1 | addBlankElement($name); 18 | $element->attr['name'] = 'CDATA'; 19 | if (!$config->get('HTML.Attr.Name.UseCDATA')) { 20 | $element->attr_transform_post[] = new HTMLPurifier_AttrTransform_NameSync(); 21 | } 22 | } 23 | } 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrTransform/Border.php: -------------------------------------------------------------------------------- 1 | confiscateAttr($attr, 'border'); 20 | // some validation should happen here 21 | $this->prependCSS($attr, "border:{$border_width}px solid;"); 22 | return $attr; 23 | } 24 | } 25 | 26 | // vim: et sw=4 sts=4 27 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt: -------------------------------------------------------------------------------- 1 | HTML.AllowedCommentsRegexp 2 | TYPE: string/null 3 | VERSION: 4.4.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | A regexp, which if it matches the body of a comment, indicates that 7 | it should be allowed. Trailing and leading spaces are removed prior 8 | to running this regular expression. 9 | Warning: Make sure you specify 10 | correct anchor metacharacters^regex$, otherwise you may accept
11 | comments that you did not mean to! In particular, the regex /foo|bar/
12 | is probably not sufficiently strict, since it also allows foobar.
13 | See also %HTML.AllowedComments (these directives are union'ed together,
14 | so a comment is considered valid if any directive deems it valid.)
15 | --# vim: et sw=4 sts=4
16 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/AttrTransform/BgColor.php:
--------------------------------------------------------------------------------
1 | confiscateAttr($attr, 'bgcolor');
21 | // some validation should happen here
22 |
23 | $this->prependCSS($attr, "background-color:$bgcolor;");
24 | return $attr;
25 | }
26 | }
27 |
28 | // vim: et sw=4 sts=4
29 |
--------------------------------------------------------------------------------
/css/less/path.less:
--------------------------------------------------------------------------------
1 | /* FONT PATH
2 | * -------------------------- */
3 |
4 | @font-face {
5 | font-family: 'FontAwesome';
6 | src: url('@{fa-font-path}/fontawesome-webfont.eot?v=@{fa-version}');
7 | src: url('@{fa-font-path}/fontawesome-webfont.eot?#iefix&v=@{fa-version}') format('embedded-opentype'),
8 | url('@{fa-font-path}/fontawesome-webfont.woff2?v=@{fa-version}') format('woff2'),
9 | url('@{fa-font-path}/fontawesome-webfont.woff?v=@{fa-version}') format('woff'),
10 | url('@{fa-font-path}/fontawesome-webfont.ttf?v=@{fa-version}') format('truetype'),
11 | url('@{fa-font-path}/fontawesome-webfont.svg?v=@{fa-version}#fontawesomeregular') format('svg');
12 | // src: url('@{fa-font-path}/FontAwesome.otf') format('opentype'); // used when developing fonts
13 | font-weight: normal;
14 | font-style: normal;
15 | }
16 |
--------------------------------------------------------------------------------
/css/scss/_path.scss:
--------------------------------------------------------------------------------
1 | /* FONT PATH
2 | * -------------------------- */
3 |
4 | @font-face {
5 | font-family: 'FontAwesome';
6 | src: url('#{$fa-font-path}/fontawesome-webfont.eot?v=#{$fa-version}');
7 | src: url('#{$fa-font-path}/fontawesome-webfont.eot?#iefix&v=#{$fa-version}') format('embedded-opentype'),
8 | url('#{$fa-font-path}/fontawesome-webfont.woff2?v=#{$fa-version}') format('woff2'),
9 | url('#{$fa-font-path}/fontawesome-webfont.woff?v=#{$fa-version}') format('woff'),
10 | url('#{$fa-font-path}/fontawesome-webfont.ttf?v=#{$fa-version}') format('truetype'),
11 | url('#{$fa-font-path}/fontawesome-webfont.svg?v=#{$fa-version}#fontawesomeregular') format('svg');
