From f4f0f80d2118437e5047ba266f92d7acb3c38fb7 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov
Date: Mon, 11 Apr 2011 16:41:01 +0400
Subject: [PATCH] update HTMLPurifier; enable embedded flash video in articles
---
backend.php | 7 +
functions.php | 6 +-
lib/htmlpurifier/CREDITS | 0
lib/htmlpurifier/LICENSE | 0
.../library/HTMLPurifier.auto.php | 0
.../library/HTMLPurifier.autoload.php | 5 +
.../library/HTMLPurifier.func.php | 0
.../library/HTMLPurifier.includes.php | 12 +-
.../library/HTMLPurifier.kses.php | 6 +-
.../library/HTMLPurifier.path.php | 0
lib/htmlpurifier/library/HTMLPurifier.php | 9 +-
.../library/HTMLPurifier.safe-includes.php | 10 +-
.../library/HTMLPurifier/AttrCollections.php | 0
.../library/HTMLPurifier/AttrDef.php | 36 ++
.../library/HTMLPurifier/AttrDef/CSS.php | 0
.../HTMLPurifier/AttrDef/CSS/AlphaValue.php | 0
.../HTMLPurifier/AttrDef/CSS/Background.php | 0
.../AttrDef/CSS/BackgroundPosition.php | 21 +-
.../HTMLPurifier/AttrDef/CSS/Border.php | 0
.../HTMLPurifier/AttrDef/CSS/Color.php | 2 +-
.../HTMLPurifier/AttrDef/CSS/Composite.php | 0
.../AttrDef/CSS/DenyElementDecorator.php | 0
.../HTMLPurifier/AttrDef/CSS/Filter.php | 0
.../library/HTMLPurifier/AttrDef/CSS/Font.php | 0
.../HTMLPurifier/AttrDef/CSS/FontFamily.php | 177 ++++++--
.../AttrDef/CSS/ImportantDecorator.php | 0
.../HTMLPurifier/AttrDef/CSS/Length.php | 0
.../HTMLPurifier/AttrDef/CSS/ListStyle.php | 0
.../HTMLPurifier/AttrDef/CSS/Multiple.php | 0
.../HTMLPurifier/AttrDef/CSS/Number.php | 0
.../HTMLPurifier/AttrDef/CSS/Percentage.php | 0
.../AttrDef/CSS/TextDecoration.php | 0
.../library/HTMLPurifier/AttrDef/CSS/URI.php | 21 +-
.../library/HTMLPurifier/AttrDef/Enum.php | 0
.../HTMLPurifier/AttrDef/HTML/Bool.php | 0
.../HTMLPurifier/AttrDef/HTML/Class.php | 34 ++
.../HTMLPurifier/AttrDef/HTML/Color.php | 2 +-
.../HTMLPurifier/AttrDef/HTML/FrameTarget.php | 2 +-
.../library/HTMLPurifier/AttrDef/HTML/ID.php | 10 +-
.../HTMLPurifier/AttrDef/HTML/Length.php | 0
.../HTMLPurifier/AttrDef/HTML/LinkTypes.php | 2 +-
.../HTMLPurifier/AttrDef/HTML/MultiLength.php | 0
.../HTMLPurifier/AttrDef/HTML/Nmtokens.php | 36 +-
.../HTMLPurifier/AttrDef/HTML/Pixels.php | 0
.../library/HTMLPurifier/AttrDef/Integer.php | 0
.../library/HTMLPurifier/AttrDef/Lang.php | 0
.../library/HTMLPurifier/AttrDef/Switch.php | 0
.../library/HTMLPurifier/AttrDef/Text.php | 0
.../library/HTMLPurifier/AttrDef/URI.php | 2 +-
.../HTMLPurifier/AttrDef/URI/Email.php | 0
.../AttrDef/URI/Email/SimpleCheck.php | 0
.../library/HTMLPurifier/AttrDef/URI/Host.php | 6 +
.../library/HTMLPurifier/AttrDef/URI/IPv4.php | 0
.../library/HTMLPurifier/AttrDef/URI/IPv6.php | 0
.../library/HTMLPurifier/AttrTransform.php | 0
.../HTMLPurifier/AttrTransform/Background.php | 0
.../HTMLPurifier/AttrTransform/BdoDir.php | 2 +-
.../HTMLPurifier/AttrTransform/BgColor.php | 0
.../HTMLPurifier/AttrTransform/BoolToCSS.php | 0
.../HTMLPurifier/AttrTransform/Border.php | 0
.../HTMLPurifier/AttrTransform/EnumToCSS.php | 0
.../AttrTransform/ImgRequired.php | 11 +-
.../HTMLPurifier/AttrTransform/ImgSpace.php | 0
.../HTMLPurifier/AttrTransform/Input.php | 0
.../HTMLPurifier/AttrTransform/Lang.php | 0
.../HTMLPurifier/AttrTransform/Length.php | 0
.../HTMLPurifier/AttrTransform/Name.php | 2 +
.../HTMLPurifier/AttrTransform/NameSync.php | 27 ++
.../HTMLPurifier/AttrTransform/Nofollow.php | 41 ++
.../HTMLPurifier/AttrTransform/SafeEmbed.php | 0
.../HTMLPurifier/AttrTransform/SafeObject.php | 0
.../HTMLPurifier/AttrTransform/SafeParam.php | 16 +-
.../AttrTransform/ScriptRequired.php | 0
.../HTMLPurifier/AttrTransform/Textarea.php | 0
.../library/HTMLPurifier/AttrTypes.php | 3 +
.../library/HTMLPurifier/AttrValidator.php | 0
.../library/HTMLPurifier/Bootstrap.php | 10 +-
.../library/HTMLPurifier/CSSDefinition.php | 48 ++-
.../library/HTMLPurifier/ChildDef.php | 0
.../HTMLPurifier/ChildDef/Chameleon.php | 0
.../library/HTMLPurifier/ChildDef/Custom.php | 0
.../library/HTMLPurifier/ChildDef/Empty.php | 0
.../HTMLPurifier/ChildDef/Optional.php | 0
.../HTMLPurifier/ChildDef/Required.php | 2 +-
.../ChildDef/StrictBlockquote.php | 0
.../library/HTMLPurifier/ChildDef/Table.php | 0
.../library/HTMLPurifier/Config.php | 384 ++++++++++++++----
.../library/HTMLPurifier/ConfigSchema.php | 117 ++----
.../ConfigSchema/Builder/ConfigSchema.php | 18 +-
.../HTMLPurifier/ConfigSchema/Builder/Xml.php | 34 +-
.../HTMLPurifier/ConfigSchema/Exception.php | 0
.../HTMLPurifier/ConfigSchema/Interchange.php | 15 -
.../ConfigSchema/Interchange/Directive.php | 0
.../ConfigSchema/Interchange/Id.php | 20 +-
.../ConfigSchema/InterchangeBuilder.php | 40 +-
.../HTMLPurifier/ConfigSchema/Validator.php | 27 +-
.../ConfigSchema/ValidatorAtom.php | 0
.../HTMLPurifier/ConfigSchema/schema.ser | Bin 11324 -> 14140 bytes
.../schema/Attr.AllowedClasses.txt | 8 +
.../schema/Attr.AllowedFrameTargets.txt | 0
.../ConfigSchema/schema/Attr.AllowedRel.txt | 0
.../ConfigSchema/schema/Attr.AllowedRev.txt | 0
.../schema/Attr.ClassUseCDATA.txt | 19 +
.../schema/Attr.DefaultImageAlt.txt | 0
.../schema/Attr.DefaultInvalidImage.txt | 0
.../schema/Attr.DefaultInvalidImageAlt.txt | 0
.../schema/Attr.DefaultTextDir.txt | 0
.../ConfigSchema/schema/Attr.EnableID.txt | 0
.../schema/Attr.ForbiddenClasses.txt | 8 +
.../ConfigSchema/schema/Attr.IDBlacklist.txt | 0
.../schema/Attr.IDBlacklistRegexp.txt | 0
.../ConfigSchema/schema/Attr.IDPrefix.txt | 0
.../schema/Attr.IDPrefixLocal.txt | 0
.../schema/AutoFormat.AutoParagraph.txt | 0
.../ConfigSchema/schema/AutoFormat.Custom.txt | 0
.../schema/AutoFormat.DisplayLinkURI.txt | 0
.../schema/AutoFormat.Linkify.txt | 0
.../AutoFormat.PurifierLinkify.DocURL.txt | 12 +
.../schema/AutoFormat.PurifierLinkify.txt | 0
...rmat.RemoveEmpty.RemoveNbsp.Exceptions.txt | 11 +
.../AutoFormat.RemoveEmpty.RemoveNbsp.txt | 15 +
.../schema/AutoFormat.RemoveEmpty.txt | 5 +-
...utoFormat.RemoveSpansWithoutAttributes.txt | 11 +
.../schema/CSS.AllowImportant.txt | 0
.../ConfigSchema/schema/CSS.AllowTricky.txt | 0
.../ConfigSchema/schema/CSS.AllowedFonts.txt | 12 +
.../schema/CSS.AllowedProperties.txt | 0
.../ConfigSchema/schema/CSS.DefinitionRev.txt | 0
.../schema/CSS.ForbiddenProperties.txt | 13 +
.../ConfigSchema/schema/CSS.MaxImgLength.txt | 0
.../ConfigSchema/schema/CSS.Proprietary.txt | 0
.../ConfigSchema/schema/CSS.Trusted.txt | 9 +
.../schema/Cache.DefinitionImpl.txt | 0
.../schema/Cache.SerializerPath.txt | 0
.../schema/Cache.SerializerPermissions.txt | 11 +
.../schema/Core.AggressivelyFixLt.txt | 0
.../schema/Core.CollectErrors.txt | 0
.../schema/Core.ColorKeywords.txt | 0
.../schema/Core.ConvertDocumentToFragment.txt | 0
.../Core.DirectLexLineNumberSyncInterval.txt | 0
.../ConfigSchema/schema/Core.Encoding.txt | 0
.../schema/Core.EscapeInvalidChildren.txt | 0
.../schema/Core.EscapeInvalidTags.txt | 0
.../schema/Core.EscapeNonASCIICharacters.txt | 0
.../schema/Core.HiddenElements.txt | 0
.../ConfigSchema/schema/Core.Language.txt | 0
.../ConfigSchema/schema/Core.LexerImpl.txt | 0
.../schema/Core.MaintainLineNumbers.txt | 0
.../schema/Core.NormalizeNewlines.txt | 11 +
.../schema/Core.RemoveInvalidImg.txt | 0
.../Core.RemoveProcessingInstructions.txt | 11 +
.../schema/Core.RemoveScriptContents.txt | 0
.../ConfigSchema/schema/Filter.Custom.txt | 0
.../Filter.ExtractStyleBlocks.Escaping.txt | 14 +
.../Filter.ExtractStyleBlocks.Scope.txt | 29 ++
.../Filter.ExtractStyleBlocks.TidyImpl.txt | 16 +
.../schema/Filter.ExtractStyleBlocks.txt | 0
.../ConfigSchema/schema/Filter.YouTube.txt | 5 +
.../ConfigSchema/schema/HTML.Allowed.txt | 11 +-
.../schema/HTML.AllowedAttributes.txt | 0
.../schema/HTML.AllowedElements.txt | 17 +-
.../schema/HTML.AllowedModules.txt | 0
.../schema/HTML.Attr.Name.UseCDATA.txt | 11 +
.../ConfigSchema/schema/HTML.BlockWrapper.txt | 0
.../ConfigSchema/schema/HTML.CoreModules.txt | 0
.../schema/HTML.CustomDoctype.txt | 0
.../ConfigSchema/schema/HTML.DefinitionID.txt | 0
.../schema/HTML.DefinitionRev.txt | 0
.../ConfigSchema/schema/HTML.Doctype.txt | 0
.../schema/HTML.FlashAllowFullScreen.txt | 11 +
.../schema/HTML.ForbiddenAttributes.txt | 0
.../schema/HTML.ForbiddenElements.txt | 0
.../ConfigSchema/schema/HTML.MaxImgLength.txt | 0
.../ConfigSchema/schema/HTML.Nofollow.txt | 7 +
.../ConfigSchema/schema/HTML.Parent.txt | 0
.../ConfigSchema/schema/HTML.Proprietary.txt | 0
.../ConfigSchema/schema/HTML.SafeEmbed.txt | 7 +-
.../ConfigSchema/schema/HTML.SafeObject.txt | 7 +-
.../ConfigSchema/schema/HTML.Strict.txt | 0
.../ConfigSchema/schema/HTML.TidyAdd.txt | 0
.../ConfigSchema/schema/HTML.TidyLevel.txt | 0
.../ConfigSchema/schema/HTML.TidyRemove.txt | 0
.../ConfigSchema/schema/HTML.Trusted.txt | 1 +
.../ConfigSchema/schema/HTML.XHTML.txt | 0
.../schema/Output.CommentScriptContents.txt | 0
.../schema/Output.FixInnerHTML.txt | 15 +
.../schema/Output.FlashCompat.txt | 11 +
.../ConfigSchema/schema/Output.Newline.txt | 0
.../ConfigSchema/schema/Output.SortAttr.txt | 0
.../ConfigSchema/schema/Output.TidyFormat.txt | 0
.../ConfigSchema/schema/Test.ForceNoIconv.txt | 0
.../schema/URI.AllowedSchemes.txt | 2 +
.../ConfigSchema/schema/URI.Base.txt | 0
.../ConfigSchema/schema/URI.DefaultScheme.txt | 0
.../ConfigSchema/schema/URI.DefinitionID.txt | 0
.../ConfigSchema/schema/URI.DefinitionRev.txt | 0
.../ConfigSchema/schema/URI.Disable.txt | 0
.../schema/URI.DisableExternal.txt | 0
.../schema/URI.DisableExternalResources.txt | 0
.../schema/URI.DisableResources.txt | 7 +-
.../ConfigSchema/schema/URI.Host.txt | 0
.../ConfigSchema/schema/URI.HostBlacklist.txt | 0
.../ConfigSchema/schema/URI.MakeAbsolute.txt | 0
.../ConfigSchema/schema/URI.Munge.txt | 0
.../schema/URI.MungeResources.txt | 0
.../schema/URI.MungeSecretKey.txt | 0
.../schema/URI.OverrideAllowedSchemes.txt | 0
.../HTMLPurifier/ConfigSchema/schema/info.ini | 0
.../library/HTMLPurifier/ContentSets.php | 0
.../library/HTMLPurifier/Context.php | 0
.../library/HTMLPurifier/Definition.php | 11 +
.../library/HTMLPurifier/DefinitionCache.php | 4 +-
.../DefinitionCache/Decorator.php | 0
.../DefinitionCache/Decorator/Cleanup.php | 0
.../DefinitionCache/Decorator/Memory.php | 0
.../DefinitionCache/Decorator/Template.php.in | 0
.../HTMLPurifier/DefinitionCache/Null.php | 0
.../DefinitionCache/Serializer.php | 51 ++-
.../HTMLPurifier/DefinitionCacheFactory.php | 2 +-
.../library/HTMLPurifier/Doctype.php | 0
.../library/HTMLPurifier/DoctypeRegistry.php | 8 +-
.../library/HTMLPurifier/ElementDef.php | 10 +-
.../library/HTMLPurifier/Encoder.php | 12 +-
.../library/HTMLPurifier/EntityLookup.php | 0
.../HTMLPurifier/EntityLookup/entities.ser | 2 +-
.../library/HTMLPurifier/EntityParser.php | 0
.../library/HTMLPurifier/ErrorCollector.php | 0
.../library/HTMLPurifier/ErrorStruct.php | 0
.../library/HTMLPurifier/Exception.php | 0
.../library/HTMLPurifier/Filter.php | 0
.../Filter/ExtractStyleBlocks.php | 6 +-
.../library/HTMLPurifier/Filter/YouTube.php | 10 +-
.../library/HTMLPurifier/Generator.php | 87 +++-
.../library/HTMLPurifier/HTMLDefinition.php | 23 +-
.../library/HTMLPurifier/HTMLModule.php | 0
.../library/HTMLPurifier/HTMLModule/Bdo.php | 0
.../HTMLModule/CommonAttributes.php | 3 +-
.../library/HTMLPurifier/HTMLModule/Edit.php | 0
.../library/HTMLPurifier/HTMLModule/Forms.php | 0
.../HTMLPurifier/HTMLModule/Hypertext.php | 0
.../library/HTMLPurifier/HTMLModule/Image.php | 4 +-
.../HTMLPurifier/HTMLModule/Legacy.php | 0
.../library/HTMLPurifier/HTMLModule/List.php | 6 +-
.../library/HTMLPurifier/HTMLModule/Name.php | 5 +-
.../HTMLPurifier/HTMLModule/Nofollow.php | 19 +
.../HTMLModule/NonXMLCommonAttributes.php | 0
.../HTMLPurifier/HTMLModule/Object.php | 0
.../HTMLPurifier/HTMLModule/Presentation.php | 0
.../HTMLPurifier/HTMLModule/Proprietary.php | 0
.../library/HTMLPurifier/HTMLModule/Ruby.php | 0
.../HTMLPurifier/HTMLModule/SafeEmbed.php | 5 +-
.../HTMLPurifier/HTMLModule/SafeObject.php | 6 +-
.../HTMLPurifier/HTMLModule/Scripting.php | 0
.../HTMLModule/StyleAttribute.php | 0
.../HTMLPurifier/HTMLModule/Tables.php | 0
.../HTMLPurifier/HTMLModule/Target.php | 0
.../library/HTMLPurifier/HTMLModule/Text.php | 0
.../library/HTMLPurifier/HTMLModule/Tidy.php | 6 +-
.../HTMLPurifier/HTMLModule/Tidy/Name.php | 0
.../HTMLModule/Tidy/Proprietary.php | 1 +
.../HTMLPurifier/HTMLModule/Tidy/Strict.php | 0
.../HTMLModule/Tidy/Transitional.php | 0
.../HTMLPurifier/HTMLModule/Tidy/XHTML.php | 0
.../HTMLModule/Tidy/XHTMLAndHTML4.php | 0
.../HTMLModule/XMLCommonAttributes.php | 0
.../HTMLPurifier/HTMLModuleManager.php | 20 +-
.../library/HTMLPurifier/IDAccumulator.php | 2 +-
.../library/HTMLPurifier/Injector.php | 6 +
.../HTMLPurifier/Injector/AutoParagraph.php | 21 +-
.../HTMLPurifier/Injector/DisplayLinkURI.php | 0
.../library/HTMLPurifier/Injector/Linkify.php | 0
.../HTMLPurifier/Injector/PurifierLinkify.php | 2 +-
.../HTMLPurifier/Injector/RemoveEmpty.php | 13 +-
.../Injector/RemoveSpansWithoutAttributes.php | 60 +++
.../HTMLPurifier/Injector/SafeObject.php | 6 +-
.../library/HTMLPurifier/Language.php | 0
.../Language/classes/en-x-test.php | 0
.../Language/messages/en-x-test.php | 0
.../Language/messages/en-x-testmini.php | 0
.../HTMLPurifier/Language/messages/en.php | 1 +
.../library/HTMLPurifier/LanguageFactory.php | 2 +-
.../library/HTMLPurifier/Length.php | 0
.../library/HTMLPurifier/Lexer.php | 46 ++-
.../library/HTMLPurifier/Lexer/DOMLex.php | 76 ++--
.../library/HTMLPurifier/Lexer/DirectLex.php | 14 +-
.../library/HTMLPurifier/Lexer/PEARSax3.php | 37 +-
.../library/HTMLPurifier/Lexer/PH5P.php | 2 -
.../library/HTMLPurifier/PercentEncoder.php | 0
.../library/HTMLPurifier/Printer.php | 0
.../HTMLPurifier/Printer/CSSDefinition.php | 0
.../HTMLPurifier/Printer/ConfigForm.css | 0
.../HTMLPurifier/Printer/ConfigForm.js | 0
.../HTMLPurifier/Printer/ConfigForm.php | 6 +-
.../HTMLPurifier/Printer/HTMLDefinition.php | 0
.../library/HTMLPurifier/PropertyList.php | 0
.../HTMLPurifier/PropertyListIterator.php | 0
.../library/HTMLPurifier/Strategy.php | 0
.../HTMLPurifier/Strategy/Composite.php | 0
.../library/HTMLPurifier/Strategy/Core.php | 0
.../HTMLPurifier/Strategy/FixNesting.php | 0
.../HTMLPurifier/Strategy/MakeWellFormed.php | 123 ++++--
.../Strategy/RemoveForeignElements.php | 12 +-
.../Strategy/ValidateAttributes.php | 0
