require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
$cfg = HTMLPurifier_Config::createDefault();
- $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']); // http://microformats.org/wiki/rel
+ /**
+ * rel values that should be avoided since they can be used to infer
+ * information about the _current_ page, not the h-entry:
+ *
+ * directory, home, license, payment
+ *
+ * Source: http://microformats.org/wiki/rel
+ */
+ $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
+ if (isset($args['URI.Base'])) {
+ $cfg->set('URI.Base', $args['URI.Base']); // if null this is like unsetting it I presume
+ $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base'])); // if we have a URI base, convert relative URLs to absolute ones.
+ }
+ if (common_config('cache', 'dir')) {
+ $cfg->set('Cache.SerializerPath', common_config('cache', 'dir'));
+ }
++ // if you don't want to use the default cache dir for htmlpurifier, set it specifically as $config['htmlpurifier']['Cache.SerializerPath'] = '/tmp'; or something.
+ foreach (common_config('htmlpurifier') as $key=>$val) {
+ $cfg->set($key, $val);
+ }
// Remove more elements than what the default filter removes, default in GNU social are remotely
// linked resources such as img, video, audio
projects / quix0rs-gnu-social.git / commitdiff