12 | // src: url('#{$fa-font-path}/FontAwesome.otf') format('opentype'); // used when developing fonts
13 | font-weight: normal;
14 | font-style: normal;
15 | }
16 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/HTMLModule/CommonAttributes.php:
--------------------------------------------------------------------------------
1 | array(
15 | 0 => array('Style'),
16 | // 'xml:space' => false,
17 | 'class' => 'Class',
18 | 'id' => 'ID',
19 | 'title' => 'CDATA',
20 | ),
21 | 'Lang' => array(),
22 | 'I18N' => array(
23 | 0 => array('Lang'), // proprietary, for xml:lang/lang
24 | ),
25 | 'Common' => array(
26 | 0 => array('Core', 'I18N')
27 | )
28 | );
29 | }
30 |
31 | // vim: et sw=4 sts=4
32 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/URIScheme/http.php:
--------------------------------------------------------------------------------
1 | userinfo = null;
32 | return true;
33 | }
34 | }
35 |
36 | // vim: et sw=4 sts=4
37 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/AttrTransform/Background.php:
--------------------------------------------------------------------------------
1 | confiscateAttr($attr, 'background');
21 | // some validation should happen here
22 |
23 | $this->prependCSS($attr, "background-image:url($background);");
24 | return $attr;
25 | }
26 | }
27 |
28 | // vim: et sw=4 sts=4
29 |
--------------------------------------------------------------------------------
/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt:
--------------------------------------------------------------------------------
1 | HTML.AllowedModules
2 | TYPE: lookup/null
3 | VERSION: 2.0.0
4 | DEFAULT: NULL
5 | --DESCRIPTION--
6 |
7 | 8 | A doctype comes with a set of usual modules to use. Without having 9 | to mucking about with the doctypes, you can quickly activate or 10 | disable these modules by specifying which modules you wish to allow 11 | with this directive. This is most useful for unit testing specific 12 | modules, although end users may find it useful for their own ends. 13 |
14 |15 | If you specify a module that does not exist, the manager will silently 16 | fail to use it, so be careful! User-defined modules are not affected 17 | by this directive. Modules defined in %HTML.CoreModules are not 18 | affected by this directive. 19 |
20 | --# vim: et sw=4 sts=4 21 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt: -------------------------------------------------------------------------------- 1 | Core.Encoding 2 | TYPE: istring 3 | DEFAULT: 'utf-8' 4 | --DESCRIPTION-- 5 | If for some reason you are unable to convert all webpages to UTF-8, you can 6 | use this directive as a stop-gap compatibility change to let HTML Purifier 7 | deal with non UTF-8 input. This technique has notable deficiencies: 8 | absolutely no characters outside of the selected character encoding will be 9 | preserved, not even the ones that have been ampersand escaped (this is due 10 | to a UTF-8 specific feature that automatically resolves all 11 | entities), making it pretty useless for anything except the most I18N-blind 12 | applications, although %Core.EscapeNonASCIICharacters offers fixes this 13 | trouble with another tradeoff. This directive only accepts ISO-8859-1 if 14 | iconv is not enabled. 15 | --# vim: et sw=4 sts=4 16 | -------------------------------------------------------------------------------- /css/less/animated.less: -------------------------------------------------------------------------------- 1 | // Animated Icons 2 | // -------------------------- 3 | 4 | .@{fa-css-prefix}-spin { 5 | -webkit-animation: fa-spin 2s infinite linear; 6 | animation: fa-spin 2s infinite linear; 7 | } 8 | 9 | .