.../library/HTMLPurifier/StringHash.php | 0
.../library/HTMLPurifier/StringHashParser.php | 0
.../library/HTMLPurifier/TagTransform.php | 0
.../HTMLPurifier/TagTransform/Font.php | 16 +-
.../HTMLPurifier/TagTransform/Simple.php | 0
.../library/HTMLPurifier/Token.php | 0
.../library/HTMLPurifier/Token/Comment.php | 0
.../library/HTMLPurifier/Token/Empty.php | 0
.../library/HTMLPurifier/Token/End.php | 0
.../library/HTMLPurifier/Token/Start.php | 0
.../library/HTMLPurifier/Token/Tag.php | 3 +-
.../library/HTMLPurifier/Token/Text.php | 0
.../library/HTMLPurifier/TokenFactory.php | 0
lib/htmlpurifier/library/HTMLPurifier/URI.php | 93 +++--
.../library/HTMLPurifier/URIDefinition.php | 8 +-
.../library/HTMLPurifier/URIFilter.php | 0
.../URIFilter/DisableExternal.php | 0
.../URIFilter/DisableExternalResources.php | 0
.../URIFilter/DisableResources.php | 11 +
.../HTMLPurifier/URIFilter/HostBlacklist.php | 2 +-
.../HTMLPurifier/URIFilter/MakeAbsolute.php | 0
.../library/HTMLPurifier/URIFilter/Munge.php | 10 +-
.../library/HTMLPurifier/URIParser.php | 0
.../library/HTMLPurifier/URIScheme.php | 61 ++-
.../library/HTMLPurifier/URIScheme/data.php | 96 +++++
.../library/HTMLPurifier/URIScheme/file.php | 32 ++
.../library/HTMLPurifier/URIScheme/ftp.php | 3 +-
.../library/HTMLPurifier/URIScheme/http.php | 3 +-
.../library/HTMLPurifier/URIScheme/https.php | 0
.../library/HTMLPurifier/URIScheme/mailto.php | 4 +-
.../library/HTMLPurifier/URIScheme/news.php | 4 +-
.../library/HTMLPurifier/URIScheme/nntp.php | 3 +-
.../HTMLPurifier/URISchemeRegistry.php | 11 +-
.../library/HTMLPurifier/UnitConverter.php | 0
.../library/HTMLPurifier/VarParser.php | 0
.../HTMLPurifier/VarParser/Flexible.php | 9 +-
.../library/HTMLPurifier/VarParser/Native.php | 0
.../HTMLPurifier/VarParserException.php | 0
341 files changed, 2010 insertions(+), 639 deletions(-)
mode change 100755 => 100644 lib/htmlpurifier/CREDITS
mode change 100755 => 100644 lib/htmlpurifier/LICENSE
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.auto.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.autoload.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.func.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.includes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.kses.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.path.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier.safe-includes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrCollections.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrTypes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/AttrValidator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Bootstrap.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/CSSDefinition.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef/Chameleon.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef/Custom.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef/Empty.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef/Optional.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef/Required.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef/StrictBlockquote.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ChildDef/Table.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Config.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Exception.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Validator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema.ser
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/info.ini
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ContentSets.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Context.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Definition.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCache.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Decorator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Decorator/Memory.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Decorator/Template.php.in
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Null.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DefinitionCacheFactory.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Doctype.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/DoctypeRegistry.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ElementDef.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Encoder.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/EntityLookup.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/EntityLookup/entities.ser
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/EntityParser.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ErrorCollector.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/ErrorStruct.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Exception.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Filter.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Filter/ExtractStyleBlocks.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Filter/YouTube.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Generator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Bdo.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/CommonAttributes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Edit.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Forms.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Hypertext.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Image.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Legacy.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/List.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Name.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Nofollow.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Object.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Presentation.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Proprietary.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Ruby.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeEmbed.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeObject.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Scripting.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/StyleAttribute.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tables.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Target.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Text.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tidy.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tidy/Name.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tidy/Proprietary.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tidy/Strict.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tidy/Transitional.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tidy/XHTML.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/XMLCommonAttributes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModuleManager.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/IDAccumulator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/AutoParagraph.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/DisplayLinkURI.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/Linkify.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/PurifierLinkify.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/RemoveEmpty.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Injector/SafeObject.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Language.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Language/classes/en-x-test.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Language/messages/en-x-test.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Language/messages/en-x-testmini.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Language/messages/en.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/LanguageFactory.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Length.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Lexer.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Lexer/DOMLex.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Lexer/DirectLex.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Lexer/PEARSax3.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Lexer/PH5P.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/PercentEncoder.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Printer.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Printer/CSSDefinition.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Printer/ConfigForm.css
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Printer/ConfigForm.js
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Printer/ConfigForm.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Printer/HTMLDefinition.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/PropertyList.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/PropertyListIterator.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Strategy.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Strategy/Composite.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Strategy/Core.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Strategy/FixNesting.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Strategy/MakeWellFormed.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Strategy/RemoveForeignElements.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Strategy/ValidateAttributes.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/StringHash.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/StringHashParser.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/TagTransform.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/TagTransform/Font.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/TagTransform/Simple.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Token.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Token/Comment.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Token/Empty.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Token/End.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Token/Start.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Token/Tag.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/Token/Text.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/TokenFactory.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URI.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIDefinition.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter/DisableExternal.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter/DisableExternalResources.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter/DisableResources.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter/MakeAbsolute.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIFilter/Munge.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIParser.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/data.php
create mode 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/file.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/ftp.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/http.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/https.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/mailto.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/news.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URIScheme/nntp.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/URISchemeRegistry.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/UnitConverter.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/VarParser.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/VarParser/Flexible.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/VarParser/Native.php
mode change 100755 => 100644 lib/htmlpurifier/library/HTMLPurifier/VarParserException.php
diff --git a/backend.php b/backend.php
index cf80e0e3..9ed250cf 100644
--- a/backend.php
+++ b/backend.php
@@ -210,6 +210,13 @@
array_push($articles, format_article($link, $id, false));
} else if ($mode == "zoom") {
array_push($articles, format_article($link, $id, false, true, true));
+ } else if ($mode == "raw") {
+ if ($_REQUEST['html']) header("Content-Type: text/html");
+
+ $article = format_article($link, $id, false);
+ print $article['id'] . "\n\n";
+ print $article['content'];
+ return;
} else {
catchupArticleById($link, $id, 0);
}
diff --git a/functions.php b/functions.php
index 8a44e8be..f8ea2503 100644
--- a/functions.php
+++ b/functions.php
@@ -114,9 +114,13 @@
$config = HTMLPurifier_Config::createDefault();
- $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title],ul,ol,li,h1,h2,h3,h4,s";
+ $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value]";
+ $config->set('HTML.SafeObject', true);
$config->set('HTML', 'Allowed', $allowed);
+ $config->set('Output.FlashCompat', true);
+ $config->set('Attr.EnableID', true);
+
$purifier = new HTMLPurifier($config);
/**
diff --git a/lib/htmlpurifier/CREDITS b/lib/htmlpurifier/CREDITS
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/LICENSE b/lib/htmlpurifier/LICENSE
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier.auto.php b/lib/htmlpurifier/library/HTMLPurifier.auto.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier.autoload.php b/lib/htmlpurifier/library/HTMLPurifier.autoload.php
old mode 100755
new mode 100644
index 8d401764..62da5b60
--- a/lib/htmlpurifier/library/HTMLPurifier.autoload.php
+++ b/lib/htmlpurifier/library/HTMLPurifier.autoload.php
@@ -3,6 +3,7 @@
/**
* @file
* Convenience file that registers autoload handler for HTML Purifier.
+ * It also does some sanity checks.
*/
if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) {
@@ -18,4 +19,8 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un
}
}
+if (ini_get('zend.ze1_compatibility_mode')) {
+ trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR);
+}
+
// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier.func.php b/lib/htmlpurifier/library/HTMLPurifier.func.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier.includes.php b/lib/htmlpurifier/library/HTMLPurifier.includes.php
old mode 100755
new mode 100644
index 944f0893..b9baf8f0
--- a/lib/htmlpurifier/library/HTMLPurifier.includes.php
+++ b/lib/htmlpurifier/library/HTMLPurifier.includes.php
@@ -7,7 +7,7 @@
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run.
