XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
SafeObject.php
Go to the documentation of this file.
1 <?php
2 
10 {
11 
12  public $name = 'SafeObject';
13 
14  public function setup($config) {
15 
16  // These definitions are not intrinsically safe: the attribute transforms
17  // are a vital part of ensuring safety.
18 
19  $max = $config->get('HTML.MaxImgLength');
20  $object = $this->addElement(
21  'object',
22  'Inline',
23  'Optional: param | Flow | #PCDATA',
24  'Common',
25  array(
26  // While technically not required by the spec, we're forcing
27  // it to this value.
28  'type' => 'Enum#application/x-shockwave-flash',
29  'width' => 'Pixels#' . $max,
30  'height' => 'Pixels#' . $max,
31  'data' => 'URI#embedded',
32  'codebase' => new HTMLPurifier_AttrDef_Enum(array(
33  'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
34  )
35  );
36  $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
37 
38  $param = $this->addElement('param', false, 'Empty', false,
39  array(
40  'id' => 'ID',
41  'name*' => 'Text',
42  'value' => 'Text'
43  )
44  );
45  $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
46  $this->info_injector[] = 'SafeObject';
47 
48  }
49 
50 }
51 
52 // vim: et sw=4 sts=4