@{fa-css-prefix}-pulse { 10 | -webkit-animation: fa-spin 1s infinite steps(8); 11 | animation: fa-spin 1s infinite steps(8); 12 | } 13 | 14 | @-webkit-keyframes fa-spin { 15 | 0% { 16 | -webkit-transform: rotate(0deg); 17 | transform: rotate(0deg); 18 | } 19 | 100% { 20 | -webkit-transform: rotate(359deg); 21 | transform: rotate(359deg); 22 | } 23 | } 24 | 25 | @keyframes fa-spin { 26 | 0% { 27 | -webkit-transform: rotate(0deg); 28 | transform: rotate(0deg); 29 | } 30 | 100% { 31 | -webkit-transform: rotate(359deg); 32 | transform: rotate(359deg); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /css/scss/_animated.scss: -------------------------------------------------------------------------------- 1 | // Spinning Icons 2 | // -------------------------- 3 | 4 | .#{$fa-css-prefix}-spin { 5 | -webkit-animation: fa-spin 2s infinite linear; 6 | animation: fa-spin 2s infinite linear; 7 | } 8 | 9 | .#{$fa-css-prefix}-pulse { 10 | -webkit-animation: fa-spin 1s infinite steps(8); 11 | animation: fa-spin 1s infinite steps(8); 12 | } 13 | 14 | @-webkit-keyframes fa-spin { 15 | 0% { 16 | -webkit-transform: rotate(0deg); 17 | transform: rotate(0deg); 18 | } 19 | 100% { 20 | -webkit-transform: rotate(359deg); 21 | transform: rotate(359deg); 22 | } 23 | } 24 | 25 | @keyframes fa-spin { 26 | 0% { 27 | -webkit-transform: rotate(0deg); 28 | transform: rotate(0deg); 29 | } 30 | 100% { 31 | -webkit-transform: rotate(359deg); 32 | transform: rotate(359deg); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt: -------------------------------------------------------------------------------- 1 | Core.ColorKeywords 2 | TYPE: hash 3 | VERSION: 2.0.0 4 | --DEFAULT-- 5 | array ( 6 | 'maroon' => '#800000', 7 | 'red' => '#FF0000', 8 | 'orange' => '#FFA500', 9 | 'yellow' => '#FFFF00', 10 | 'olive' => '#808000', 11 | 'purple' => '#800080', 12 | 'fuchsia' => '#FF00FF', 13 | 'white' => '#FFFFFF', 14 | 'lime' => '#00FF00', 15 | 'green' => '#008000', 16 | 'navy' => '#000080', 17 | 'blue' => '#0000FF', 18 | 'aqua' => '#00FFFF', 19 | 'teal' => '#008080', 20 | 'black' => '#000000', 21 | 'silver' => '#C0C0C0', 22 | 'gray' => '#808080', 23 | ) 24 | --DESCRIPTION-- 25 | 26 | Lookup array of color names to six digit hexadecimal number corresponding 27 | to color, with preceding hash mark. Used when parsing colors. The lookup 28 | is done in a case-insensitive manner. 29 | --# vim: et sw=4 sts=4 30 | -------------------------------------------------------------------------------- /library/HTMLPurifier/URIScheme/news.php: -------------------------------------------------------------------------------- 1 | userinfo = null; 27 | $uri->host = null; 28 | $uri->port = null; 29 | $uri->query = null; 30 | // typecode check needed on path 31 | return true; 32 | } 33 | } 34 | 35 | // vim: et sw=4 sts=4 36 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt: -------------------------------------------------------------------------------- 1 | HTML.ForbiddenElements 2 | TYPE: lookup 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |7 | This was, perhaps, the most requested feature ever in HTML 8 | Purifier. Please don't abuse it! This is the logical inverse of 9 | %HTML.AllowedElements, and it will override that directive, or any 10 | other directive. 11 |
12 |
13 | If possible, %HTML.Allowed is recommended over this directive, because it
14 | can sometimes be difficult to tell whether or not you've forbidden all of
15 | the behavior you would like to disallow. If you forbid img
16 | with the expectation of preventing images on your site, you'll be in for
17 | a nasty surprise when people start using the background-image
18 | CSS property.
