File "SafeObject.php"

Full Path: /home/capoeirajd/www/wp-content/plugins/wpforms-lite/vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/SafeObject.php
File size: 1.62 KB
MIME-type: text/x-php
Charset: utf-8

<?php

namespace WPForms\Vendor;

/**
 * A "safe" object module. In theory, objects permitted by this module will
 * be safe, and untrusted users can be allowed to embed arbitrary flash objects
 * (maybe other types too, but only Flash is supported as of right now).
 * Highly experimental.
 */
class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
{
    /**
     * @type string
     */
    public $name = 'SafeObject';
    /**
     * @param HTMLPurifier_Config $config
     */
    public function setup($config)
    {
        // These definitions are not intrinsically safe: the attribute transforms
        // are a vital part of ensuring safety.
        $max = $config->get('HTML.MaxImgLength');
        $object = $this->addElement('object', 'Inline', 'Optional: param | Flow | #PCDATA', 'Common', array(
            // While technically not required by the spec, we're forcing
            // it to this value.
            'type' => 'Enum#application/x-shockwave-flash',
            'width' => 'Pixels#' . $max,
            'height' => 'Pixels#' . $max,
            'data' => 'URI#embedded',
            'codebase' => new HTMLPurifier_AttrDef_Enum(array('http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0')),
        ));
        $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();
        $param = $this->addElement('param', \false, 'Empty', \false, array('id' => 'ID', 'name*' => 'Text', 'value' => 'Text'));
        $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
        $this->info_injector[] = 'SafeObject';
    }
}
// vim: et sw=4 sts=4