Changeset 112222 in spip-zone


Ignore:
Timestamp:
Oct 30, 2018, 4:41:24 PM (8 months ago)
Author:
root
Message:

on oublie pas de traiter_raccourcis() et modification des surcharges de la wheel securite-js pour suppression de echappe-js/echappe_anti_xss

Location:
_plugins_/htmlpurifier
Files:
2 deleted
2 edited

Legend:

Unmodified
Added
Removed

  • _plugins_/htmlpurifier/htmlpurifier_options.php

    r112211 r112222  
    77);
    88
    9 $GLOBALS['spip_wheels']['echappe_js'] = array(
    10         'htmlpurifier/echappe-js.yaml'
    11 );

  • _plugins_/htmlpurifier/wheels/htmlpurifier/interdire-scripts.yaml

    r112211 r112222  
    2020
    2121securite-js:
    22   if_str: "<"
    23   if_match: "/<[a-z]+/iS"
    24   type: all
    25   replace: "echappe_js"
    26   is_callback: Y
     22  if_str: "<script"
     23  match: "{<script.*?($|</script.)}isS"
     24  is_wheel: y
     25  replace:
     26    -
     27      type: all
     28      replace: htmlspecialchars
     29      is_callback: Y
     30    -
     31      type: all
     32      replace: nl2br
     33      is_callback: Y
     34    -
     35      type: all
     36      replace: "<code class=\"securite-js\">$0</code>"
    2737
    2838securite-base:
Note: See TracChangeset for help on using the changeset viewer.