Файл: htmlpurifier-4.3.0/docs/proposal-new-directives.txt
Строк: 77
Configuration Ideas
Here are some theoretical configuration ideas that
we could implement some
time. Note the naming convention:
%Namespace.Directive. If you want one
implemented, give us a ring, and
we'll move it up the priority chain.
%Attr.RewriteFragments - if there's
%Attr.IDPrefix we may want to transparently
rewrite the URLs we parse
too. However, we can only do it when it's a pure
anchor link, so it's
not
foolproof
%Attr.ClassBlacklist,
%Attr.ClassWhitelist,
%Attr.ClassPolicy
- determines what classes are allowed. When
%Attr.ClassPolicy is set
to Blacklist, only allow those not in
%Attr.ClassBlacklist. When it's
Whitelist, only allow those in
%Attr.ClassWhitelist.
%Attr.MaxWidth,
%Attr.MaxHeight - caps for width
and height related checks.
(the hack in Pixels for an image crashing
attack could be replaced by this)
%URI.AddRelNofollow - will add
rel="nofollow" to all links, preventing the
spread of
ill-gotten pagerank
%URI.HostBlacklistRegex - regexes that if matching
the host are disallowed
%URI.HostWhitelist - domain names that are
excluded from the host blacklist
%URI.HostPolicy - determines whether or
not its reject all and then whitelist
or allow all in then do specific
blacklists with whitelist intervening.
'DenyAll' or 'AllowAll'
(default)
%URI.DisableIPHosts - URIs that have IP addresses for hosts
are disallowed.
Be sure to also grab unusual encodings (dword, hex and
octal), which may
be currently be caught by regular
DNS
%URI.DisableIDN - Disallow raw internationalized domain names.
Punycode
will still be permitted.
%URI.ConvertUnusualIPHosts -
transform dword/hex/octal IP addresses to the
regular
form
%URI.ConvertAbsoluteDNS - Remove extra dots after host names that
trigger
absolute DNS. While this is actually the preferred method
according to
the RFC, most people opt to use a relative domain name
relative to . (root).
vim: et sw=4 sts=4