Bharat Mediratta
82dd468002
Refactor interaction with the purifier module so that the API is
...
cleaner and we don't need to know about the module innards. Move the
config file over there too.
2009-09-03 11:25:02 -07:00
Andy Staudacher
e2d5944e56
Minor performance improvement: Reduce module var cache lookups in SafeString.
2009-09-03 08:49:14 -07:00
Andy Staudacher
8f6a120b52
Ensure that purify isn't applied twice for an already purified SafeString
2009-09-03 08:39:44 -07:00
Tim Almdal
f2bbb2963a
Remove debugging statementes
2009-09-02 07:07:47 -07:00
Tim Almdal
7fbd012d71
Move HTMLPurifier from core to contrib and make it optional. Delete the modules/gallery/lib and HTMLPurifier.php
2009-09-02 07:06:28 -07:00
Andy Staudacher
df38a890a6
Tabs to spaces cleanup
2009-08-30 18:07:13 -07:00
Andy Staudacher
beb711d6a0
Rename clean_js to js_string and have it return a complete JS string (with delimiters) instead of just the string contents.
...
Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
2009-08-30 15:21:02 -07:00
Andy Staudacher
83344b9e7d
Bugfix: Don't forget to copy the _is_purified_html flag when cloning a SafeString.
2009-08-29 12:50:20 -07:00
Andy Staudacher
a10063ff68
Add more factory methods for convenience:
...
SafeString::purify() and SafeString::of_safe_html().
Removing SafeString::mark_html_safe() since it's no longer needed.
2009-08-29 12:34:09 -07:00
Andy Staudacher
7adb9ea2e3
Adding SafeString::for_html_attr()
2009-08-29 11:48:55 -07:00
Andy Staudacher
020281d932
Adding SafeString which is going to replace p::clean() and p::purify().
...
Refactoring of Xss_Security_Test.
t() and t2() return a SafeString instance.
TODO:
- Update all code to use SafeString where appropriate.
- Update golden fole of Xss_Security_Test
- Stop reporting CLEAN vars in Xss_Security_Test
2009-08-29 10:45:47 -07:00