*
- * @version 3.3.0
+ * @version 4.3.0
*
* @warning
* You must *not* include any other HTML Purifier files before this file,
@@ -98,6 +98,8 @@ require 'HTMLPurifier/AttrDef/CSS/Percentage.php';
require 'HTMLPurifier/AttrDef/CSS/TextDecoration.php';
require 'HTMLPurifier/AttrDef/CSS/URI.php';
require 'HTMLPurifier/AttrDef/HTML/Bool.php';
+require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
+require 'HTMLPurifier/AttrDef/HTML/Class.php';
require 'HTMLPurifier/AttrDef/HTML/Color.php';
require 'HTMLPurifier/AttrDef/HTML/FrameTarget.php';
require 'HTMLPurifier/AttrDef/HTML/ID.php';
@@ -105,7 +107,6 @@ require 'HTMLPurifier/AttrDef/HTML/Pixels.php';
require 'HTMLPurifier/AttrDef/HTML/Length.php';
require 'HTMLPurifier/AttrDef/HTML/LinkTypes.php';
require 'HTMLPurifier/AttrDef/HTML/MultiLength.php';
-require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
require 'HTMLPurifier/AttrDef/URI/Email.php';
require 'HTMLPurifier/AttrDef/URI/Host.php';
require 'HTMLPurifier/AttrDef/URI/IPv4.php';
@@ -123,6 +124,8 @@ require 'HTMLPurifier/AttrTransform/Input.php';
require 'HTMLPurifier/AttrTransform/Lang.php';
require 'HTMLPurifier/AttrTransform/Length.php';
require 'HTMLPurifier/AttrTransform/Name.php';
+require 'HTMLPurifier/AttrTransform/NameSync.php';
+require 'HTMLPurifier/AttrTransform/Nofollow.php';
require 'HTMLPurifier/AttrTransform/SafeEmbed.php';
require 'HTMLPurifier/AttrTransform/SafeObject.php';
require 'HTMLPurifier/AttrTransform/SafeParam.php';
@@ -149,6 +152,7 @@ require 'HTMLPurifier/HTMLModule/Image.php';
require 'HTMLPurifier/HTMLModule/Legacy.php';
require 'HTMLPurifier/HTMLModule/List.php';
require 'HTMLPurifier/HTMLModule/Name.php';
+require 'HTMLPurifier/HTMLModule/Nofollow.php';
require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
require 'HTMLPurifier/HTMLModule/Object.php';
require 'HTMLPurifier/HTMLModule/Presentation.php';
@@ -174,6 +178,7 @@ require 'HTMLPurifier/Injector/DisplayLinkURI.php';
require 'HTMLPurifier/Injector/Linkify.php';
require 'HTMLPurifier/Injector/PurifierLinkify.php';
require 'HTMLPurifier/Injector/RemoveEmpty.php';
+require 'HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
require 'HTMLPurifier/Injector/SafeObject.php';
require 'HTMLPurifier/Lexer/DOMLex.php';
require 'HTMLPurifier/Lexer/DirectLex.php';
@@ -193,9 +198,12 @@ require 'HTMLPurifier/Token/Start.php';
require 'HTMLPurifier/Token/Text.php';
require 'HTMLPurifier/URIFilter/DisableExternal.php';
require 'HTMLPurifier/URIFilter/DisableExternalResources.php';
+require 'HTMLPurifier/URIFilter/DisableResources.php';
require 'HTMLPurifier/URIFilter/HostBlacklist.php';
require 'HTMLPurifier/URIFilter/MakeAbsolute.php';
require 'HTMLPurifier/URIFilter/Munge.php';
+require 'HTMLPurifier/URIScheme/data.php';
+require 'HTMLPurifier/URIScheme/file.php';
require 'HTMLPurifier/URIScheme/ftp.php';
require 'HTMLPurifier/URIScheme/http.php';
require 'HTMLPurifier/URIScheme/https.php';
diff --git a/lib/htmlpurifier/library/HTMLPurifier.kses.php b/lib/htmlpurifier/library/HTMLPurifier.kses.php
old mode 100755
new mode 100644
index 24bef74a..3143feb1
--- a/lib/htmlpurifier/library/HTMLPurifier.kses.php
+++ b/lib/htmlpurifier/library/HTMLPurifier.kses.php
@@ -17,11 +17,11 @@ function kses($string, $allowed_html, $allowed_protocols = null) {
$allowed_attributes["$element.$attribute"] = true;
}
}
- $config->set('HTML', 'AllowedElements', $allowed_elements);
- $config->set('HTML', 'AllowedAttributes', $allowed_attributes);
+ $config->set('HTML.AllowedElements', $allowed_elements);
+ $config->set('HTML.AllowedAttributes', $allowed_attributes);
$allowed_schemes = array();
if ($allowed_protocols !== null) {
- $config->set('URI', 'AllowedSchemes', $allowed_protocols);
+ $config->set('URI.AllowedSchemes', $allowed_protocols);
}
$purifier = new HTMLPurifier($config);
return $purifier->purify($string);
diff --git a/lib/htmlpurifier/library/HTMLPurifier.path.php b/lib/htmlpurifier/library/HTMLPurifier.path.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier.php b/lib/htmlpurifier/library/HTMLPurifier.php
old mode 100755
new mode 100644
index 4b1eddec..914ba25a
--- a/lib/htmlpurifier/library/HTMLPurifier.php
+++ b/lib/htmlpurifier/library/HTMLPurifier.php
@@ -19,7 +19,7 @@
*/
/*
- HTML Purifier 3.3.0 - Standards Compliant HTML Filtering
+ HTML Purifier 4.3.0 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or
@@ -55,10 +55,10 @@ class HTMLPurifier
{
/** Version of HTML Purifier */
- public $version = '3.3.0';
+ public $version = '4.3.0';
/** Constant with version of HTML Purifier */
- const VERSION = '3.3.0';
+ const VERSION = '4.3.0';
/** Global configuration object */
public $config;
@@ -128,7 +128,7 @@ class HTMLPurifier
$context->register('Generator', $this->generator);
// set up global context variables
- if ($config->get('Core', 'CollectErrors')) {
+ if ($config->get('Core.CollectErrors')) {
// may get moved out if other facilities use it
$language_factory = HTMLPurifier_LanguageFactory::instance();
$language = $language_factory->create($config, $context);
@@ -152,6 +152,7 @@ class HTMLPurifier
$filters = array();
foreach ($filter_flags as $filter => $flag) {
if (!$flag) continue;
+ if (strpos($filter, '.') !== false) continue;
$class = "HTMLPurifier_Filter_$filter";
$filters[] = new $class;
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier.safe-includes.php b/lib/htmlpurifier/library/HTMLPurifier.safe-includes.php
old mode 100755
new mode 100644
index 7d393036..a5c0d5bb
--- a/lib/htmlpurifier/library/HTMLPurifier.safe-includes.php
+++ b/lib/htmlpurifier/library/HTMLPurifier.safe-includes.php
@@ -92,6 +92,8 @@ require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Class.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
@@ -99,7 +101,6 @@ require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Length.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/LinkTypes.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/MultiLength.php';
-require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Host.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv4.php';
@@ -117,6 +118,8 @@ require_once $__dir . '/HTMLPurifier/AttrTransform/Input.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Nofollow.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php';
@@ -143,6 +146,7 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/List.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Nofollow.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php';
@@ -168,6 +172,7 @@ require_once $__dir . '/HTMLPurifier/Injector/DisplayLinkURI.php';
require_once $__dir . '/HTMLPurifier/Injector/Linkify.php';
require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php';
require_once $__dir . '/HTMLPurifier/Injector/RemoveEmpty.php';
+require_once $__dir . '/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
require_once $__dir . '/HTMLPurifier/Injector/SafeObject.php';
require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php';
require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php';
@@ -187,9 +192,12 @@ require_once $__dir . '/HTMLPurifier/Token/Start.php';
require_once $__dir . '/HTMLPurifier/Token/Text.php';
require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternal.php';
require_once $__dir . '/HTMLPurifier/URIFilter/DisableExternalResources.php';
+require_once $__dir . '/HTMLPurifier/URIFilter/DisableResources.php';
require_once $__dir . '/HTMLPurifier/URIFilter/HostBlacklist.php';
require_once $__dir . '/HTMLPurifier/URIFilter/MakeAbsolute.php';
require_once $__dir . '/HTMLPurifier/URIFilter/Munge.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/data.php';
+require_once $__dir . '/HTMLPurifier/URIScheme/file.php';
require_once $__dir . '/HTMLPurifier/URIScheme/ftp.php';
require_once $__dir . '/HTMLPurifier/URIScheme/http.php';
require_once $__dir . '/HTMLPurifier/URIScheme/https.php';
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrCollections.php b/lib/htmlpurifier/library/HTMLPurifier/AttrCollections.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef.php
old mode 100755
new mode 100644
index d32fa62d..b2e4f36c
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef.php
@@ -82,6 +82,42 @@ abstract class HTMLPurifier_AttrDef
return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
}
+ /**
+ * Parses a possibly escaped CSS string and returns the "pure"
+ * version of it.
+ */
+ protected function expandCSSEscape($string) {
+ // flexibly parse it
+ $ret = '';
+ for ($i = 0, $c = strlen($string); $i < $c; $i++) {
+ if ($string[$i] === '\\') {
+ $i++;
+ if ($i >= $c) {
+ $ret .= '\\';
+ break;
+ }
+ if (ctype_xdigit($string[$i])) {
+ $code = $string[$i];
+ for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
+ if (!ctype_xdigit($string[$i])) break;
+ $code .= $string[$i];
+ }
+ // We have to be extremely careful when adding
+ // new characters, to make sure we're not breaking
+ // the encoding.
+ $char = HTMLPurifier_Encoder::unichr(hexdec($code));
+ if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
+ $ret .= $char;
+ if ($i < $c && trim($string[$i]) !== '') $i--;
+ continue;
+ }
+ if ($string[$i] === "\n") continue;
+ }
+ $ret .= $string[$i];
+ }
+ return $ret;
+ }
+
}
// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Background.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
old mode 100755
new mode 100644
index 35df3985..fae82eae
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
@@ -59,7 +59,8 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
$keywords = array();
$keywords['h'] = false; // left, right
$keywords['v'] = false; // top, bottom
- $keywords['c'] = false; // center
+ $keywords['ch'] = false; // center (first word)
+ $keywords['cv'] = false; // center (second word)
$measures = array();
$i = 0;
@@ -79,6 +80,13 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
$lbit = ctype_lower($bit) ? $bit : strtolower($bit);
if (isset($lookup[$lbit])) {
$status = $lookup[$lbit];
+ if ($status == 'c') {
+ if ($i == 0) {
+ $status = 'ch';
+ } else {
+ $status = 'cv';
+ }
+ }
$keywords[$status] = $lbit;
$i++;
}
@@ -101,20 +109,19 @@ class HTMLPurifier_AttrDef_CSS_BackgroundPosition extends HTMLPurifier_AttrDef
if (!$i) return false; // no valid values were caught
-
$ret = array();
// first keyword
if ($keywords['h']) $ret[] = $keywords['h'];
- elseif (count($measures)) $ret[] = array_shift($measures);
- elseif ($keywords['c']) {
- $ret[] = $keywords['c'];
- $keywords['c'] = false; // prevent re-use: center = center center
+ elseif ($keywords['ch']) {
+ $ret[] = $keywords['ch'];
+ $keywords['cv'] = false; // prevent re-use: center = center center
}
+ elseif (count($measures)) $ret[] = array_shift($measures);
if ($keywords['v']) $ret[] = $keywords['v'];
+ elseif ($keywords['cv']) $ret[] = $keywords['cv'];
elseif (count($measures)) $ret[] = array_shift($measures);
- elseif ($keywords['c']) $ret[] = $keywords['c'];
if (empty($ret)) return false;
return implode(' ', $ret);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Border.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php
old mode 100755
new mode 100644
index 14c6594b..07f95a67
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Color.php
@@ -9,7 +9,7 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
public function validate($color, $config, $context) {
static $colors = null;
- if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
+ if ($colors === null) $colors = $config->get('Core.ColorKeywords');
$color = trim($color);
if ($color === '') return false;
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Composite.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Filter.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Font.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
old mode 100755
new mode 100644
index 705ac893..0d9a4e12
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/FontFamily.php
@@ -2,11 +2,43 @@
/**
* Validates a font family list according to CSS spec
- * @todo whitelisting allowed fonts would be nice
*/
class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
{
+ protected $mask = null;
+
+ public function __construct() {
+ $this->mask = '- ';
+ for ($c = 'a'; $c <= 'z'; $c++) $this->mask .= $c;
+ for ($c = 'A'; $c <= 'Z'; $c++) $this->mask .= $c;
+ for ($c = '0'; $c <= '9'; $c++) $this->mask .= $c; // cast-y, but should be fine
+ // special bytes used by UTF-8
+ for ($i = 0x80; $i <= 0xFF; $i++) {
+ // We don't bother excluding invalid bytes in this range,
+ // because the our restriction of well-formed UTF-8 will
+ // prevent these from ever occurring.
+ $this->mask .= chr($i);
+ }
+
+ /*
+ PHP's internal strcspn implementation is
+ O(length of string * length of mask), making it inefficient
+ for large masks. However, it's still faster than
+ preg_match 8)
+ for (p = s1;;) {
+ spanp = s2;
+ do {
+ if (*spanp == c || p == s1_end) {
+ return p - s1;
+ }
+ } while (spanp++ < (s2_end - 1));
+ c = *++p;
+ }
+ */
+ // possible optimization: invert the mask.
+ }
+
public function validate($string, $config, $context) {
static $generic_names = array(
'serif' => true,
@@ -15,6 +47,7 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
'fantasy' => true,
'cursive' => true
);
+ $allowed_fonts = $config->get('CSS.AllowedFonts');
// assume that no font names contain commas in them
$fonts = explode(',', $string);
@@ -24,7 +57,9 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
if ($font === '') continue;
// match a generic name
if (isset($generic_names[$font])) {
- $final .= $font . ', ';
+ if ($allowed_fonts === null || isset($allowed_fonts[$font])) {
+ $final .= $font . ', ';
+ }
continue;
}
// match a quoted name
@@ -34,50 +69,122 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
$quote = $font[0];
if ($font[$length - 1] !== $quote) continue;
$font = substr($font, 1, $length - 2);
+ }
- $new_font = '';
- for ($i = 0, $c = strlen($font); $i < $c; $i++) {
- if ($font[$i] === '\\') {
- $i++;
- if ($i >= $c) {
- $new_font .= '\\';
- break;
- }
- if (ctype_xdigit($font[$i])) {
- $code = $font[$i];
- for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
- if (!ctype_xdigit($font[$i])) break;
- $code .= $font[$i];
- }
- // We have to be extremely careful when adding
- // new characters, to make sure we're not breaking
- // the encoding.
- $char = HTMLPurifier_Encoder::unichr(hexdec($code));
- if (HTMLPurifier_Encoder::cleanUTF8($char) === '') continue;
- $new_font .= $char;
- if ($i < $c && trim($font[$i]) !== '') $i--;
- continue;
- }
- if ($font[$i] === "\n") continue;
- }
- $new_font .= $font[$i];
- }
+ $font = $this->expandCSSEscape($font);
- $font = $new_font;
- }
// $font is a pure representation of the font name
+ if ($allowed_fonts !== null && !isset($allowed_fonts[$font])) {
+ continue;
+ }
+
if (ctype_alnum($font) && $font !== '') {
// very simple font, allow it in unharmed
$final .= $font . ', ';
continue;
}
- // complicated font, requires quoting
+ // bugger out on whitespace. form feed (0C) really
+ // shouldn't show up regardless
+ $font = str_replace(array("\n", "\t", "\r", "\x0C"), ' ', $font);
+
+ // Here, there are various classes of characters which need
+ // to be treated differently:
+ // - Alphanumeric characters are essentially safe. We
+ // handled these above.
+ // - Spaces require quoting, though most parsers will do
+ // the right thing if there aren't any characters that
+ // can be misinterpreted
+ // - Dashes rarely occur, but they fairly unproblematic
+ // for parsing/rendering purposes.
+ // The above characters cover the majority of Western font
+ // names.
+ // - Arbitrary Unicode characters not in ASCII. Because
+ // most parsers give little thought to Unicode, treatment
+ // of these codepoints is basically uniform, even for
+ // punctuation-like codepoints. These characters can
+ // show up in non-Western pages and are supported by most
+ // major browsers, for example: "ï¼ï¼³ ææ" is a
+ // legitimate font-name
+ // . See
+ // the CSS3 spec for more examples:
+ //
+ // You can see live samples of these on the Internet:
+ //
+ // However, most of these fonts have ASCII equivalents:
+ // for example, 'MS Mincho', and it's considered
+ // professional to use ASCII font names instead of
+ // Unicode font names. Thanks Takeshi Terada for
+ // providing this information.
+ // The following characters, to my knowledge, have not been
+ // used to name font names.
+ // - Single quote. While theoretically you might find a
+ // font name that has a single quote in its name (serving
+ // as an apostrophe, e.g. Dave's Scribble), I haven't
+ // been able to find any actual examples of this.
+ // Internet Explorer's cssText translation (which I
+ // believe is invoked by innerHTML) normalizes any
+ // quoting to single quotes, and fails to escape single
+ // quotes. (Note that this is not IE's behavior for all
+ // CSS properties, just some sort of special casing for
+ // font-family). So a single quote *cannot* be used
+ // safely in the font-family context if there will be an
+ // innerHTML/cssText translation. Note that Firefox 3.x
+ // does this too.
+ // - Double quote. In IE, these get normalized to
+ // single-quotes, no matter what the encoding. (Fun
+ // fact, in IE8, the 'content' CSS property gained
+ // support, where they special cased to preserve encoded
+ // double quotes, but still translate unadorned double
+ // quotes into single quotes.) So, because their
+ // fixpoint behavior is identical to single quotes, they
+ // cannot be allowed either. Firefox 3.x displays
+ // single-quote style behavior.
+ // - Backslashes are reduced by one (so \\ -> \) every
+ // iteration, so they cannot be used safely. This shows
+ // up in IE7, IE8 and FF3
+ // - Semicolons, commas and backticks are handled properly.
+ // - The rest of the ASCII punctuation is handled properly.
+ // We haven't checked what browsers do to unadorned
+ // versions, but this is not important as long as the
+ // browser doesn't /remove/ surrounding quotes (as IE does
+ // for HTML).
+ //
+ // With these results in hand, we conclude that there are
+ // various levels of safety:
+ // - Paranoid: alphanumeric, spaces and dashes(?)
+ // - International: Paranoid + non-ASCII Unicode
+ // - Edgy: Everything except quotes, backslashes
+ // - NoJS: Standards compliance, e.g. sod IE. Note that
+ // with some judicious character escaping (since certain
+ // types of escaping doesn't work) this is theoretically
+ // OK as long as innerHTML/cssText is not called.
+ // We believe that international is a reasonable default
+ // (that we will implement now), and once we do more
+ // extensive research, we may feel comfortable with dropping
+ // it down to edgy.
+
+ // Edgy: alphanumeric, spaces, dashes and Unicode. Use of
+ // str(c)spn assumes that the string was already well formed
+ // Unicode (which of course it is).
+ if (strspn($font, $this->mask) !== strlen($font)) {
+ continue;
+ }
+
+ // Historical:
+ // In the absence of innerHTML/cssText, these ugly
+ // transforms don't pose a security risk (as \\ and \"
+ // might--these escapes are not supported by most browsers).
