Skip to content

Commit

Permalink
Allow target HTML attribute
Browse files Browse the repository at this point in the history 
Add "target" as an allowed HTML attribute. Closes #19
  • Loading branch information
@samerton
samerton committed Oct 27, 2015
1 parent 8c29d52 commit e124390
Show file tree
Hide file tree
Showing 15 changed files with 34 additions and 13 deletions.
2 changes: 2 additions & 0 deletions pages/admin/core.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,6 +402,8 @@
$config->set('URI.DisableExternalResources', false);
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,i,a,s');
$config->set('HTML.AllowedAttributes', 'target, href');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$purifier = new HTMLPurifier($config);
?>
<h4>Registration</h4>
Expand Down
3 changes: 2 additions & 1 deletion pages/admin/pages.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,i,a,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
Expand Down
3 changes: 2 additions & 1 deletion pages/admin/users.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -422,7 +422,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,a,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$purifier = new HTMLPurifier($config);

$signature = $purifier->purify(htmlspecialchars_decode($individual[0]->signature));
Expand Down
3 changes: 2 additions & 1 deletion pages/donate.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,a,p,b,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$purifier = new HTMLPurifier($config);

if(isset($top_row)){
Expand Down
3 changes: 2 additions & 1 deletion pages/extra.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@
$config->set('URI.DisableExternalResources', false);
$config->set('HTML.Allowed', 'u,p,b,i,a,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
Expand Down
3 changes: 2 additions & 1 deletion pages/forum/create_post.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,a,p,b,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, href, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
Expand Down
3 changes: 2 additions & 1 deletion pages/forum/edit_post.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
Expand Down
5 changes: 4 additions & 1 deletion pages/forum/report_post.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,10 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,a,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);

$clean = $purifier->purify(htmlspecialchars_decode($reported_post[1][0]));
Expand Down
3 changes: 2 additions & 1 deletion pages/forum/view_topic.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,i,a,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
Expand Down
3 changes: 2 additions & 1 deletion pages/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,a,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, target, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
Expand Down
3 changes: 2 additions & 1 deletion pages/mod/applications.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,a,b,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$purifier = new HTMLPurifier($config);
echo $purifier->purify(htmlspecialchars_decode($comment->content));
?>
Expand Down
3 changes: 2 additions & 1 deletion pages/mod/reports.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,a,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('text-align', 'float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'href, src, height, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
Expand Down
2 changes: 2 additions & 0 deletions pages/register.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,8 @@
$config->set('URI.DisableExternalResources', false);
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,i,a,s');
$config->set('HTML.AllowedAttributes', 'target, href');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$purifier = new HTMLPurifier($config);
?>
<!-- Modal -->
Expand Down
5 changes: 4 additions & 1 deletion pages/user/messaging.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,10 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,a,p,b,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'src, height, width, alt, href, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%');
$purifier = new HTMLPurifier($config);
$message = $purifier->purify(htmlspecialchars_decode($message));
} else {
Expand Down
3 changes: 2 additions & 1 deletion pages/user/settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,8 @@
$config->set('URI.DisableResources', false);
$config->set('HTML.Allowed', 'u,p,b,a,i,small,blockquote,span[style],span[class],p,strong,em,li,ul,ol,div[align],br,img');
$config->set('CSS.AllowedProperties', array('float', 'color','background-color', 'background', 'font-size', 'font-family', 'text-decoration', 'font-weight', 'font-style', 'font-size'));
$config->set('HTML.AllowedAttributes', 'src, height, href, width, alt, class, *.style');
$config->set('HTML.AllowedAttributes', 'target, href, src, height, width, alt, class, *.style');
$config->set('Attr.AllowedFrameTargets', array('_blank', '_self', '_parent', '_top'));
$purifier = new HTMLPurifier($config);

$signature = $purifier->purify(htmlspecialchars_decode($user->data()->signature));
Expand Down

0 comments on commit e124390

Please sign in to comment.