Changeset 112142 in spip-zone


Ignore:
Timestamp:
Oct 24, 2018, 11:59:03 AM (12 months ago)
Author:
gouz@…
Message:

ajout du support des URI tcp/udp/ssh et activation du module Forms (en vue d'une application exhaustive de safehtml() : à minima coté privé et coté public avec le mode parano actif)

Location:
_plugins_/htmlpurifier
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • _plugins_/htmlpurifier/inc/safehtml.php

    r111320 r112142  
    1414if (!defined("_ECRIRE_INC_VERSION")) return;
    1515
     16
    1617function inc_safehtml($t) {
    1718        static $purifier;
     
    2324
    2425        include_spip('lib/HTMLPurifier.standalone');
    25        
     26        include_spip('HTMLPurifier.extended');
    2627
    2728        $config = HTMLPurifier_Config::createDefault();
     
    2930        $config->set('Cache.SerializerPath', preg_replace(',/$,', '', realpath(_DIR_TMP)));
    3031        $config->set('Attr.AllowedFrameTargets', array('_blank'));
     32 
     33  $config->set('URI.AllowedSchemes', array ('http' => true, 'https' => true, 'mailto' => true, 'ftp' => true, 'nntp' => true, 'news' => true, 'tel' => true, 'tcp'=>true, 'udp'=>true, 'ssh'=>true,));
     34  HTMLPurifier_URISchemeRegistry::instance()->register(new HTMLPurifier_URIScheme_tcp, $config);
     35  HTMLPurifier_URISchemeRegistry::instance()->register(new HTMLPurifier_URIScheme_udp, $config);
     36  HTMLPurifier_URISchemeRegistry::instance()->register(new HTMLPurifier_URIScheme_ssh, $config);
     37       
     38        $html = $config->getHTMLDefinition(true);
     39        $html->manager->addModule('Forms');
     40        $html->manager->registeredModules["Forms"]->safe = true;
    3141       
    3242        if (!isset($purifier))
    3343                $purifier = new HTMLPurifier($config);
    34        
     44               
     45   
    3546        // HTML Purifier prefere l'utf-8
    3647        if ($GLOBALS['meta']['charset'] == 'utf-8')
  • _plugins_/htmlpurifier/paquet.xml

    r111320 r112142  
    22        prefix="htmlpurifier"
    33        categorie="outil"
    4         version="4.10.0.1"
     4        version="4.10.0.2"
    55        etat="stable"
    66        compatibilite="[1.9.0;3.2.99]"
Note: See TracChangeset for help on using the changeset viewer.