+ // We could try to be clever and use single-quote wrapping
+ // when there is a double quote present, but I have choosen
+ // not to implement that. (NOTE: you can reduce the amount
+ // of escapes by one depending on what quoting style you use)
+ // $font = str_replace('\\', '\\5C ', $font);
+ // $font = str_replace('"', '\\22 ', $font);
+ // $font = str_replace("'", '\\27 ', $font);
- // armor single quotes and new lines
- $font = str_replace("\\", "\\\\", $font);
- $font = str_replace("'", "\\'", $font);
+ // font possibly with spaces, requires quoting
$final .= "'$font', ";
}
$final = rtrim($final, ', ');
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Length.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/ListStyle.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Multiple.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Number.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/Percentage.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php
old mode 100755
new mode 100644
index 435d7930..c2f767e5
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/CSS/URI.php
@@ -34,20 +34,25 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI
$uri = substr($uri, 1, $new_length - 1);
}
- $keys = array( '(', ')', ',', ' ', '"', "'");
- $values = array('\\(', '\\)', '\\,', '\\ ', '\\"', "\\'");
- $uri = str_replace($values, $keys, $uri);
+ $uri = $this->expandCSSEscape($uri);
$result = parent::validate($uri, $config, $context);
if ($result === false) return false;
- // escape necessary characters according to CSS spec
- // except for the comma, none of these should appear in the
- // URI at all
- $result = str_replace($keys, $values, $result);
+ // extra sanity check; should have been done by URI
+ $result = str_replace(array('"', "\\", "\n", "\x0c", "\r"), "", $result);
- return "url($result)";
+ // suspicious characters are ()'; we're going to percent encode
+ // them for safety.
+ $result = str_replace(array('(', ')', "'"), array('%28', '%29', '%27'), $result);
+
+ // there's an extra bug where ampersands lose their escaping on
+ // an innerHTML cycle, so a very unlucky query parameter could
+ // then change the meaning of the URL. Unfortunately, there's
+ // not much we can do about that...
+
+ return "url(\"$result\")";
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Enum.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php
new file mode 100644
index 00000000..370068d9
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php
@@ -0,0 +1,34 @@
+getDefinition('HTML')->doctype->name;
+ if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
+ return parent::split($string, $config, $context);
+ } else {
+ return preg_split('/\s+/', $string);
+ }
+ }
+ protected function filter($tokens, $config, $context) {
+ $allowed = $config->get('Attr.AllowedClasses');
+ $forbidden = $config->get('Attr.ForbiddenClasses');
+ $ret = array();
+ foreach ($tokens as $token) {
+ if (
+ ($allowed === null || isset($allowed[$token])) &&
+ !isset($forbidden[$token]) &&
+ // We need this O(n) check because of PHP's array
+ // implementation that casts -0 to 0.
+ !in_array($token, $ret, true)
+ ) {
+ $ret[] = $token;
+ }
+ }
+ return $ret;
+ }
+}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
old mode 100755
new mode 100644
index 5311a3c6..d01e2045
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php
@@ -9,7 +9,7 @@ class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef
public function validate($string, $config, $context) {
static $colors = null;
- if ($colors === null) $colors = $config->get('Core', 'ColorKeywords');
+ if ($colors === null) $colors = $config->get('Core.ColorKeywords');
$string = trim($string);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
old mode 100755
new mode 100644
index bd281a89..ae6ea7c0
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
@@ -12,7 +12,7 @@ class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum
public function __construct() {}
public function validate($string, $config, $context) {
- if ($this->valid_values === false) $this->valid_values = $config->get('Attr', 'AllowedFrameTargets');
+ if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets');
return parent::validate($string, $config, $context);
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
old mode 100755
new mode 100644
index 7c5c169c..81d03762
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php
@@ -17,18 +17,18 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
public function validate($id, $config, $context) {
- if (!$config->get('Attr', 'EnableID')) return false;
+ if (!$config->get('Attr.EnableID')) return false;
$id = trim($id); // trim it first
if ($id === '') return false;
- $prefix = $config->get('Attr', 'IDPrefix');
+ $prefix = $config->get('Attr.IDPrefix');
if ($prefix !== '') {
- $prefix .= $config->get('Attr', 'IDPrefixLocal');
+ $prefix .= $config->get('Attr.IDPrefixLocal');
// prevent re-appending the prefix
if (strpos($id, $prefix) !== 0) $id = $prefix . $id;
- } elseif ($config->get('Attr', 'IDPrefixLocal') !== '') {
+ } elseif ($config->get('Attr.IDPrefixLocal') !== '') {
trigger_error('%Attr.IDPrefixLocal cannot be used unless '.
'%Attr.IDPrefix is set', E_USER_WARNING);
}
@@ -51,7 +51,7 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
$result = ($trim === '');
}
- $regexp = $config->get('Attr', 'IDBlacklistRegexp');
+ $regexp = $config->get('Attr.IDBlacklistRegexp');
if ($regexp && preg_match($regexp, $id)) {
return false;
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
old mode 100755
new mode 100644
index 8a0da0c8..76d25ed0
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
@@ -27,7 +27,7 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef
public function validate($string, $config, $context) {
- $allowed = $config->get('Attr', $this->name);
+ $allowed = $config->get('Attr.' . $this->name);
if (empty($allowed)) return false;
$string = $this->parseCDATA($string);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
old mode 100755
new mode 100644
index 55035c4d..aa34120b
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
@@ -2,10 +2,6 @@
/**
* Validates contents based on NMTOKENS attribute type.
- * @note The only current use for this is the class attribute in HTML
- * @note Could have some functionality factored out into Nmtoken class
- * @warning We cannot assume this class will be used only for 'class'
- * attributes. Not sure how to hook in magic behavior, then.
*/
class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
{
@@ -17,6 +13,17 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
// early abort: '' and '0' (strings that convert to false) are invalid
if (!$string) return false;
+ $tokens = $this->split($string, $config, $context);
+ $tokens = $this->filter($tokens, $config, $context);
+ if (empty($tokens)) return false;
+ return implode(' ', $tokens);
+
+ }
+
+ /**
+ * Splits a space separated list of tokens into its constituent parts.
+ */
+ protected function split($string, $config, $context) {
// OPTIMIZABLE!
// do the preg_match, capture all subpatterns for reformulation
@@ -24,23 +31,20 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
// escaping because I don't know how to do that with regexps
// and plus it would complicate optimization efforts (you never
// see that anyway).
- $matches = array();
$pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
'((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'.
'(?:(?=\s)|\z)/'; // look ahead for space or string end
preg_match_all($pattern, $string, $matches);
+ return $matches[1];
+ }
- if (empty($matches[1])) return false;
-
- // reconstruct string
- $new_string = '';
- foreach ($matches[1] as $token) {
- $new_string .= $token . ' ';
- }
- $new_string = rtrim($new_string);
-
- return $new_string;
-
+ /**
+ * Template method for removing certain tokens based on arbitrary criteria.
+ * @note If we wanted to be really functional, we'd do an array_filter
+ * with a callback. But... we're not.
+ */
+ protected function filter($tokens, $config, $context) {
+ return $tokens;
}
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Integer.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Lang.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Switch.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/Text.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
old mode 100755
new mode 100644
index 93d2f0bb..01a6d83e
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI.php
@@ -25,7 +25,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
public function validate($uri, $config, $context) {
- if ($config->get('URI', 'Disable')) return false;
+ if ($config->get('URI.Disable')) return false;
$uri = $this->parseCDATA($uri);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php
old mode 100755
new mode 100644
index 2156c10c..feca469d
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/Host.php
@@ -23,6 +23,12 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
public function validate($string, $config, $context) {
$length = strlen($string);
+ // empty hostname is OK; it's usually semantically equivalent:
+ // the default host as defined by a URI scheme is used:
+ //
+ // If the URI scheme defines a default for host, then that
+ // default applies when the host subcomponent is undefined
+ // or when the registered name is empty (zero length).
if ($string === '') return '';
if ($length > 1 && $string[0] === '[' && $string[$length-1] === ']') {
//IPv6
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv4.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/URI/IPv6.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Background.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
old mode 100755
new mode 100644
index 40310b91..4d1a0566
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BdoDir.php
@@ -10,7 +10,7 @@ class HTMLPurifier_AttrTransform_BdoDir extends HTMLPurifier_AttrTransform
public function transform($attr, $config, $context) {
if (isset($attr['dir'])) return $attr;
- $attr['dir'] = $config->get('Attr', 'DefaultTextDir');
+ $attr['dir'] = $config->get('Attr.DefaultTextDir');
return $attr;
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BgColor.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/BoolToCSS.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Border.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/EnumToCSS.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
old mode 100755
new mode 100644
index 25c9403c..7f0e4b7a
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgRequired.php
@@ -15,21 +15,22 @@ class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
$src = true;
if (!isset($attr['src'])) {
- if ($config->get('Core', 'RemoveInvalidImg')) return $attr;
- $attr['src'] = $config->get('Attr', 'DefaultInvalidImage');
+ if ($config->get('Core.RemoveInvalidImg')) return $attr;
+ $attr['src'] = $config->get('Attr.DefaultInvalidImage');
$src = false;
}
if (!isset($attr['alt'])) {
if ($src) {
- $alt = $config->get('Attr', 'DefaultImageAlt');
+ $alt = $config->get('Attr.DefaultImageAlt');
if ($alt === null) {
- $attr['alt'] = basename($attr['src']);
+ // truncate if the alt is too long
+ $attr['alt'] = substr(basename($attr['src']),0,40);
} else {
$attr['alt'] = $alt;
}
} else {
- $attr['alt'] = $config->get('Attr', 'DefaultInvalidImageAlt');
+ $attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
}
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ImgSpace.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Input.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Lang.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Length.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
old mode 100755
new mode 100644
index e6f93aee..15315bc7
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Name.php
@@ -7,6 +7,8 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
{
public function transform($attr, $config, $context) {
+ // Abort early if we're using relaxed definition of name
+ if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr;
if (!isset($attr['name'])) return $attr;
$id = $this->confiscateAttr($attr, 'name');
if ( isset($attr['id'])) return $attr;
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
new file mode 100644
index 00000000..a95638c1
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/NameSync.php
@@ -0,0 +1,27 @@
+idDef = new HTMLPurifier_AttrDef_HTML_ID();
+ }
+
+ public function transform($attr, $config, $context) {
+ if (!isset($attr['name'])) return $attr;
+ $name = $attr['name'];
+ if (isset($attr['id']) && $attr['id'] === $name) return $attr;
+ $result = $this->idDef->validate($name, $config, $context);
+ if ($result === false) unset($attr['name']);
+ else $attr['name'] = $result;
+ return $attr;
+ }
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php
new file mode 100644
index 00000000..573b42c9
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Nofollow.php
@@ -0,0 +1,41 @@
+parser = new HTMLPurifier_URIParser();
+ }
+
+ public function transform($attr, $config, $context) {
+
+ if (!isset($attr['href'])) {
+ return $attr;
+ }
+
+ // XXX Kind of inefficient
+ $url = $this->parser->parse($attr['href']);
+ $scheme = $url->getSchemeObj($config, $context);
+
+ if (!is_null($url->host) && $scheme !== false && $scheme->browsable) {
+ if (isset($attr['rel'])) {
+ $attr['rel'] .= ' nofollow';
+ } else {
+ $attr['rel'] = 'nofollow';
+ }
+ }
+
+ return $attr;
+
+ }
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeEmbed.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeObject.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
old mode 100755
new mode 100644
index 94e8052a..bd86a745
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/SafeParam.php
@@ -19,6 +19,7 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
public function __construct() {
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
+ $this->wmode = new HTMLPurifier_AttrDef_Enum(array('window', 'opaque', 'transparent'));
}
public function transform($attr, $config, $context) {
@@ -33,12 +34,25 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
case 'allowNetworking':
$attr['value'] = 'internal';
break;
+ case 'allowFullScreen':
+ if ($config->get('HTML.FlashAllowFullScreen')) {
+ $attr['value'] = ($attr['value'] == 'true') ? 'true' : 'false';
+ } else {
+ $attr['value'] = 'false';
+ }
+ break;
case 'wmode':
- $attr['value'] = 'window';
+ $attr['value'] = $this->wmode->validate($attr['value'], $config, $context);
break;
case 'movie':
+ case 'src':
+ $attr['name'] = "movie";
$attr['value'] = $this->uri->validate($attr['value'], $config, $context);
break;
+ case 'flashvars':
+ // we're going to allow arbitrary inputs to the SWF, on
+ // the reasoning that it could only hack the SWF, not us.
+ break;
// add other cases to support other param name/value pairs
default:
$attr['name'] = $attr['value'] = null;
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/ScriptRequired.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTransform/Textarea.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrTypes.php b/lib/htmlpurifier/library/HTMLPurifier/AttrTypes.php
old mode 100755
new mode 100644
index 6c624bb0..fc2ea4e5
--- a/lib/htmlpurifier/library/HTMLPurifier/AttrTypes.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/AttrTypes.php
@@ -36,6 +36,9 @@ class HTMLPurifier_AttrTypes
$this->info['Charsets'] = new HTMLPurifier_AttrDef_Text();
$this->info['Character'] = new HTMLPurifier_AttrDef_Text();
+ // "proprietary" types
+ $this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
+
// number is really a positive integer (one or more digits)
// FIXME: ^^ not always, see start and value of list items
$this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrValidator.php b/lib/htmlpurifier/library/HTMLPurifier/AttrValidator.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/Bootstrap.php b/lib/htmlpurifier/library/HTMLPurifier/Bootstrap.php
old mode 100755
new mode 100644
index 559f61a2..607c5b18
--- a/lib/htmlpurifier/library/HTMLPurifier/Bootstrap.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/Bootstrap.php
@@ -37,7 +37,12 @@ class HTMLPurifier_Bootstrap
public static function autoload($class) {
$file = HTMLPurifier_Bootstrap::getPath($class);
if (!$file) return false;
- require HTMLPURIFIER_PREFIX . '/' . $file;
+ // Technically speaking, it should be ok and more efficient to
+ // just do 'require', but Antonio Parraga reports that with
+ // Zend extensions such as Zend debugger and APC, this invariant
+ // may be broken. Since we have efficient alternatives, pay
+ // the cost here and avoid the bug.
+ require_once HTMLPURIFIER_PREFIX . '/' . $file;
return true;
}
@@ -65,10 +70,11 @@ class HTMLPurifier_Bootstrap
if ( ($funcs = spl_autoload_functions()) === false ) {
spl_autoload_register($autoload);
} elseif (function_exists('spl_autoload_unregister')) {
+ $buggy = version_compare(PHP_VERSION, '5.2.11', '<');
$compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
version_compare(PHP_VERSION, '5.1.0', '>=');
foreach ($funcs as $func) {
- if (is_array($func)) {
+ if ($buggy && is_array($func)) {
// :TRICKY: There are some compatibility issues and some
// places where we need to error out
$reflector = new ReflectionMethod($func[0], $func[1]);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/CSSDefinition.php b/lib/htmlpurifier/library/HTMLPurifier/CSSDefinition.php
old mode 100755
new mode 100644
index 1a180573..91619f5d
--- a/lib/htmlpurifier/library/HTMLPurifier/CSSDefinition.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/CSSDefinition.php
@@ -154,7 +154,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
new HTMLPurifier_AttrDef_CSS_Percentage(true),
new HTMLPurifier_AttrDef_Enum(array('auto'))
));
- $max = $config->get('CSS', 'MaxImgLength');
+ $max = $config->get('CSS.MaxImgLength');
$this->info['width'] =
$this->info['height'] =
@@ -211,15 +211,19 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
// partial support
$this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(array('nowrap'));
- if ($config->get('CSS', 'Proprietary')) {
+ if ($config->get('CSS.Proprietary')) {
$this->doSetupProprietary($config);
}
- if ($config->get('CSS', 'AllowTricky')) {
+ if ($config->get('CSS.AllowTricky')) {
$this->doSetupTricky($config);
}
- $allow_important = $config->get('CSS', 'AllowImportant');
+ if ($config->get('CSS.Trusted')) {
+ $this->doSetupTrusted($config);
+ }
+
+ $allow_important = $config->get('CSS.AllowImportant');
// wrap all attr-defs with decorator that handles !important
foreach ($this->info as $k => $v) {
$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
@@ -260,6 +264,23 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
}
+ protected function doSetupTrusted($config) {
+ $this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
+ 'static', 'relative', 'absolute', 'fixed'
+ ));
+ $this->info['top'] =
+ $this->info['left'] =
+ $this->info['right'] =
+ $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length(),
+ new HTMLPurifier_AttrDef_CSS_Percentage(),
+ new HTMLPurifier_AttrDef_Enum(array('auto')),
+ ));
+ $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_Integer(),
+ new HTMLPurifier_AttrDef_Enum(array('auto')),
+ ));
+ }
/**
* Performs extra config-based processing. Based off of
@@ -272,20 +293,29 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
// setup allowed elements
$support = "(for information on implementing this, see the ".
