htmlpurifier-4.15.0-lite

oheil · Mar 6, 2023 · 6b8e58b · 6b8e58b
1 parent b5f0021
commit 6b8e58b
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/webmail/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ContentEditable.php b/webmail/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
@@ -0,0 +1,16 @@
+<?php
+
+class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
+{
+    public function validate($string, $config, $context)
+    {
+        $allowed = array('false');
+        if ($config->get('HTML.Trusted')) {
+            $allowed = array('', 'true', 'false');
+        }
+
+        $enum = new HTMLPurifier_AttrDef_Enum($allowed);
+
+        return $enum->validate($string, $config, $context);
+    }
+}
diff --git a/webmail/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt b/webmail/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt
@@ -0,0 +1,11 @@
+HTML.Forms
+TYPE: bool
+VERSION: 4.13.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit form elements in the user input, regardless of
+    %HTML.Trusted value. Please be very careful when using this functionality, as
+    enabling forms in untrusted documents may allow for phishing attacks.
+</p>
+--# vim: et sw=4 sts=4