htmlpurifier-4.15.0-lite

2023-03-06 12:24:30 +01:00 · 2023-03-06 12:24:30 +01:00 · 6b8e58ba32
commit 6b8e58ba32
parent b5f0021573
2 changed files with 27 additions and 0 deletions
--- a/webmail/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
+++ b/webmail/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
@ -0,0 +1,16 @@
+<?php
+
+class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
+{
+    public function validate($string, $config, $context)
+    {
+        $allowed = array('false');
+        if ($config->get('HTML.Trusted')) {
+            $allowed = array('', 'true', 'false');
+        }
+
+        $enum = new HTMLPurifier_AttrDef_Enum($allowed);
+
+        return $enum->validate($string, $config, $context);
+    }
+}
--- a/webmail/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt
+++ b/webmail/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt
@ -0,0 +1,11 @@
+HTML.Forms
+TYPE: bool
+VERSION: 4.13.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit form elements in the user input, regardless of
+    %HTML.Trusted value. Please be very careful when using this functionality, as
+    enabling forms in untrusted documents may allow for phishing attacks.
+</p>
+--# vim: et sw=4 sts=4