"support forums) ";
- $allowed_attributes = $config->get('CSS', 'AllowedProperties');
- if ($allowed_attributes !== null) {
+ $allowed_properties = $config->get('CSS.AllowedProperties');
+ if ($allowed_properties !== null) {
foreach ($this->info as $name => $d) {
- if(!isset($allowed_attributes[$name])) unset($this->info[$name]);
- unset($allowed_attributes[$name]);
+ if(!isset($allowed_properties[$name])) unset($this->info[$name]);
+ unset($allowed_properties[$name]);
}
// emit errors
- foreach ($allowed_attributes as $name => $d) {
+ foreach ($allowed_properties as $name => $d) {
// :TODO: Is this htmlspecialchars() call really necessary?
$name = htmlspecialchars($name);
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
}
}
+ $forbidden_properties = $config->get('CSS.ForbiddenProperties');
+ if ($forbidden_properties !== null) {
+ foreach ($this->info as $name => $d) {
+ if (isset($forbidden_properties[$name])) {
+ unset($this->info[$name]);
+ }
+ }
+ }
+
}
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Chameleon.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Chameleon.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Custom.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Custom.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Empty.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Empty.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Optional.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Optional.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Required.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Required.php
old mode 100755
new mode 100644
index c3e748b2..4889f249
--- a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Required.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Required.php
@@ -59,7 +59,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
$all_whitespace = true;
// some configuration
- $escape_invalid_children = $config->get('Core', 'EscapeInvalidChildren');
+ $escape_invalid_children = $config->get('Core.EscapeInvalidChildren');
// generator
$gen = new HTMLPurifier_Generator($config, $context);
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/StrictBlockquote.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/StrictBlockquote.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Table.php b/lib/htmlpurifier/library/HTMLPurifier/ChildDef/Table.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/Config.php b/lib/htmlpurifier/library/HTMLPurifier/Config.php
old mode 100755
new mode 100644
index f8e1f780..b6551398
--- a/lib/htmlpurifier/library/HTMLPurifier/Config.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/Config.php
@@ -20,7 +20,7 @@ class HTMLPurifier_Config
/**
* HTML Purifier's version
*/
- public $version = '3.3.0';
+ public $version = '4.3.0';
/**
* Bool indicator whether or not to automatically finalize
@@ -68,12 +68,31 @@ class HTMLPurifier_Config
*/
protected $plist;
+ /**
+ * Whether or not a set is taking place due to an
+ * alias lookup.
+ */
+ private $aliasMode;
+
+ /**
+ * Set to false if you do not want line and file numbers in errors
+ * (useful when unit testing). This will also compress some errors
+ * and exceptions.
+ */
+ public $chatty = true;
+
+ /**
+ * Current lock; only gets to this namespace are allowed.
+ */
+ private $lock;
+
/**
* @param $definition HTMLPurifier_ConfigSchema that defines what directives
* are allowed.
*/
- public function __construct($definition) {
- $this->plist = new HTMLPurifier_PropertyList($definition->defaultPlist);
+ public function __construct($definition, $parent = null) {
+ $parent = $parent ? $parent : $definition->defaultPlist;
+ $this->plist = new HTMLPurifier_PropertyList($parent);
$this->def = $definition; // keep a copy around for checking
$this->parser = new HTMLPurifier_VarParser_Flexible();
}
@@ -102,6 +121,16 @@ class HTMLPurifier_Config
return $ret;
}
+ /**
+ * Creates a new config object that inherits from a previous one.
+ * @param HTMLPurifier_Config $config Configuration object to inherit
+ * from.
+ * @return HTMLPurifier_Config object with $config as its parent.
+ */
+ public static function inherit(HTMLPurifier_Config $config) {
+ return new HTMLPurifier_Config($config->def, $config->plist);
+ }
+
/**
* Convenience constructor that creates a default configuration object.
* @return Default HTMLPurifier_Config object.
@@ -114,24 +143,34 @@ class HTMLPurifier_Config
/**
* Retreives a value from the configuration.
- * @param $namespace String namespace
* @param $key String key
*/
- public function get($namespace, $key) {
- if (!$this->finalized) $this->autoFinalize ? $this->finalize() : $this->plist->squash(true);
- if (!isset($this->def->info[$namespace][$key])) {
+ public function get($key, $a = null) {
+ if ($a !== null) {
+ $this->triggerError("Using deprecated API: use \$config->get('$key.$a') instead", E_USER_WARNING);
+ $key = "$key.$a";
+ }
+ if (!$this->finalized) $this->autoFinalize();
+ if (!isset($this->def->info[$key])) {
// can't add % due to SimpleTest bug
- trigger_error('Cannot retrieve value of undefined directive ' . htmlspecialchars("$namespace.$key"),
+ $this->triggerError('Cannot retrieve value of undefined directive ' . htmlspecialchars($key),
E_USER_WARNING);
return;
}
- if (isset($this->def->info[$namespace][$key]->isAlias)) {
- $d = $this->def->info[$namespace][$key];
- trigger_error('Cannot get value from aliased directive, use real name ' . $d->namespace . '.' . $d->name,
+ if (isset($this->def->info[$key]->isAlias)) {
+ $d = $this->def->info[$key];
+ $this->triggerError('Cannot get value from aliased directive, use real name ' . $d->key,
E_USER_ERROR);
return;
}
- return $this->plist->get("$namespace.$key");
+ if ($this->lock) {
+ list($ns) = explode('.', $key);
+ if ($ns !== $this->lock) {
+ $this->triggerError('Cannot get value of namespace ' . $ns . ' when lock for ' . $this->lock . ' is active, this probably indicates a Definition setup method is accessing directives that are not within its namespace', E_USER_ERROR);
+ return;
+ }
+ }
+ return $this->plist->get($key);
}
/**
@@ -139,13 +178,13 @@ class HTMLPurifier_Config
* @param $namespace String namespace
*/
public function getBatch($namespace) {
- if (!$this->finalized) $this->autoFinalize ? $this->finalize() : $this->plist->squash(true);
- if (!isset($this->def->info[$namespace])) {
- trigger_error('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
+ if (!$this->finalized) $this->autoFinalize();
+ $full = $this->getAll();
+ if (!isset($full[$namespace])) {
+ $this->triggerError('Cannot retrieve undefined namespace ' . htmlspecialchars($namespace),
E_USER_WARNING);
return;
}
- $full = $this->getAll();
return $full[$namespace];
}
@@ -178,9 +217,10 @@ class HTMLPurifier_Config
/**
* Retrieves all directives, organized by namespace
+ * @warning This is a pretty inefficient function, avoid if you can
*/
public function getAll() {
- if (!$this->finalized) $this->autoFinalize ? $this->finalize() : $this->plist->squash(true);
+ if (!$this->finalized) $this->autoFinalize();
$ret = array();
foreach ($this->plist->squash() as $name => $value) {
list($ns, $key) = explode('.', $name, 2);
@@ -191,29 +231,37 @@ class HTMLPurifier_Config
/**
* Sets a value to configuration.
- * @param $namespace String namespace
* @param $key String key
* @param $value Mixed value
*/
- public function set($namespace, $key, $value, $from_alias = false) {
+ public function set($key, $value, $a = null) {
+ if (strpos($key, '.') === false) {
+ $namespace = $key;
+ $directive = $value;
+ $value = $a;
+ $key = "$key.$directive";
+ $this->triggerError("Using deprecated API: use \$config->set('$key', ...) instead", E_USER_NOTICE);
+ } else {
+ list($namespace) = explode('.', $key);
+ }
if ($this->isFinalized('Cannot set directive after finalization')) return;
- if (!isset($this->def->info[$namespace][$key])) {
- trigger_error('Cannot set undefined directive ' . htmlspecialchars("$namespace.$key") . ' to value',
+ if (!isset($this->def->info[$key])) {
+ $this->triggerError('Cannot set undefined directive ' . htmlspecialchars($key) . ' to value',
E_USER_WARNING);
return;
}
- $def = $this->def->info[$namespace][$key];
+ $def = $this->def->info[$key];
if (isset($def->isAlias)) {
- if ($from_alias) {
- trigger_error('Double-aliases not allowed, please fix '.
- 'ConfigSchema bug with' . "$namespace.$key", E_USER_ERROR);
+ if ($this->aliasMode) {
+ $this->triggerError('Double-aliases not allowed, please fix '.
+ 'ConfigSchema bug with' . $key, E_USER_ERROR);
return;
}
- $this->set($new_ns = $def->namespace,
- $new_dir = $def->name,
- $value, true);
- trigger_error("$namespace.$key is an alias, preferred directive name is $new_ns.$new_dir", E_USER_NOTICE);
+ $this->aliasMode = true;
+ $this->set($def->key, $value);
+ $this->aliasMode = false;
+ $this->triggerError("$key is an alias, preferred directive name is {$def->key}", E_USER_NOTICE);
return;
}
@@ -231,7 +279,7 @@ class HTMLPurifier_Config
try {
$value = $this->parser->parse($value, $type, $allow_null);
} catch (HTMLPurifier_VarParserException $e) {
- trigger_error('Value for ' . "$namespace.$key" . ' is of invalid type, should be ' . HTMLPurifier_VarParser::getTypeName($type), E_USER_WARNING);
+ $this->triggerError('Value for ' . $key . ' is of invalid type, should be ' . HTMLPurifier_VarParser::getTypeName($type), E_USER_WARNING);
return;
}
if (is_string($value) && is_object($def)) {
@@ -241,17 +289,17 @@ class HTMLPurifier_Config
}
// check to see if the value is allowed
if (isset($def->allowed) && !isset($def->allowed[$value])) {
- trigger_error('Value not supported, valid values are: ' .
+ $this->triggerError('Value not supported, valid values are: ' .
$this->_listify($def->allowed), E_USER_WARNING);
return;
}
}
- $this->plist->set("$namespace.$key", $value);
+ $this->plist->set($key, $value);
// reset definitions if the directives they depend on changed
// this is a very costly process, so it's discouraged
// with finalization
- if ($namespace == 'HTML' || $namespace == 'CSS') {
+ if ($namespace == 'HTML' || $namespace == 'CSS' || $namespace == 'URI') {
$this->definitions[$namespace] = null;
}
@@ -271,74 +319,203 @@ class HTMLPurifier_Config
* Retrieves object reference to the HTML definition.
* @param $raw Return a copy that has not been setup yet. Must be
* called before it's been setup, otherwise won't work.
+ * @param $optimized If true, this method may return null, to
+ * indicate that a cached version of the modified
+ * definition object is available and no further edits
+ * are necessary. Consider using
+ * maybeGetRawHTMLDefinition, which is more explicitly
+ * named, instead.
*/
- public function getHTMLDefinition($raw = false) {
- return $this->getDefinition('HTML', $raw);
+ public function getHTMLDefinition($raw = false, $optimized = false) {
+ return $this->getDefinition('HTML', $raw, $optimized);
}
/**
* Retrieves object reference to the CSS definition
* @param $raw Return a copy that has not been setup yet. Must be
* called before it's been setup, otherwise won't work.
+ * @param $optimized If true, this method may return null, to
+ * indicate that a cached version of the modified
+ * definition object is available and no further edits
+ * are necessary. Consider using
+ * maybeGetRawCSSDefinition, which is more explicitly
+ * named, instead.
*/
- public function getCSSDefinition($raw = false) {
- return $this->getDefinition('CSS', $raw);
+ public function getCSSDefinition($raw = false, $optimized = false) {
+ return $this->getDefinition('CSS', $raw, $optimized);
+ }
+
+ /**
+ * Retrieves object reference to the URI definition
+ * @param $raw Return a copy that has not been setup yet. Must be
+ * called before it's been setup, otherwise won't work.
+ * @param $optimized If true, this method may return null, to
+ * indicate that a cached version of the modified
+ * definition object is available and no further edits
+ * are necessary. Consider using
+ * maybeGetRawURIDefinition, which is more explicitly
+ * named, instead.
+ */
+ public function getURIDefinition($raw = false, $optimized = false) {
+ return $this->getDefinition('URI', $raw, $optimized);
}
/**
* Retrieves a definition
* @param $type Type of definition: HTML, CSS, etc
* @param $raw Whether or not definition should be returned raw
+ * @param $optimized Only has an effect when $raw is true. Whether
+ * or not to return null if the result is already present in
+ * the cache. This is off by default for backwards
+ * compatibility reasons, but you need to do things this
+ * way in order to ensure that caching is done properly.
+ * Check out enduser-customize.html for more details.
+ * We probably won't ever change this default, as much as the
+ * maybe semantics is the "right thing to do."
*/
- public function getDefinition($type, $raw = false) {
- if (!$this->finalized) $this->autoFinalize ? $this->finalize() : $this->plist->squash(true);
+ public function getDefinition($type, $raw = false, $optimized = false) {
+ if ($optimized && !$raw) {
+ throw new HTMLPurifier_Exception("Cannot set optimized = true when raw = false");
+ }
+ if (!$this->finalized) $this->autoFinalize();
+ // temporarily suspend locks, so we can handle recursive definition calls
+ $lock = $this->lock;
+ $this->lock = null;
$factory = HTMLPurifier_DefinitionCacheFactory::instance();
$cache = $factory->create($type, $this);
+ $this->lock = $lock;
if (!$raw) {
- // see if we can quickly supply a definition
+ // full definition
+ // ---------------
+ // check if definition is in memory
+ if (!empty($this->definitions[$type])) {
+ $def = $this->definitions[$type];
+ // check if the definition is setup
+ if ($def->setup) {
+ return $def;
+ } else {
+ $def->setup($this);
+ if ($def->optimized) $cache->add($def, $this);
+ return $def;
+ }
+ }
+ // check if definition is in cache
+ $def = $cache->get($this);
+ if ($def) {
+ // definition in cache, save to memory and return it
+ $this->definitions[$type] = $def;
+ return $def;
+ }
+ // initialize it
+ $def = $this->initDefinition($type);
+ // set it up
+ $this->lock = $type;
+ $def->setup($this);
+ $this->lock = null;
+ // save in cache
+ $cache->add($def, $this);
+ // return it
+ return $def;
+ } else {
+ // raw definition
+ // --------------
+ // check preconditions
+ $def = null;
+ if ($optimized) {
+ if (is_null($this->get($type . '.DefinitionID'))) {
+ // fatally error out if definition ID not set
+ throw new HTMLPurifier_Exception("Cannot retrieve raw version without specifying %$type.DefinitionID");
+ }
+ }
if (!empty($this->definitions[$type])) {
- if (!$this->definitions[$type]->setup) {
- $this->definitions[$type]->setup($this);
- $cache->set($this->definitions[$type], $this);
+ $def = $this->definitions[$type];
+ if ($def->setup && !$optimized) {
+ $extra = $this->chatty ? " (try moving this code block earlier in your initialization)" : "";
+ throw new HTMLPurifier_Exception("Cannot retrieve raw definition after it has already been setup" . $extra);
+ }
+ if ($def->optimized === null) {
+ $extra = $this->chatty ? " (try flushing your cache)" : "";
+ throw new HTMLPurifier_Exception("Optimization status of definition is unknown" . $extra);
+ }
+ if ($def->optimized !== $optimized) {
+ $msg = $optimized ? "optimized" : "unoptimized";
+ $extra = $this->chatty ? " (this backtrace is for the first inconsistent call, which was for a $msg raw definition)" : "";
+ throw new HTMLPurifier_Exception("Inconsistent use of optimized and unoptimized raw definition retrievals" . $extra);
}
- return $this->definitions[$type];
}
- // memory check missed, try cache
- $this->definitions[$type] = $cache->get($this);
- if ($this->definitions[$type]) {
- // definition in cache, return it
- return $this->definitions[$type];
+ // check if definition was in memory
+ if ($def) {
+ if ($def->setup) {
+ // invariant: $optimized === true (checked above)
+ return null;
+ } else {
+ return $def;
+ }
+ }
+ // if optimized, check if definition was in cache
+ // (because we do the memory check first, this formulation
+ // is prone to cache slamming, but I think
+ // guaranteeing that either /all/ of the raw
+ // setup code or /none/ of it is run is more important.)