19 |
8 | Defines the domain name of the server, so we can determine whether or 9 | an absolute URI is from your website or not. Not strictly necessary, 10 | as users should be using relative URIs to reference resources on your 11 | website. It will, however, let you use absolute URIs to link to 12 | subdomains of the domain you post here: i.e. example.com will allow 13 | sub.example.com. However, higher up domains will still be excluded: 14 | if you set %URI.Host to sub.example.com, example.com will be blocked. 15 | Note: This directive overrides %URI.Base because 16 | a given page may be on a sub-domain, but you wish HTML Purifier to be 17 | more relaxed and allow some of the parent domains too. 18 |
19 | --# vim: et sw=4 sts=4 20 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Tidy/Name.php: -------------------------------------------------------------------------------- 1 | data = $data; 29 | $this->line = $line; 30 | $this->col = $col; 31 | } 32 | 33 | public function toNode() { 34 | return new HTMLPurifier_Node_Comment($this->data, $this->line, $this->col); 35 | } 36 | } 37 | 38 | // vim: et sw=4 sts=4 39 | -------------------------------------------------------------------------------- /js/buttons.bootstrap.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | Bootstrap integration for DataTables' Buttons 3 | ©2016 SpryMedia Ltd - datatables.net/license 4 | */ 5 | (function(c){"function"===typeof define&&define.amd?define(["jquery","datatables.net-bs","datatables.net-buttons"],function(a){return c(a,window,document)}):"object"===typeof exports?module.exports=function(a,b){a||(a=window);if(!b||!b.fn.dataTable)b=require("datatables.net-bs")(a,b).$;b.fn.dataTable.Buttons||require("datatables.net-buttons")(a,b);return c(b,a,a.document)}:c(jQuery,window,document)})(function(c){var a=c.fn.dataTable;c.extend(!0,a.Buttons.defaults,{dom:{container:{className:"dt-buttons btn-group"}, 6 | button:{className:"btn btn-default"},collection:{tag:"ul",className:"dt-button-collection dropdown-menu",button:{tag:"li",className:"dt-button"},buttonLiner:{tag:"a",className:""}}}});a.ext.buttons.collection.text=function(a){return a.i18n("buttons.collection",'Collection ')};return a.Buttons}); 7 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/StyleAttribute.php: -------------------------------------------------------------------------------- 1 | array('style' => false), // see constructor 21 | 'Core' => array(0 => array('Style')) 22 | ); 23 | 24 | /** 25 | * @param HTMLPurifier_Config $config 26 | */ 27 | public function setup($config) 28 | { 29 | $this->attr_collections['Style']['style'] = new HTMLPurifier_AttrDef_CSS(); 30 | } 31 | } 32 | 33 | // vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /sys/uploaddocuments.php: -------------------------------------------------------------------------------- 1 | "$userfile_name"); 21 | $stmt = $dbConnection->prepare ("INSERT INTO files_documents (id,filename,userfreandlyfilename,file_ext) VALUES (null,:userfile_name,:orig_file,:ext)"); 22 | $stmt->execute(array(':userfile_name' => $userfile_name, ':orig_file' => $orig_file, ':ext' => $ext)); 23 | 24 | } else { $rs = array("msg" => 'error'); }; 25 | echo json_encode($rs); 26 | } 27 | ?> -------------------------------------------------------------------------------- /library/HTMLPurifier.autoload.php: -------------------------------------------------------------------------------- 1 | 1.0) { 28 | $result = '1'; 29 | } 30 | return $result; 31 | } 32 | } 33 | 34 | // vim: et sw=4 sts=4 35 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrTransform/Name.php: -------------------------------------------------------------------------------- 1 | get('HTML.Attr.Name.UseCDATA')) { 19 | return $attr; 20 | } 21 | if (!isset($attr['name'])) { 22 | return $attr; 23 | } 24 | $id = $this->confiscateAttr($attr, 'name'); 25 | if (isset($attr['id'])) { 26 | return $attr; 27 | } 28 | $attr['id'] = $id; 29 | return $attr; 30 | } 31 | } 32 | 33 | // vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt: -------------------------------------------------------------------------------- 1 | Output.TidyFormat 2 | TYPE: bool 3 | VERSION: 1.1.1 4 | DEFAULT: false 5 | --DESCRIPTION-- 6 |7 | Determines whether or not to run Tidy on the final output for pretty 8 | formatting reasons, such as indentation and wrap. 9 |
10 |11 | This can greatly improve readability for editors who are hand-editing 12 | the HTML, but is by no means necessary as HTML Purifier has already 13 | fixed all major errors the HTML may have had. Tidy is a non-default 14 | extension, and this directive will silently fail if Tidy is not 15 | available. 16 |
17 |18 | If you are looking to make the overall look of your page's source 19 | better, I recommend running Tidy on the entire page rather than just 20 | user-content (after all, the indentation relative to the containing 21 | blocks will be incorrect). 22 |
23 | --ALIASES-- 24 | Core.TidyFormat 25 | --# vim: et sw=4 sts=4 26 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php: -------------------------------------------------------------------------------- 1 | " 19 | // that needs more percent encoding to be done 20 | if ($string == '') { 21 | return false; 22 | } 23 | $string = trim($string); 24 | $result = preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $string); 25 | return $result ? $string : false; 26 | } 27 | } 28 | 29 | // vim: et sw=4 sts=4 30 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt: -------------------------------------------------------------------------------- 1 | HTML.ForbiddenAttributes 2 | TYPE: lookup 3 | VERSION: 3.1.0 4 | DEFAULT: array() 5 | --DESCRIPTION-- 6 |
7 | While this directive is similar to %HTML.AllowedAttributes, for
8 | forwards-compatibility with XML, this attribute has a different syntax. Instead of
9 | tag.attr, use tag@attr. To disallow href
10 | attributes in a tags, set this directive to
11 | a@href. You can also disallow an attribute globally with
12 | attr or *@attr (either syntax is fine; the latter
13 | is provided for consistency with %HTML.AllowedAttributes).
