]>
Commit | Line | Data |
---|---|---|
f45a286b AD |
1 | URI.Munge |
2 | TYPE: string/null | |
3 | VERSION: 1.3.0 | |
4 | DEFAULT: NULL | |
5 | --DESCRIPTION-- | |
6 | ||
7 | <p> | |
8 | Munges all browsable (usually http, https and ftp) | |
9 | absolute URIs into another URI, usually a URI redirection service. | |
10 | This directive accepts a URI, formatted with a <code>%s</code> where | |
11 | the url-encoded original URI should be inserted (sample: | |
12 | <code>http://www.google.com/url?q=%s</code>). | |
13 | </p> | |
14 | <p> | |
15 | Uses for this directive: | |
16 | </p> | |
17 | <ul> | |
18 | <li> | |
19 | Prevent PageRank leaks, while being fairly transparent | |
20 | to users (you may also want to add some client side JavaScript to | |
21 | override the text in the statusbar). <strong>Notice</strong>: | |
22 | Many security experts believe that this form of protection does not deter spam-bots. | |
23 | </li> | |
24 | <li> | |
25 | Redirect users to a splash page telling them they are leaving your | |
26 | website. While this is poor usability practice, it is often mandated | |
27 | in corporate environments. | |
28 | </li> | |
29 | </ul> | |
30 | <p> | |
31 | Prior to HTML Purifier 3.1.1, this directive also enabled the munging | |
32 | of browsable external resources, which could break things if your redirection | |
33 | script was a splash page or used <code>meta</code> tags. To revert to | |
34 | previous behavior, please use %URI.MungeResources. | |
35 | </p> | |
36 | <p> | |
37 | You may want to also use %URI.MungeSecretKey along with this directive | |
38 | in order to enforce what URIs your redirector script allows. Open | |
39 | redirector scripts can be a security risk and negatively affect the | |
40 | reputation of your domain name. | |
41 | </p> | |
42 | <p> | |
43 | Starting with HTML Purifier 3.1.1, there is also these substitutions: | |
44 | </p> | |
45 | <table> | |
46 | <thead> | |
47 | <tr> | |
48 | <th>Key</th> | |
49 | <th>Description</th> | |
50 | <th>Example <code><a href=""></code></th> | |
51 | </tr> | |
52 | </thead> | |
53 | <tbody> | |
54 | <tr> | |
55 | <td>%r</td> | |
56 | <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td> | |
57 | <td></td> | |
58 | </tr> | |
59 | <tr> | |
60 | <td>%n</td> | |
61 | <td>The name of the tag this URI came from</td> | |
62 | <td>a</td> | |
63 | </tr> | |
64 | <tr> | |
65 | <td>%m</td> | |
66 | <td>The name of the attribute this URI came from</td> | |
67 | <td>href</td> | |
68 | </tr> | |
69 | <tr> | |
70 | <td>%p</td> | |
71 | <td>The name of the CSS property this URI came from, or blank if irrelevant</td> | |
72 | <td></td> | |
73 | </tr> | |
74 | </tbody> | |
75 | </table> | |
76 | <p> | |
77 | Admittedly, these letters are somewhat arbitrary; the only stipulation | |
78 | was that they couldn't be a through f. r is for resource (I would have preferred | |
79 | e, but you take what you can get), n is for name, m | |
80 | was picked because it came after n (and I couldn't use a), p is for | |
81 | property. | |
82 | </p> | |
83 | --# vim: et sw=4 sts=4 |