+ if ($optimized) {
+ // This code path only gets run once; once we put
+ // something in $definitions (which is guaranteed by the
+ // trailing code), we always short-circuit above.
+ $def = $cache->get($this);
+ if ($def) {
+ // save the full definition for later, but don't
+ // return it yet
+ $this->definitions[$type] = $def;
+ return null;
+ }
+ }
+ // check invariants for creation
+ if (!$optimized) {
+ if (!is_null($this->get($type . '.DefinitionID'))) {
+ if ($this->chatty) {
+ $this->triggerError("Due to a documentation error in previous version of HTML Purifier, your definitions are not being cached. If this is OK, you can remove the %$type.DefinitionRev and %$type.DefinitionID declaration. Otherwise, modify your code to use maybeGetRawDefinition, and test if the returned value is null before making any edits (if it is null, that means that a cached version is available, and no raw operations are necessary). See Customize for more details", E_USER_WARNING);
+ } else {
+ $this->triggerError("Useless DefinitionID declaration", E_USER_WARNING);
+ }
+ }
}
- } elseif (
- !empty($this->definitions[$type]) &&
- !$this->definitions[$type]->setup
- ) {
- // raw requested, raw in memory, quick return
- return $this->definitions[$type];
+ // initialize it
+ $def = $this->initDefinition($type);
+ $def->optimized = $optimized;
+ return $def;
}
+ throw new HTMLPurifier_Exception("The impossible happened!");
+ }
+
+ private function initDefinition($type) {
// quick checks failed, let's create the object
if ($type == 'HTML') {
- $this->definitions[$type] = new HTMLPurifier_HTMLDefinition();
+ $def = new HTMLPurifier_HTMLDefinition();
} elseif ($type == 'CSS') {
- $this->definitions[$type] = new HTMLPurifier_CSSDefinition();
+ $def = new HTMLPurifier_CSSDefinition();
} elseif ($type == 'URI') {
- $this->definitions[$type] = new HTMLPurifier_URIDefinition();
+ $def = new HTMLPurifier_URIDefinition();
} else {
throw new HTMLPurifier_Exception("Definition of $type type not supported");
}
- // quick abort if raw
- if ($raw) {
- if (is_null($this->get($type, 'DefinitionID'))) {
- // fatally error out if definition ID not set
- throw new HTMLPurifier_Exception("Cannot retrieve raw version without specifying %$type.DefinitionID");
- }
- return $this->definitions[$type];
- }
- // set it up
- $this->definitions[$type]->setup($this);
- // save in cache
- $cache->set($this->definitions[$type], $this);
- return $this->definitions[$type];
+ $this->definitions[$type] = $def;
+ return $def;
+ }
+
+ public function maybeGetRawDefinition($name) {
+ return $this->getDefinition($name, true, true);
+ }
+
+ public function maybeGetRawHTMLDefinition() {
+ return $this->getDefinition('HTML', true, true);
+ }
+
+ public function maybeGetRawCSSDefinition() {
+ return $this->getDefinition('CSS', true, true);
+ }
+
+ public function maybeGetRawURIDefinition() {
+ return $this->getDefinition('URI', true, true);
}
/**
@@ -351,14 +528,12 @@ class HTMLPurifier_Config
foreach ($config_array as $key => $value) {
$key = str_replace('_', '.', $key);
if (strpos($key, '.') !== false) {
- // condensed form
- list($namespace, $directive) = explode('.', $key);
- $this->set($namespace, $directive, $value);
+ $this->set($key, $value);
} else {
$namespace = $key;
$namespace_values = $value;
foreach ($namespace_values as $directive => $value) {
- $this->set($namespace, $directive, $value);
+ $this->set($namespace .'.'. $directive, $value);
}
}
}
@@ -394,16 +569,15 @@ class HTMLPurifier_Config
}
}
$ret = array();
- foreach ($schema->info as $ns => $keypairs) {
- foreach ($keypairs as $directive => $def) {
- if ($allowed !== true) {
- if (isset($blacklisted_directives["$ns.$directive"])) continue;
- if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
- }
- if (isset($def->isAlias)) continue;
- if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
- $ret[] = array($ns, $directive);
+ foreach ($schema->info as $key => $def) {
+ list($ns, $directive) = explode('.', $key, 2);
+ if ($allowed !== true) {
+ if (isset($blacklisted_directives["$ns.$directive"])) continue;
+ if (!isset($allowed_directives["$ns.$directive"]) && !isset($allowed_ns[$ns])) continue;
}
+ if (isset($def->isAlias)) continue;
+ if ($directive == 'DefinitionID' || $directive == 'DefinitionRev') continue;
+ $ret[] = array($ns, $directive);
}
return $ret;
}
@@ -472,7 +646,7 @@ class HTMLPurifier_Config
*/
public function isFinalized($error = false) {
if ($this->finalized && $error) {
- trigger_error($error, E_USER_ERROR);
+ $this->triggerError($error, E_USER_ERROR);
}
return $this->finalized;
}
@@ -482,7 +656,11 @@ class HTMLPurifier_Config
* already finalized
*/
public function autoFinalize() {
- if (!$this->finalized && $this->autoFinalize) $this->finalize();
+ if ($this->autoFinalize) {
+ $this->finalize();
+ } else {
+ $this->plist->squash(true);
+ }
}
/**
@@ -490,6 +668,40 @@ class HTMLPurifier_Config
*/
public function finalize() {
$this->finalized = true;
+ unset($this->parser);
+ }
+
+ /**
+ * Produces a nicely formatted error message by supplying the
+ * stack frame information OUTSIDE of HTMLPurifier_Config.
+ */
+ protected function triggerError($msg, $no) {
+ // determine previous stack frame
+ $extra = '';
+ if ($this->chatty) {
+ $trace = debug_backtrace();
+ // zip(tail(trace), trace) -- but PHP is not Haskell har har
+ for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
+ if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
+ continue;
+ }
+ $frame = $trace[$i];
+ $extra = " invoked on line {$frame['line']} in file {$frame['file']}";
+ break;
+ }
+ }
+ trigger_error($msg . $extra, $no);
+ }
+
+ /**
+ * Returns a serialized form of the configuration object that can
+ * be reconstituted.
+ */
+ public function serialize() {
+ $this->getDefinition('HTML');
+ $this->getDefinition('CSS');
+ $this->getDefinition('URI');
+ return serialize($this);
}
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php
old mode 100755
new mode 100644
index 340ed7db..fadf7a58
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php
@@ -60,7 +60,13 @@ class HTMLPurifier_ConfigSchema {
* Unserializes the default ConfigSchema.
*/
public static function makeFromSerial() {
- return unserialize(file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser'));
+ $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema.ser');
+ $r = unserialize($contents);
+ if (!$r) {
+ $hash = sha1($contents);
+ trigger_error("Unserialization of configuration schema failed, sha1 of file was $hash", E_USER_ERROR);
+ }
+ return $r;
}
/**
@@ -87,24 +93,13 @@ class HTMLPurifier_ConfigSchema {
* HTMLPurifier_DirectiveDef::$type for allowed values
* @param $allow_null Whether or not to allow null values
*/
- public function add($namespace, $name, $default, $type, $allow_null) {
+ public function add($key, $default, $type, $allow_null) {
$obj = new stdclass();
$obj->type = is_int($type) ? $type : HTMLPurifier_VarParser::$types[$type];
if ($allow_null) $obj->allow_null = true;
- $this->info[$namespace][$name] = $obj;
- $this->defaults[$namespace][$name] = $default;
- $this->defaultPlist->set("$namespace.$name", $default);
- }
-
- /**
- * Defines a namespace for directives to be put into.
- * @warning This is slightly different from the corresponding static
- * method.
- * @param $namespace Namespace's name
- */
- public function addNamespace($namespace) {
- $this->info[$namespace] = array();
- $this->defaults[$namespace] = array();
+ $this->info[$key] = $obj;
+ $this->defaults[$key] = $default;
+ $this->defaultPlist->set($key, $default);
}
/**
@@ -116,12 +111,12 @@ class HTMLPurifier_ConfigSchema {
* @param $name Name of Directive
* @param $aliases Hash of aliased values to the real alias
*/
- public function addValueAliases($namespace, $name, $aliases) {
- if (!isset($this->info[$namespace][$name]->aliases)) {
- $this->info[$namespace][$name]->aliases = array();
+ public function addValueAliases($key, $aliases) {
+ if (!isset($this->info[$key]->aliases)) {
+ $this->info[$key]->aliases = array();
}
foreach ($aliases as $alias => $real) {
- $this->info[$namespace][$name]->aliases[$alias] = $real;
+ $this->info[$key]->aliases[$alias] = $real;
}
}
@@ -133,8 +128,8 @@ class HTMLPurifier_ConfigSchema {
* @param $name Name of directive
* @param $allowed Lookup array of allowed values
*/
- public function addAllowedValues($namespace, $name, $allowed) {
- $this->info[$namespace][$name]->allowed = $allowed;
+ public function addAllowedValues($key, $allowed) {
+ $this->info[$key]->allowed = $allowed;
}
/**
@@ -144,88 +139,26 @@ class HTMLPurifier_ConfigSchema {
* @param $new_namespace
* @param $new_name Directive that the alias will be to
*/
- public function addAlias($namespace, $name, $new_namespace, $new_name) {
+ public function addAlias($key, $new_key) {
$obj = new stdclass;
- $obj->namespace = $new_namespace;
- $obj->name = $new_name;
+ $obj->key = $new_key;
$obj->isAlias = true;
- $this->info[$namespace][$name] = $obj;
+ $this->info[$key] = $obj;
}
/**
* Replaces any stdclass that only has the type property with type integer.
*/
public function postProcess() {
- foreach ($this->info as $namespace => $info) {
- foreach ($info as $directive => $v) {
- if (count((array) $v) == 1) {
- $this->info[$namespace][$directive] = $v->type;
- } elseif (count((array) $v) == 2 && isset($v->allow_null)) {
- $this->info[$namespace][$directive] = -$v->type;
- }
+ foreach ($this->info as $key => $v) {
+ if (count((array) $v) == 1) {
+ $this->info[$key] = $v->type;
+ } elseif (count((array) $v) == 2 && isset($v->allow_null)) {
+ $this->info[$key] = -$v->type;
}
}
}
- // DEPRECATED METHODS
-
- /** @see HTMLPurifier_ConfigSchema->set() */
- public static function define($namespace, $name, $default, $type, $description) {
- HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
- $type_values = explode('/', $type, 2);
- $type = $type_values[0];
- $modifier = isset($type_values[1]) ? $type_values[1] : false;
- $allow_null = ($modifier === 'null');
- $def = HTMLPurifier_ConfigSchema::instance();
- $def->add($namespace, $name, $default, $type, $allow_null);
- }
-
- /** @see HTMLPurifier_ConfigSchema->addNamespace() */
- public static function defineNamespace($namespace, $description) {
- HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
- $def = HTMLPurifier_ConfigSchema::instance();
- $def->addNamespace($namespace);
- }
-
- /** @see HTMLPurifier_ConfigSchema->addValueAliases() */
- public static function defineValueAliases($namespace, $name, $aliases) {
- HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
- $def = HTMLPurifier_ConfigSchema::instance();
- $def->addValueAliases($namespace, $name, $aliases);
- }
-
- /** @see HTMLPurifier_ConfigSchema->addAllowedValues() */
- public static function defineAllowedValues($namespace, $name, $allowed_values) {
- HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
- $allowed = array();
- foreach ($allowed_values as $value) {
- $allowed[$value] = true;
- }
- $def = HTMLPurifier_ConfigSchema::instance();
- $def->addAllowedValues($namespace, $name, $allowed);
- }
-
- /** @see HTMLPurifier_ConfigSchema->addAlias() */
- public static function defineAlias($namespace, $name, $new_namespace, $new_name) {
- HTMLPurifier_ConfigSchema::deprecated(__METHOD__);
- $def = HTMLPurifier_ConfigSchema::instance();
- $def->addAlias($namespace, $name, $new_namespace, $new_name);
- }
-
- /** @deprecated, use HTMLPurifier_VarParser->parse() */
- public function validate($a, $b, $c = false) {
- trigger_error("HTMLPurifier_ConfigSchema->validate deprecated, use HTMLPurifier_VarParser->parse instead", E_USER_NOTICE);
- $parser = new HTMLPurifier_VarParser();
- return $parser->parse($a, $b, $c);
- }
-
- /**
- * Throws an E_USER_NOTICE stating that a method is deprecated.
- */
- private static function deprecated($method) {
- trigger_error("Static HTMLPurifier_ConfigSchema::$method deprecated, use add*() method instead", E_USER_NOTICE);
- }
-
}
// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
old mode 100755
new mode 100644
index 987f547b..c05668a7
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
@@ -9,36 +9,28 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
public function build($interchange) {
$schema = new HTMLPurifier_ConfigSchema();
- foreach ($interchange->namespaces as $n) {
- $schema->addNamespace($n->namespace);
- }
foreach ($interchange->directives as $d) {
$schema->add(
- $d->id->namespace,
- $d->id->directive,
+ $d->id->key,
$d->default,
$d->type,
$d->typeAllowsNull
);
if ($d->allowed !== null) {
$schema->addAllowedValues(
- $d->id->namespace,
- $d->id->directive,
+ $d->id->key,
$d->allowed
);
}
foreach ($d->aliases as $alias) {
$schema->addAlias(
- $alias->namespace,
- $alias->directive,
- $d->id->namespace,
- $d->id->directive
+ $alias->key,
+ $d->id->key
);
}
if ($d->valueAliases !== null) {
$schema->addValueAliases(
- $d->id->namespace,
- $d->id->directive,
+ $d->id->key,
$d->valueAliases
);
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/Xml.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
old mode 100755
new mode 100644
index 51bcab78..244561a3
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Builder/Xml.php
@@ -8,6 +8,7 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
{
protected $interchange;
+ private $namespace;
protected function writeHTMLDiv($html) {
$this->startElement('div');
@@ -34,36 +35,33 @@ class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
$this->startElement('configdoc');
$this->writeElement('title', $interchange->name);
- foreach ($interchange->namespaces as $namespace) {
- $this->buildNamespace($namespace);
+ foreach ($interchange->directives as $directive) {
+ $this->buildDirective($directive);
}
+ if ($this->namespace) $this->endElement(); // namespace
+
$this->endElement(); // configdoc
$this->flush();
}
- public function buildNamespace($namespace) {
- $this->startElement('namespace');
- $this->writeAttribute('id', $namespace->namespace);
-
- $this->writeElement('name', $namespace->namespace);
- $this->startElement('description');
- $this->writeHTMLDiv($namespace->description);
- $this->endElement(); // description
+ public function buildDirective($directive) {
- foreach ($this->interchange->directives as $directive) {
- if ($directive->id->namespace !== $namespace->namespace) continue;
- $this->buildDirective($directive);
+ // Kludge, although I suppose having a notion of a "root namespace"
+ // certainly makes things look nicer when documentation is built.
+ // Depends on things being sorted.