14 |
16 | Warning: This directive complements %HTML.ForbiddenElements, 17 | accordingly, check 18 | out that directive for a discussion of why you 19 | should think twice before using this directive. 20 |
21 | --# vim: et sw=4 sts=4 22 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrTransform/Lang.php: -------------------------------------------------------------------------------- 1 | 7 | If HTML Purifier's tag set is unsatisfactory for your needs, you can 8 | overload it with your own list of tags to allow. If you change 9 | this, you probably also want to change %HTML.AllowedAttributes; see 10 | also %HTML.Allowed which lets you set allowed elements and 11 | attributes at the same time. 12 | 13 |14 | If you attempt to allow an element that HTML Purifier does not know 15 | about, HTML Purifier will raise an error. You will need to manually 16 | tell HTML Purifier about this element by using the 17 | advanced customization features. 18 |
19 |20 | Warning: If another directive conflicts with the 21 | elements here, that directive will win and override. 22 |
23 | --# vim: et sw=4 sts=4 24 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt: -------------------------------------------------------------------------------- 1 | URI.SafeIframeRegexp 2 | TYPE: string/null 3 | VERSION: 4.4.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 |7 | A PCRE regular expression that will be matched against an iframe URI. This is 8 | a relatively inflexible scheme, but works well enough for the most common 9 | use-case of iframes: embedded video. This directive only has an effect if 10 | %HTML.SafeIframe is enabled. Here are some example values: 11 |
12 |%^http://www.youtube.com/embed/% - Allow YouTube videos%^http://player.vimeo.com/video/% - Allow Vimeo videos%^http://(www.youtube.com/embed/|player.vimeo.com/video/)% - Allow both
18 | Note that this directive does not give you enough granularity to, say, disable
19 | all autoplay videos. Pipe up on the HTML Purifier forums if this
20 | is a capability you want.
21 |
8 | This is a preferred convenience directive that combines
9 | %HTML.AllowedElements and %HTML.AllowedAttributes.
10 | Specify elements and attributes that are allowed using:
11 | element1[attr1|attr2],element2.... For example,
12 | if you would like to only allow paragraphs and links, specify
13 | a[href],p. You can specify attributes that apply
14 | to all elements using an asterisk, e.g. *[lang].
15 | You can also use newlines instead of commas to separate elements.
16 |
18 | Warning:
19 | All of the constraints on the component directives are still enforced.
20 | The syntax is a subset of TinyMCE's valid_elements
21 | whitelist: directly copy-pasting it here will probably result in
22 | broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
23 | are set, this directive has no effect.
