extends |
HTMLPurifier_Injector |
---|
Adds important param elements to inside of object in order to make things safe.
Methods | ||
---|---|---|
public
|
prepare(HTMLPurifier_Config $config, HTMLPurifier_Context $context): void
Prepares the injector by giving it the config and context objects:
this allows references to important variables to be…
Prepares the injector by giving it the config and context objects: this allows references to important variables to be made within the injector. This function also checks if the HTML environment will work with the Injector (see checkNeeded()). ReturnsBoolean false if success, string of missing needed element/attribute if failure Overrides |
# |
public
|
handleElement(HTMLPurifier_Token &$token)
Handler that is called when a start or empty token is processed
Handler that is called when a start or empty token is processed Overrides |
# |
public
|
handleEnd(&$token)
Handler that is called when an end token is processed
|
# |
Methods inherited from HTMLPurifier_Injector |
---|
rewindOffset(), getRewindOffset(), checkNeeded(), allowsElement(), forward(), forwardUntilEndToken(), backward(), handleText(), notifyEnd() |
Properties | |||
---|---|---|---|
public
|
|
$name = 'SafeObject'
|
# |
public
|
|
$needed = ['object', 'param']
|
# |
protected
|
|
$objectStack = []
|
# |
protected
|
|
$paramStack = []
|
# |
protected
|
|
$addParam = ['allowScriptAccess' => 'never', 'allowNetworking' => 'internal']
Keep this synchronized with AttrTransform/SafeParam.php.
Keep this synchronized with AttrTransform/SafeParam.php. |
# |
protected
|
|
$allowedParam = ['wmode' => true, 'movie' => true, 'flashvars' => true, 'src' => true, 'allowfullscreen' => true]
These are all lower-case keys.
These are all lower-case keys. |
# |
Properties inherited from HTMLPurifier_Injector |
---|
$htmlDefinition, $currentNesting, $currentToken, $inputZipper, $rewindOffset |