+ if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
+ if ($this->namespace) $this->endElement(); // namespace
+ $this->namespace = $directive->id->getRootNamespace();
+ $this->startElement('namespace');
+ $this->writeAttribute('id', $this->namespace);
+ $this->writeElement('name', $this->namespace);
}
- $this->endElement(); // namespace
- }
-
- public function buildDirective($directive) {
$this->startElement('directive');
$this->writeAttribute('id', $directive->id->toString());
- $this->writeElement('name', $directive->id->directive);
+ $this->writeElement('name', $directive->id->getDirective());
$this->startElement('aliases');
foreach ($directive->aliases as $alias) $this->writeElement('alias', $alias->toString());
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Exception.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Exception.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange.php
old mode 100755
new mode 100644
index 365c6635..91a5aa73
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange.php
@@ -13,26 +13,11 @@ class HTMLPurifier_ConfigSchema_Interchange
*/
public $name;
- /**
- * Array of Namespace ID => array(namespace info)
- */
- public $namespaces = array();
-
/**
* Array of Directive ID => array(directive info)
*/
public $directives = array();
- /**
- * Adds a namespace array to $namespaces
- */
- public function addNamespace($namespace) {
- if (isset($this->namespaces[$i = $namespace->namespace])) {
- throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine namespace '$i'");
- }
- $this->namespaces[$i] = $namespace;
- }
-
/**
* Adds a directive array to $directives
*/
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Id.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
old mode 100755
new mode 100644
index ec01589b..b9b3c6f5
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Interchange/Id.php
@@ -6,11 +6,10 @@
class HTMLPurifier_ConfigSchema_Interchange_Id
{
- public $namespace, $directive;
+ public $key;
- public function __construct($namespace, $directive) {
- $this->namespace = $namespace;
- $this->directive = $directive;
+ public function __construct($key) {
+ $this->key = $key;
}
/**
@@ -18,12 +17,19 @@ class HTMLPurifier_ConfigSchema_Interchange_Id
* cause problems for PHP 5.0 support.
*/
public function toString() {
- return $this->namespace . '.' . $this->directive;
+ return $this->key;
+ }
+
+ public function getRootNamespace() {
+ return substr($this->key, 0, strpos($this->key, "."));
+ }
+
+ public function getDirective() {
+ return substr($this->key, strpos($this->key, ".") + 1);
}
public static function make($id) {
- list($namespace, $directive) = explode('.', $id);
- return new HTMLPurifier_ConfigSchema_Interchange_Id($namespace, $directive);
+ return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
}
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
old mode 100755
new mode 100644
index a1a24eac..785b72ce
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
@@ -13,13 +13,17 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
}
public static function buildFromDirectory($dir = null) {
- $parser = new HTMLPurifier_StringHashParser();
$builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
$interchange = new HTMLPurifier_ConfigSchema_Interchange();
+ return $builder->buildDir($interchange, $dir);
+ }
- if (!$dir) $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema/';
- $info = parse_ini_file($dir . 'info.ini');
- $interchange->name = $info['name'];
+ public function buildDir($interchange, $dir = null) {
+ if (!$dir) $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
+ if (file_exists($dir . '/info.ini')) {
+ $info = parse_ini_file($dir . '/info.ini');
+ $interchange->name = $info['name'];
+ }
$files = array();
$dh = opendir($dir);
@@ -33,15 +37,20 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
sort($files);
foreach ($files as $file) {
- $builder->build(
- $interchange,
- new HTMLPurifier_StringHash( $parser->parseFile($dir . $file) )
- );
+ $this->buildFile($interchange, $dir . '/' . $file);
}
return $interchange;
}
+ public function buildFile($interchange, $file) {
+ $parser = new HTMLPurifier_StringHashParser();
+ $this->build(
+ $interchange,
+ new HTMLPurifier_StringHash( $parser->parseFile($file) )
+ );
+ }
+
/**
* Builds an interchange object based on a hash.
* @param $interchange HTMLPurifier_ConfigSchema_Interchange object to build
@@ -55,22 +64,17 @@ class HTMLPurifier_ConfigSchema_InterchangeBuilder
throw new HTMLPurifier_ConfigSchema_Exception('Hash does not have any ID');
}
if (strpos($hash['ID'], '.') === false) {
- $this->buildNamespace($interchange, $hash);
+ if (count($hash) == 2 && isset($hash['DESCRIPTION'])) {
+ $hash->offsetGet('DESCRIPTION'); // prevent complaining
+ } else {
+ throw new HTMLPurifier_ConfigSchema_Exception('All directives must have a namespace');
+ }
} else {
$this->buildDirective($interchange, $hash);
}
$this->_findUnused($hash);
}
- public function buildNamespace($interchange, $hash) {
- $namespace = new HTMLPurifier_ConfigSchema_Interchange_Namespace();
- $namespace->namespace = $hash->offsetGet('ID');
- if (isset($hash['DESCRIPTION'])) {
- $namespace->description = $hash->offsetGet('DESCRIPTION');
- }
- $interchange->addNamespace($namespace);
- }
-
public function buildDirective($interchange, $hash) {
$directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Validator.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Validator.php
old mode 100755
new mode 100644
index 2dfd37ba..f374f6a0
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Validator.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/Validator.php
@@ -39,10 +39,6 @@ class HTMLPurifier_ConfigSchema_Validator
$this->aliases = array();
// PHP is a bit lax with integer <=> string conversions in
// arrays, so we don't use the identical !== comparison
- foreach ($interchange->namespaces as $i => $namespace) {
- if ($i != $namespace->namespace) $this->error(false, "Integrity violation: key '$i' does not match internal id '{$namespace->namespace}'");
- $this->validateNamespace($namespace);
- }
foreach ($interchange->directives as $i => $directive) {
$id = $directive->id->toString();
if ($i != $id) $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
@@ -51,20 +47,6 @@ class HTMLPurifier_ConfigSchema_Validator
return true;
}
- /**
- * Validates a HTMLPurifier_ConfigSchema_Interchange_Namespace object.
- */
- public function validateNamespace($n) {
- $this->context[] = "namespace '{$n->namespace}'";
- $this->with($n, 'namespace')
- ->assertNotEmpty()
- ->assertAlnum(); // implicit assertIsString handled by InterchangeBuilder
- $this->with($n, 'description')
- ->assertNotEmpty()
- ->assertIsString(); // handled by InterchangeBuilder
- array_pop($this->context);
- }
-
/**
* Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
*/
@@ -75,12 +57,11 @@ class HTMLPurifier_ConfigSchema_Validator
// handled by InterchangeBuilder
$this->error(false, 'is not an instance of HTMLPurifier_ConfigSchema_Interchange_Id');
}
- if (!isset($this->interchange->namespaces[$id->namespace])) {
- $this->error('namespace', 'does not exist'); // assumes that the namespace was validated already
- }
- $this->with($id, 'directive')
+ // keys are now unconstrained (we might want to narrow down to A-Za-z0-9.)
+ // we probably should check that it has at least one namespace
+ $this->with($id, 'key')
->assertNotEmpty()
- ->assertAlnum(); // implicit assertIsString handled by InterchangeBuilder
+ ->assertIsString(); // implicit assertIsString handled by InterchangeBuilder
array_pop($this->context);
}
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/ValidatorAtom.php
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema.ser b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema.ser
old mode 100755
new mode 100644
index 1eaecd11f856504cde09c1b302c7c1cfd65ec00b..245ba5d2d09c71529c7e1357160a3393ff280a4d
GIT binary patch
literal 14140
zcmeHOTT>g$5k5b~#i_ic$|?jn$CjV4KxI_`QwY~Nc{;U7gP5?|RrX>-T>kI*zMh_o
zmKE3!NnT`^jkMj<)6=(^>HYXLI(ReM`*?kRcG*_;)|%?iaar8j%x%`@O}+O%8x8m0@#*m0Xz#dbs=;xdmtW0doM&}yz;W@u9vvKQ5+_x*GS^wP
zG)~6;=-YRQz~rfjE0c4AZNx7L5jx38ne}sR#wW+u$2#}E(oUSx(^a-K$9dDy%u|am
zS#B4?vj+8ML>9C^9PLfr<5!k*a9ps8ioZ4w&55l@0(;)bCyo^DPmAm(
zH`9~7_cx<`&N@`Wq^xf2VquD4)nJytDa-WaL!Qm=b6aC&o_cWblzL^B=3(ttA7-AO
zTvq1RJ|s&XdYgLMSvk+(kZ2P+wQWi$x5}CUKVD{4wyd)ConOI_c8fgYwr*Suz9nflp*KB7qQ0hJtDlLY`;ve
zfH*IznJ{~fL*`tUW46wU`ghyhm2JbQvNvtRJai#Nua0Lkm!;Fyx~!V4K*T5&{s`3T
z%FgeDorf@5AeqIaESS2I+=$YIa#@vYQ#ID-K0|k8p##5Iy#$n9~4%9f}G
zi%5tML7SP%q89wyNRl1|?)dyNqatDhE>dJAR8y^NUAx$@qoa3+j0Xh7xU9_Jc)6?$
zs9#L}II$0B;sZvEc!(V1GSAJtIjyR)+Vr1N%j)mu@oQNvB=%tEZ(@^GR+VKz13{@@
z-|q8|CP2m2yXTXMe-1O2RaUry#UYc)@f$Y;q({Sg9!GH;zroyP4(&bV?LKGXHw;?0
z)jCf|`yeXgZ9BiKZRUqj++@OU5cu`ZHeu96{*Z!1%RM1BgJP6LX{-$lFz49oCl~!iJXhFIG&BC)A1d)g*kKzjNBH5@uTc&r@7(!B#fnmLZ5nG*>zYl
zw5^**h7?V}vw~mK86vmU-4+VEU>L$_A|JLfl}l=W4w2{QnJpUpi-yDG!r>Qr!Cj5n
ze__7nFt6w?6`j?DesTp_jfKJ#+~ZYq3@Au*CVH`)7Ijm#bKNb}s90GdZ6>S6p{sHB
zph{fo#OAQypu2w_Vx3AleQ0Rp8LjjoFX#95K>Q@`*0_P@+qq|R)NN;k=fz&z#baVp
zEMTipA3F4hGX0}$uiG1Oq{Jrd%>$=DHbyU`Pt$!&yo6jy=`n!BV2G}idR{Kt+;2w*
zu%;vOuzG=W=pddKbr(d+3X9nBcbsRip)pTjzqR~Cd
J9BR9$987y=rXE!}Jz%Iz2KhDp_ZeH*B6r#jt)@Bqe+K(7SR&oWD^FCb$sX$>m_u<~agg3b$qfRxfjg
zb3nRYe-7Z@xycp%?syzaB?7U#p8c);M1L`0JE>E@rP)lX(asMzGOUm}GQAI3>nz#;OH!)VSdB8QL!ZxZJY^&VvmrK>#6`NBM@qalb;HBt++38?
zd0D`F>RzaVJB2SZa-n5O$Y8^7lAw1@gXDJWf(HB=YCi3pp#+zn0Y&6CvST4dvH8_}
z)xpR%o%%yoCn-i{^it@Qp$j3%so_FSdGy#EvJghtq@+oRFczY%d6x{!hoh3m*epy{
z@PwfGrz+wC#!;SpW$LnpEoCYG$ef6ILRT>#OI|{yVyLcs(sMs$UQyn8c5jYv>N3Yw
z#p|RRpSN-{_2oyn`RK{q47Na>8Pt~s$781k4>+WK!ojMt3ta!DM-ifcUT0ZEk}O=8
z;L=^BKRxY;=nVz8R4meUM6k$T{`$)zYjAwrHAGx<1=d88>>47whRCiVvTKM)8|8A>
z5Q#mRT|;Eo5ZN_Eb`6oit|1~llU+k(*AQVJaMuuF*JalbaqoL}4UzwALj*k-G&a`S
z5oHesO%^tzP1IX;*atw=MTGxPgV=+VKI#jf(aG;kWXc5<+#J8%E?j8D8Y+T`i=oAqocElBj
zcDN&uhi$|@9U$VK{jy$Za&NKqac;BN*L((^qMkzAP1M=|r`XXu`U1VSF3m$z)Ei+{
z9)aRrz*e7*b+8qMrYNR>PK>AseoSyF(Jl#(f3K#hq5Yc>yQmbEKpo;NiZ`K#w0j5W
zu?>~t6h34`1yR&>HRz1+FqY>X_k*+cJCnW&N_6M<>-u?6jEjVhW(k%>U!xLC<0p~O
zh^i#ap5v#0FVSBCrIG+&lnR#zst3L(35E%z0DSSK4DI%WsJ&sqz9p{D988#b8VnLJ7RmUkZ
zCnAjRI6Z;`74wC>^)|JBAf*Llk9T5SdYxKt6
z;Bp8M<-my{k<*6&QM-G_E&@b%4zFm0ceq;FhwNa)_}yD3??rcjOU?j(4Ltx4T>~?R
zws3_f1$a0H7PEu_Iok{HP-(0zQCjyss%k~YC_rL!FM1w|5fL6yv#nr^$oxVyB9gZX
zNkAq25s7SbgWW!cSBV{1%Kt_U_;C9g6zZathB>~KS6N@M*pJNCZ!Sc~^XB?*EAXtd
z`I0^E4$QH`7yTQ@ykN8+oVnL-M3rpynLj1;p^jXh1gMJMP&nfC5$hnTgTNt_z*D9N
z(1L{)EC1OyNfhYfzApnHD0OY!(^QO{4AgO-X{Dfr_futo6wOWWQD~WJ_0dllW
zU=OAi%#fEGH+NnKJQco`!I7%S0@*vfX#%{b<6rsZ05~U6(UD_wH2mdBL#HC|
zR4)LRw7O%xVzO|8+l&|q7;m`1lZK3V&Aa8vA>GYHvuat1sNs6Qm|5I9&a{%?AOJN7qF7<-F^-}SEy1aR9?RH9x*5&s3;3TgwV^-
zFt^LQ0HZ@dc=S_*?HGam3ZR1*W4|iu;xSRGW>DWFqI6k4zZDS`pUO6_Px}^xy!JQf
zj*R{qhICUf(-x4Gn>w7$ws1YK%F9r$UgfqTyVM*}cfs{}WS3ImxGu8G*BChD3Ajr~
zAq#rIT}s3_u|FM&M8a>JymYGO&8tUV|8l|GgB^>DC3;Brgn$}yaRf_{=+Iq$l@P~=
zD5U&7DG%_9`KiPN+4Xef)9d082`?i(xGUO5+93+x0?UiG=}PLi3MykVpNEC{{gt8B
zLr#!cPCxFL3EvaCigBp1jvYF{G1s8!hmE<(RAq&Yd1*R@Jbg0%HsqKNehECrdB1=E
E4@82k;{X5v
literal 11324
zcmeHN+in}l5#3KQxX4R@6-e1$+w_wxiLemeAZn4#(_%!nsE&s-%*;@hV));4PF3IL
zLP^;K0TRTEg*{ze)phIYI^DdO?!TRmK3|`mUT!OUYfbgrVOiYT)qHVh*4b$Kdit%N
zzMqbk<~G~rO+EUUO(**td@~G))x;CLb`8=jB(koK@M{TxZqFD93pE?R!0)jKhR0
zlap~^{5~0nYDc>6$vRt^gS;7iJpTwmSjiKL`z*Ihp^req68vj_e{hCK0RQXh=tLP`
zSxP3$1O_>w*XE%)vM{ZN{iB>liW82D>?SuSN28B7(=k~lkaP4Y&lX>DTSK{E(YqGm
z%B;-8MshGg;+l27o*V7{1J^Y*l5O
zJFnKy)6wC!Zpw9{5RJ3-CeI#EZSm!os}nyNnsUV6KKhXf-0riXOM<~yW?kN!rGiTSpmbN
z*M)Lj*~OQrHY{=JcUhGiQ#IB=vg8Y7Beb@#jV+5SgB-Kd2|SEU9-U`(y~!VE_Tf}~Ad1slWuBWwb6izr1w);4lu%ZGGLK)&
zY6${1>^lmCVe70a%Ys%y_>b?${Nutz8q6-|~sFt!%!8x-z4C2O;(-9-Ra!U_CG_-t9{Xga9;!E%VJouM#
zd%e98yT-JObwW69pZUf`%g^y{K(p$jA6>DoX*Z!SQ***>)GjHxn3hp6H{~s
z+l!~j4EP``1IhX;hc9+&167>suxLDi*g-sbF2T`lc4&mN^+vW$s&LwHgb6VMfsEzb
z=N!&I9CC0vj6upt9g#D5X>mGgLiP?m4MBE`)BlFYg{ufW0j
zi3xYG1f$mrW^wG);DF<*U|O4{-J*Md3Xn^xZpO$&K^0saH9+$Hs;SEWA_|amv28Y6
zXp`ZL_@;G@L4%>)ZLL9v)N}JSN8QxeUV}g?Kby@>wb{4cTI!cpvu8Oeo6<*4(dRH4#Ofau#e
z9o$9H{xn}5vnu>4t9@pI)wR8<1YIANM-=|~%(XS!WSB`jQ7QPF`60Y)ddNiR=OKss^qh`4v#FM
z%*~=Q4O%N*k|^T>r*dVN04IWcLLem*;cWVEsUYT3LBd5JbGe2Uy*aGWQw90>!ykWG
zW)1p|Z2CdYNBWBix#t$!0kdFMI;)Mfdc*{9@#qsymk@2#6;}7u9ncG!w}d3qp2S}$
z1}Wbl2ouah5A>iI(nPoi@fZWurKX@Ph#i7vs05BzVOtxYp|mh60sQO@LNaOQc7F^tqER3ysiKrg80a&7>=!DbTMN1K$#1j4zs2Tn8QyTG_a{BGzLXZHadvH&T@
zre$w8W}}NZV;Hz4)c>Qm>F9q4y}f3ZY22TKaLi}Ud?AjLW|Q-GqB$?Hh1j}~E~IX2
zRtwjmHj839;|Xx*C;o1P7i=2Dc|3_lkq+8p4VLkpkWcCieYF$!u};JZ-7e9$7>d&N
zhAOxt^^usbzSQ1LY5_o0UF`k@|Lyf$ei{G8^9y4ErdP@A$`aOPF}eLVuBGk
zw$UW=T156CWmv5ZEZJcT2XnXuFT*ON>;Rd5IZo*!%_zBzH;GJT#RPSt13;)0b>f77
z0%=k!H?M^_36$J;4|yUEjzm3E0E*2DA_3@LA9QM82GHp@a)2lQ37iRkaOnhVLQ{@7
z05Oa=ku`3PzfAYHC6Rle6+|WqTL*li=p@5E0P0kH4urC@C1QF2(TPdGsMB>9AazEb
zWqnZUG){r36TbtTrqnJ#b?ZC{Qsq_$Saaj9fmn|r6C(?K;_&Yiwz$QG!_fPmTo>+q
z|FhHg5ZQhG8yJ;$8JUZ%;F2U_P&@reo<86pPfMVsf6`%D8z2kvbdNsRe{M#=m>0CT
zZkC66R@Wna(!n&nz*9CvG*gUE9|#`D)rmX~>Lm@nsz&ZMa0dnC4~Y?_+UYy`09o1s
zsCN2+!;qZ}dt~YihMWjXoe5aWk2yH%2uM_y%*fZ#$BtbRC-|?x^K8Az7PtwC*HUur
zLkb6>k(1-TY<-a1%wHn$VgpM>pcrnh1WE%x5;?k8NwpoR=$j^IHRI5ElhmnLJfK_W
zI3z>|g)-pYr!5@IVd@8#sGk5?NnU>&*b(PJE&T{?I2gz>S_NI@(j|emae1M5SnGyi
zgS(|kAuU2G`3><%!FCyY%S=G_cF$VPdSp)P9CcR0$mbs-{my|AUFa$#*b5RnD@kp<
z%B%aLif)aUq*K(Wl~6qOqCAhX;iYzBVPSf%|L*DB%DA-OJzInnIU|z1;C|-u%&}ur
z94r=Q)6BMcj$DvOHe~xtEDpYF8T`z;vcGJ}pI#v>;prdd^C?