24 |
7 | This directive enables secure checksum generation along with %URI.Munge. 8 | It should be set to a secure key that is not shared with anyone else. 9 | The checksum can be placed in the URI using %t. Use of this checksum 10 | affords an additional level of protection by allowing a redirector 11 | to check if a URI has passed through HTML Purifier with this line: 12 |
13 | 14 |$checksum === hash_hmac("sha256", $url, $secret_key)
15 |
16 | 17 | If the output is TRUE, the redirector script should accept the URI. 18 |
19 | 20 |21 | Please note that it would still be possible for an attacker to procure 22 | secure hashes en-mass by abusing your website's Preview feature or the 23 | like, but this service affords an additional level of protection 24 | that should be combined with website blacklisting. 25 |
26 | 27 |28 | Remember this has no effect if %URI.Munge is not on. 29 |
30 | --# vim: et sw=4 sts=4 31 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrDef/HTML/Bool.php: -------------------------------------------------------------------------------- 1 | name = $name; 25 | } 26 | 27 | /** 28 | * @param string $string 29 | * @param HTMLPurifier_Config $config 30 | * @param HTMLPurifier_Context $context 31 | * @return bool|string 32 | */ 33 | public function validate($string, $config, $context) 34 | { 35 | if (empty($string)) { 36 | return false; 37 | } 38 | return $this->name; 39 | } 40 | 41 | /** 42 | * @param string $string Name of attribute 43 | * @return HTMLPurifier_AttrDef_HTML_Bool 44 | */ 45 | public function make($string) 46 | { 47 | return new HTMLPurifier_AttrDef_HTML_Bool($string); 48 | } 49 | } 50 | 51 | // vim: et sw=4 sts=4 52 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Hypertext.php: -------------------------------------------------------------------------------- 1 | addElement( 20 | 'a', 21 | 'Inline', 22 | 'Inline', 23 | 'Common', 24 | array( 25 | // 'accesskey' => 'Character', 26 | // 'charset' => 'Charset', 27 | 'href' => 'URI', 28 | // 'hreflang' => 'LanguageCode', 29 | 'rel' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rel'), 30 | 'rev' => new HTMLPurifier_AttrDef_HTML_LinkTypes('rev'), 31 | // 'tabindex' => 'Number', 32 | // 'type' => 'ContentType', 33 | ) 34 | ); 35 | $a->formatting = true; 36 | $a->excludes = array('a' => true); 37 | } 38 | } 39 | 40 | // vim: et sw=4 sts=4 41 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Proprietary.php: -------------------------------------------------------------------------------- 1 | addElement( 20 | 'marquee', 21 | 'Inline', 22 | 'Flow', 23 | 'Common', 24 | array( 25 | 'direction' => 'Enum#left,right,up,down', 26 | 'behavior' => 'Enum#alternate', 27 | 'width' => 'Length', 28 | 'height' => 'Length', 29 | 'scrolldelay' => 'Number', 30 | 'scrollamount' => 'Number', 31 | 'loop' => 'Number', 32 | 'bgcolor' => 'Color', 33 | 'hspace' => 'Pixels', 34 | 'vspace' => 'Pixels', 35 | ) 36 | ); 37 | } 38 | } 39 | 40 | // vim: et sw=4 sts=4 41 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Tidy/Proprietary.php: -------------------------------------------------------------------------------- 1 | name = $name; 22 | $this->cssName = $css_name ? $css_name : $name; 23 | } 24 | 25 | /** 26 | * @param array $attr 27 | * @param HTMLPurifier_Config $config 28 | * @param HTMLPurifier_Context $context 29 | * @return array 30 | */ 31 | public function transform($attr, $config, $context) 32 | { 33 | if (!isset($attr[$this->name])) { 34 | return $attr; 35 | } 36 | $length = $this->confiscateAttr($attr, $this->name); 37 | if (ctype_digit($length)) { 38 | $length .= 'px'; 39 | } 40 | $this->prependCSS($attr, $this->cssName . ":$length;"); 41 | return $attr; 42 | } 43 | } 44 | 45 | // vim: et sw=4 sts=4 46 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrDef/URI/IPv4.php: -------------------------------------------------------------------------------- 1 | ip4) { 25 | $this->_loadRegex(); 26 | } 27 | 28 | if (preg_match('#^' . $this->ip4 . '$#s', $aIP)) { 29 | return $aIP; 30 | } 31 | return false; 32 | } 33 | 34 | /** 35 | * Lazy load function to prevent regex from being stuffed in 36 | * cache. 37 | */ 38 | protected function _loadRegex() 39 | { 40 | $oct = '(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])'; // 0-255 41 | $this->ip4 = "(?:{$oct}\\.{$oct}\\.{$oct}\\.{$oct})"; 42 | } 43 | } 44 | 45 | // vim: et sw=4 sts=4 46 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt: -------------------------------------------------------------------------------- 1 | Core.LexerImpl 2 | TYPE: mixed/null 3 | VERSION: 2.0.0 4 | DEFAULT: NULL 5 | --DESCRIPTION-- 6 | 7 |8 | This parameter determines what lexer implementation can be used. The 9 | valid values are: 10 |
11 |HTMLPurifier_Lexer.
