lib/htmlpurifier/HTMLPurifier/URIFilter/DisableExternalResources.php

   1 <?php
   2
   3 require_once 'HTMLPurifier/URIFilter/DisableExternal.php';
   4
   5 HTMLPurifier_ConfigSchema::define(
   6     'URI', 'DisableExternalResources', false, 'bool',
   7     'Disables the embedding of external resources, preventing users from '.
   8     'embedding things like images from other hosts. This prevents '.
   9     'access tracking (good for email viewers), bandwidth leeching, '.
  10     'cross-site request forging, goatse.cx posting, and '.
  11     'other nasties, but also results in '.
  12     'a loss of end-user functionality (they can\'t directly post a pic '.
  13     'they posted from Flickr anymore). Use it if you don\'t have a '.
  14     'robust user-content moderation team. This directive has been '.
  15     'available since 1.3.0.'
  16 );
  17
  18 class HTMLPurifier_URIFilter_DisableExternalResources extends HTMLPurifier_URIFilter_DisableExternal
  19 {
  20     var $name = 'DisableExternalResources';
  21     function filter(&$uri, $config, &$context) {
  22         if (!$context->get('EmbeddedURI', true)) return true;
  23         return parent::filter($uri, $config, $context);
  24     }
  25 }
  26