Administrator / test_1

Blame view

vendor/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt 2.69 KB
Edit Raw Normal View History
70f4f18b   Administrator   first_commit 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
  URI.Munge
  TYPE: string/null
  VERSION: 1.3.0
  DEFAULT: NULL
  --DESCRIPTION--
  
  <p>
      Munges all browsable (usually http, https and ftp)
      absolute URIs into another URI, usually a URI redirection service.
      This directive accepts a URI, formatted with a <code>%s</code> where
      the url-encoded original URI should be inserted (sample:
      <code>http://www.google.com/url?q=%s</code>).
  </p>
  <p>
      Uses for this directive:
  </p>
  <ul>
      <li>
          Prevent PageRank leaks, while being fairly transparent
          to users (you may also want to add some client side JavaScript to
          override the text in the statusbar). <strong>Notice</strong>:
          Many security experts believe that this form of protection does not deter spam-bots.
      </li>
      <li>
          Redirect users to a splash page telling them they are leaving your
          website. While this is poor usability practice, it is often mandated
          in corporate environments.
      </li>
  </ul>
  <p>
      Prior to HTML Purifier 3.1.1, this directive also enabled the munging
      of browsable external resources, which could break things if your redirection
      script was a splash page or used <code>meta</code> tags. To revert to
      previous behavior, please use %URI.MungeResources.
  </p>
  <p>
      You may want to also use %URI.MungeSecretKey along with this directive
      in order to enforce what URIs your redirector script allows. Open
      redirector scripts can be a security risk and negatively affect the
      reputation of your domain name.
  </p>
  <p>
      Starting with HTML Purifier 3.1.1, there is also these substitutions:
  </p>
  <table>
      <thead>
          <tr>
              <th>Key</th>
              <th>Description</th>
              <th>Example <code>&lt;a href=""&gt;</code></th>
          </tr>
      </thead>
      <tbody>
          <tr>
              <td>%r</td>
              <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
              <td></td>
          </tr>
          <tr>
              <td>%n</td>
              <td>The name of the tag this URI came from</td>
              <td>a</td>
          </tr>
          <tr>
              <td>%m</td>
              <td>The name of the attribute this URI came from</td>
              <td>href</td>
          </tr>
          <tr>
              <td>%p</td>
              <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
              <td></td>
          </tr>
      </tbody>
  </table>
  <p>
      Admittedly, these letters are somewhat arbitrary; the only stipulation
      was that they couldn't be a through f. r is for resource (I would have preferred
      e, but you take what you can get), n is for name, m
      was picked because it came after n (and I couldn't use a), p is for
      property.
  </p>
  --# vim: et sw=4 sts=4