30 | I may remove this option simply because I don't expect anyone
31 | to use it.
32 | 8 | This directive turns on auto-paragraphing, where double newlines are 9 | converted in to paragraphs whenever possible. Auto-paragraphing: 10 |
11 |
18 | p tags must be allowed for this directive to take effect.
19 | We do not use br tags for paragraphing, as that is
20 | semantically incorrect.
21 |
23 | To prevent auto-paragraphing as a content-producer, refrain from using
24 | double-newlines except to specify a new paragraph or in contexts where
25 | it has special meaning (whitespace usually has no meaning except in
26 | tags like pre, so this should not be difficult.) To prevent
27 | the paragraphing of inline text adjacent to block elements, wrap them
28 | in div tags (the behavior is slightly different outside of
29 | the root node.)
30 |
9 | If you would like users to be able to define external stylesheets, but
10 | only allow them to specify CSS declarations for a specific node and
11 | prevent them from fiddling with other elements, use this directive.
12 | It accepts any valid CSS selector, and will prepend this to any
13 | CSS declaration extracted from the document. For example, if this
14 | directive is set to #user-content and a user uses the
15 | selector a:hover, the final selector will be
16 | #user-content a:hover.
17 |
19 | The comma shorthand may be used; consider the above example, with
20 | #user-content, #user-content2, the final selector will
21 | be #user-content a:hover, #user-content2 a:hover.
22 |
24 | Warning: It is possible for users to bypass this measure 25 | using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML 26 | Purifier, and I am working to get it fixed. Until then, HTML Purifier 27 | performs a basic check to prevent this. 28 |
29 | --# vim: et sw=4 sts=4 30 | -------------------------------------------------------------------------------- /library/HTMLPurifier/URIFilter/HostBlacklist.php: -------------------------------------------------------------------------------- 1 | blacklist = $config->get('URI.HostBlacklist'); 26 | return true; 27 | } 28 | 29 | /** 30 | * @param HTMLPurifier_URI $uri 31 | * @param HTMLPurifier_Config $config 32 | * @param HTMLPurifier_Context $context 33 | * @return bool 34 | */ 35 | public function filter(&$uri, $config, $context) 36 | { 37 | foreach ($this->blacklist as $blacklisted_host_fragment) { 38 | if (strpos($uri->host, $blacklisted_host_fragment) !== false) { 39 | return false; 40 | } 41 | } 42 | return true; 43 | } 44 | } 45 | 46 | // vim: et sw=4 sts=4 47 | -------------------------------------------------------------------------------- /library/HTMLPurifier/AttrDef/CSS/TextDecoration.php: -------------------------------------------------------------------------------- 1 | true, 21 | 'overline' => true, 22 | 'underline' => true, 23 | ); 24 | 25 | $string = strtolower($this->parseCDATA($string)); 26 | 27 | if ($string === 'none') { 28 | return $string; 29 | } 30 | 31 | $parts = explode(' ', $string); 32 | $final = ''; 33 | foreach ($parts as $part) { 34 | if (isset($allowed_values[$part])) { 35 | $final .= $part . ' '; 36 | } 37 | } 38 | $final = rtrim($final); 39 | if ($final === '') { 40 | return false; 41 | } 42 | return $final; 43 | } 44 | } 45 | 46 | // vim: et sw=4 sts=4 47 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt: -------------------------------------------------------------------------------- 1 | HTML.DefinitionID 2 | TYPE: string/null 3 | DEFAULT: NULL 4 | VERSION: 2.0.0 5 | --DESCRIPTION-- 6 | 7 |8 | Unique identifier for a custom-built HTML definition. If you edit 9 | the raw version of the HTMLDefinition, introducing changes that the 10 | configuration object does not reflect, you must specify this variable. 11 | If you change your custom edits, you should change this directive, or 12 | clear your cache. Example: 13 |
14 |
15 | $config = HTMLPurifier_Config::createDefault();