zwlzU9o)XzL?uK_x0OoX&oz`)v69JpnBDgd`X-qU<>=vQra&Y?J
zpwm<02NdF2hMk>&eMaC#&%@5mPc0}10Bjy~6v2j;YTdqiQ0S&X4doGG^6DDD>#61UQ2HJxx*`b}T%8e7HfiLR+WKm;H{Qt|
zXSBI-7I@M`Rb+=u#4vbA;hYL10yzzy#1;DVIwiUfHu&3!7_wgL)P2ghBp`I{dB;>8}->S@2-z&cMSFwox5Ya$Vrq5lc6x
zM+3WFBP4coZV?=Ok`0jFAE1c>Zj9XLHaCAl_mOx*6fZVkx%{rmTS0J`=3
A=l}o!
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
new file mode 100644
index 00000000..0517fed0
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
@@ -0,0 +1,8 @@
+Attr.AllowedClasses
+TYPE: lookup/null
+VERSION: 4.0.0
+DEFAULT: null
+--DESCRIPTION--
+List of allowed class values in the class attribute. By default, this is null,
+which means all classes are allowed.
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
new file mode 100644
index 00000000..e774b823
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
@@ -0,0 +1,19 @@
+Attr.ClassUseCDATA
+TYPE: bool/null
+DEFAULT: null
+VERSION: 4.0.0
+--DESCRIPTION--
+If null, class will auto-detect the doctype and, if matching XHTML 1.1 or
+XHTML 2.0, will use the restrictive NMTOKENS specification of class. Otherwise,
+it will use a relaxed CDATA definition. If true, the relaxed CDATA definition
+is forced; if false, the NMTOKENS definition is forced. To get behavior
+of HTML Purifier prior to 4.0.0, set this directive to false.
+
+Some rational behind the auto-detection:
+in previous versions of HTML Purifier, it was assumed that the form of
+class was NMTOKENS, as specified by the XHTML Modularization (representing
+XHTML 1.1 and XHTML 2.0). The DTDs for HTML 4.01 and XHTML 1.0, however
+specify class as CDATA. HTML 5 effectively defines it as CDATA, but
+with the additional constraint that each name should be unique (this is not
+explicitly outlined in previous specifications).
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
new file mode 100644
index 00000000..f31d226f
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
@@ -0,0 +1,8 @@
+Attr.ForbiddenClasses
+TYPE: lookup
+VERSION: 4.0.0
+DEFAULT: array()
+--DESCRIPTION--
+List of forbidden class values in the class attribute. By default, this is
+empty, which means that no classes are forbidden. See also %Attr.AllowedClasses.
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
new file mode 100644
index 00000000..db58b134
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
@@ -0,0 +1,12 @@
+AutoFormat.PurifierLinkify.DocURL
+TYPE: string
+VERSION: 2.0.1
+DEFAULT: '#%s'
+ALIASES: AutoFormatParam.PurifierLinkifyDocURL
+--DESCRIPTION--
+
+ Location of configuration documentation to link to, let %s substitute
+ into the configuration's namespace and directive names sans the percent
+ sign.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
new file mode 100644
index 00000000..35c393b4
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
@@ -0,0 +1,11 @@
+AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions
+TYPE: lookup
+VERSION: 4.0.0
+DEFAULT: array('td' => true, 'th' => true)
+--DESCRIPTION--
+
+ When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp
+ are enabled, this directive defines what HTML elements should not be
+ removede if they have only a non-breaking space in them.
+
+ When enabled, HTML Purifier will treat any elements that contain only
+ non-breaking spaces as well as regular whitespace as empty, and remove
+ them when %AutoForamt.RemoveEmpty is enabled.
+
+
+ See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements
+ that don't have this behavior applied to them.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
old mode 100755
new mode 100644
index aaede47d..34657ba4
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
@@ -31,7 +31,8 @@ DEFAULT: false
Elements that contain only whitespace will be treated as empty. Non-breaking
- spaces, however, do not count as whitespace.
+ spaces, however, do not count as whitespace. See
+ %AutoFormat.RemoveEmpty.RemoveNbsp for alternate behavior.
This algorithm is not perfect; you may still notice some empty tags,
@@ -39,7 +40,7 @@ DEFAULT: false
because they were not permitted in that context, or tags that, after
being auto-closed by another tag, where empty. This is for safety reasons
to prevent clever code from breaking validation. The general rule of thumb:
- if a tag looked empty on the way end, it will get removed; if HTML Purifier
+ if a tag looked empty on the way in, it will get removed; if HTML Purifier
made it empty, it will stay.
+ This directive causes span tags without any attributes
+ to be removed. It will also remove spans that had all attributes
+ removed during processing.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
new file mode 100644
index 00000000..3fd46540
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
@@ -0,0 +1,12 @@
+CSS.AllowedFonts
+TYPE: lookup/null
+VERSION: 4.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+ Allows you to manually specify a set of allowed fonts. If
+ NULL, all fonts are allowed. This directive
+ affects generic names (serif, sans-serif, monospace, cursive,
+ fantasy) as well as specific font families.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
new file mode 100644
index 00000000..f1f5c5f1
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
@@ -0,0 +1,13 @@
+CSS.ForbiddenProperties
+TYPE: lookup
+VERSION: 4.2.0
+DEFAULT: array()
+--DESCRIPTION--
+
+ This is the logical inverse of %CSS.AllowedProperties, and it will
+ override that directive or any other directive. If possible,
+ %CSS.AllowedProperties is recommended over this directive,
+ because it can sometimes be difficult to tell whether or not you've
+ forbidden all of the CSS properties you truly would like to disallow.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
new file mode 100644
index 00000000..e733a61e
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
@@ -0,0 +1,9 @@
+CSS.Trusted
+TYPE: bool
+VERSION: 4.2.1
+DEFAULT: false
+--DESCRIPTION--
+Indicates whether or not the user's CSS input is trusted or not. If the
+input is trusted, a more expansive set of allowed properties. See
+also %HTML.Trusted.
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
new file mode 100644
index 00000000..b2b83d9a
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
@@ -0,0 +1,11 @@
+Cache.SerializerPermissions
+TYPE: int
+VERSION: 4.3.0
+DEFAULT: 0755
+--DESCRIPTION--
+
+
+ Directory permissions of the files and directories created inside
+ the DefinitionCache/Serializer or other custom serializer path.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.Language.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
new file mode 100644
index 00000000..d77f5360
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
@@ -0,0 +1,11 @@
+Core.NormalizeNewlines
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: true
+--DESCRIPTION--
+
+ Whether or not to normalize newlines to the operating
+ system default. When false, HTML Purifier
+ will attempt to preserve mixed newline files.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
new file mode 100644
index 00000000..3397d9f7
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
@@ -0,0 +1,11 @@
+Core.RemoveProcessingInstructions
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+Instead of escaping processing instructions in the form <? ...
+?>, remove it out-right. This may be useful if the HTML
+you are validating contains XML processing instruction gunk, however,
+it can also be user-unfriendly for people attempting to post PHP
+snippets.
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
new file mode 100644
index 00000000..16829bcd
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
@@ -0,0 +1,14 @@
+Filter.ExtractStyleBlocks.Escaping
+TYPE: bool
+VERSION: 3.0.0
+DEFAULT: true
+ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping
+--DESCRIPTION--
+
+
+ Whether or not to escape the dangerous characters <, > and &
+ as \3C, \3E and \26, respectively. This is can be safely set to false
+ if the contents of StyleBlocks will be placed in an external stylesheet,
+ where there is no risk of it being interpreted as HTML.
+
+ If you would like users to be able to define external stylesheets, but
+ only allow them to specify CSS declarations for a specific node and
+ prevent them from fiddling with other elements, use this directive.
+ It accepts any valid CSS selector, and will prepend this to any
+ CSS declaration extracted from the document. For example, if this
+ directive is set to #user-content and a user uses the
+ selector a:hover, the final selector will be
+ #user-content a:hover.
+
+
+ The comma shorthand may be used; consider the above example, with
+ #user-content, #user-content2, the final selector will
+ be #user-content a:hover, #user-content2 a:hover.
+
+
+ Warning: It is possible for users to bypass this measure
+ using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML
+ Purifier, and I am working to get it fixed. Until then, HTML Purifier
+ performs a basic check to prevent this.
+
+ If left NULL, HTML Purifier will attempt to instantiate a csstidy
+ class to use for internal cleaning. This will usually be good enough.
+
+
+ However, for trusted user input, you can set this to false to
+ disable cleaning. In addition, you can supply your own concrete implementation
+ of Tidy's interface to use, although I don't know why you'd want to do that.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
old mode 100755
new mode 100644
index 7fa6536b..321eaa2d
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
@@ -3,6 +3,11 @@ TYPE: bool
VERSION: 3.1.0
DEFAULT: false
--DESCRIPTION--
+
+ Warning: Deprecated in favor of %HTML.SafeObject and
+ %Output.FlashCompat (turn both on to allow YouTube videos and other
+ Flash content).
+
Warning: If another directive conflicts with the
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
new file mode 100644
index 00000000..151fb7b8
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
@@ -0,0 +1,11 @@
+HTML.Attr.Name.UseCDATA
+TYPE: bool
+DEFAULT: false
+VERSION: 4.0.0
+--DESCRIPTION--
+The W3C specification DTD defines the name attribute to be CDATA, not ID, due
+to limitations of DTD. In certain documents, this relaxed behavior is desired,
+whether it is to specify duplicate names, or to specify names that would be
+illegal IDs (for example, names that begin with a digit.) Set this configuration
+directive to true to use the relaxed parsing rules.
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
new file mode 100644
index 00000000..7878dc0b
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
@@ -0,0 +1,11 @@
+HTML.FlashAllowFullScreen
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+
+ Whether or not to permit embedded Flash content from
+ %HTML.SafeObject to expand to the full screen. Corresponds to
+ the allowFullScreen parameter.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
new file mode 100644
index 00000000..700b3092
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
@@ -0,0 +1,7 @@
+HTML.Nofollow
+TYPE: bool
+VERSION: 4.3.0
+DEFAULT: FALSE
+--DESCRIPTION--
+If enabled, nofollow rel attributes are added to all outgoing links.
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
old mode 100755
new mode 100644
index f635a685..cdda09a4
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
@@ -7,8 +7,7 @@ DEFAULT: false
Whether or not to permit embed tags in documents, with a number of extra
security features added to prevent script execution. This is similar to
what websites like MySpace do to embed tags. Embed is a proprietary
- element and will cause your website to stop validating. You probably want
- to enable this with %HTML.SafeObject.
- Highly experimental.
-
+ element and will cause your website to stop validating; you should
+ see if you can use %Output.FlashCompat with %HTML.SafeObject instead
+ first.
--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
old mode 100755
new mode 100644
index 32967b88..ceb342e2
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
@@ -6,9 +6,8 @@ DEFAULT: false
Whether or not to permit object tags in documents, with a number of extra
security features added to prevent script execution. This is similar to
- what websites like MySpace do to object tags. You may also want to
- enable %HTML.SafeEmbed for maximum interoperability with Internet Explorer,
- although embed tags will cause your website to stop validating.
- Highly experimental.
+ what websites like MySpace do to object tags. You should also enable
+ %Output.FlashCompat in order to generate Internet Explorer
+ compatibility code for your object tags.
--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
old mode 100755
new mode 100644
index 89133b1a..1db9237e
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
@@ -5,4 +5,5 @@ DEFAULT: false
--DESCRIPTION--
Indicates whether or not the user input is trusted or not. If the input is
trusted, a more expansive set of allowed tags and attributes will be used.
+See also %CSS.Trusted.
--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
new file mode 100644
index 00000000..d6f0d9f2
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
@@ -0,0 +1,15 @@
+Output.FixInnerHTML
+TYPE: bool
+VERSION: 4.3.0
+DEFAULT: true
+--DESCRIPTION--
+
+ If true, HTML Purifier will protect against Internet Explorer's
+ mishandling of the innerHTML attribute by appending
+ a space to any attribute that does not contain angled brackets, spaces
+ or quotes, but contains a backtick. This slightly changes the
+ semantics of any given attribute, so if this is unacceptable and
+ you do not use innerHTML on any of your pages, you can
+ turn this directive off.
+
+ If true, HTML Purifier will generate Internet Explorer compatibility
+ code for all object code. This is highly recommended if you enable
+ %HTML.SafeObject.
+
+--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
old mode 100755
new mode 100644
index 98fdfe92..666635a5
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
@@ -12,4 +12,6 @@ array (
--DESCRIPTION--
Whitelist that defines the schemes that a URI is allowed to have. This
prevents XSS attacks from using pseudo-schemes like javascript or mocha.
+There is also support for the data and file
+URI schemes, but they are not enabled by default.
--# vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Base.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
old mode 100755
new mode 100644
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
old mode 100755
new mode 100644
index 51e6ea91..f891de49
--- a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
+++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
@@ -1,12 +1,15 @@
URI.DisableResources
TYPE: bool
-VERSION: 1.3.0
+VERSION: 4.2.0
DEFAULT: false
--DESCRIPTION--
-
Disables embedding resources, essentially meaning no pictures. You can
still link to them though. See %URI.DisableExternalResources for why
this might be a good idea.
+
+ Note: While this directive has been available since 1.3.0,
+ it didn't actually start doing anything until 4.2.0.
+