16 | $config->set('HTML', 'DefinitionID', '1');
17 | $def = $config->getHTMLDefinition();
18 | $def->addAttribute('a', 'tabindex', 'Number');
19 |
20 | 21 | In the above example, the configuration is still at the defaults, but 22 | using the advanced API, an extra attribute has been added. The 23 | configuration object normally has no way of knowing that this change 24 | has taken place, so it needs an extra directive: %HTML.DefinitionID. 25 | If someone else attempts to use the default configuration, these two 26 | pieces of code will not clobber each other in the cache, since one has 27 | an extra directive attached to it. 28 |
29 |30 | You must specify a value to this directive to use the 31 | advanced API features. 32 |
33 | --# vim: et sw=4 sts=4 34 | -------------------------------------------------------------------------------- /library/HTMLPurifier/TagTransform/Simple.php: -------------------------------------------------------------------------------- 1 | transform_to = $transform_to; 22 | $this->style = $style; 23 | } 24 | 25 | /** 26 | * @param HTMLPurifier_Token_Tag $tag 27 | * @param HTMLPurifier_Config $config 28 | * @param HTMLPurifier_Context $context 29 | * @return string 30 | */ 31 | public function transform($tag, $config, $context) 32 | { 33 | $new_tag = clone $tag; 34 | $new_tag->name = $this->transform_to; 35 | if (!is_null($this->style) && 36 | ($new_tag instanceof HTMLPurifier_Token_Start || $new_tag instanceof HTMLPurifier_Token_Empty) 37 | ) { 38 | $this->prependCSS($new_tag->attr, $this->style); 39 | } 40 | return $new_tag; 41 | } 42 | } 43 | 44 | // vim: et sw=4 sts=4 45 | -------------------------------------------------------------------------------- /library/HTMLPurifier/Printer/CSSDefinition.php: -------------------------------------------------------------------------------- 1 | def = $config->getCSSDefinition(); 17 | $ret = ''; 18 | 19 | $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer')); 20 | $ret .= $this->start('table'); 21 | 22 | $ret .= $this->element('caption', 'Properties ($info)'); 23 | 24 | $ret .= $this->start('thead'); 25 | $ret .= $this->start('tr'); 26 | $ret .= $this->element('th', 'Property', array('class' => 'heavy')); 27 | $ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;')); 28 | $ret .= $this->end('tr'); 29 | $ret .= $this->end('thead'); 30 | 31 | ksort($this->def->info); 32 | foreach ($this->def->info as $property => $obj) { 33 | $name = $this->getClass($obj, 'AttrDef_'); 34 | $ret .= $this->row($property, $name); 35 | } 36 | 37 | $ret .= $this->end('table'); 38 | $ret .= $this->end('div'); 39 | 40 | return $ret; 41 | } 42 | } 43 | 44 | // vim: et sw=4 sts=4 45 | -------------------------------------------------------------------------------- /library/HTMLPurifier/ChildDef/Optional.php: -------------------------------------------------------------------------------- 1 | whitespace) { 36 | return $children; 37 | } else { 38 | return array(); 39 | } 40 | } 41 | return $result; 42 | } 43 | } 44 | 45 | // vim: et sw=4 sts=4 46 | -------------------------------------------------------------------------------- /library/HTMLPurifier/HTMLModule/Iframe.php: -------------------------------------------------------------------------------- 1 | get('HTML.SafeIframe')) { 29 | $this->safe = true; 30 | } 31 | $this->addElement( 32 | 'iframe', 33 | 'Inline', 34 | 'Flow', 35 | 'Common', 36 | array( 37 | 'src' => 'URI#embedded', 38 | 'width' => 'Length', 39 | 'height' => 'Length', 40 | 'name' => 'ID', 41 | 'scrolling' => 'Enum#yes,no,auto', 42 | 'frameborder' => 'Enum#0,1', 43 | 'longdesc' => 'URI', 44 | 'marginheight' => 'Pixels', 45 | 'marginwidth' => 'Pixels', 46 | ) 47 | ); 48 | } 49 | } 50 | 51 | // vim: et sw=4 sts=4 52 | -------------------------------------------------------------------------------- /inc/calendar.php: -------------------------------------------------------------------------------- 1 | 12 || 30 | | 31 | | 32 | | 33 | |
|---|