Commit fbef8a09 authored by Tristan Cavelier's avatar Tristan Cavelier

erp5_core: XXX safe html

+class_blacklist:
 default_encoding: utf-8
 disable_transform: 0
 inputs: text/html
 nasty_tags:
   applet: 1
   embed: 1
+  meta: 1
   object: 1
   script: 1
+  style: 1
 output: text/x-safe-html
 remove_javascript: 1
+stripped_attributes:
+  lang
+  valign
+  halign
+  border
+  frame
+  rules
+  cellspacing
+  cellpadding
+  bgcolor
+stripped_combinations:
+  table th td:width height
+style_whitelist:
+  text-align
+  list-style-type
+  float
 valid_tags:
   a: 1
   abbr: 1
   acronym: 1
   address: 1
-  area: 1
+  area: 0
   article: 1
+  aside: 1
   audio: 1
   b: 1
   base: 0
   bdo: 1
   big: 1
   blockquote: 1
   body: 1
   br: 0
+  canvas: 1
   caption: 1
   cite: 1
   code: 1
   col: 1
   colgroup: 1
+  command: 1
+  datalist: 1
   dd: 1
   del: 1
   details: 1
   dfn: 1
   dialog: 1
   div: 1
   dl: 1
   dt: 1
   em: 1
+  figure: 1
   font: 1
   footer: 1
   h1: 1
   h2: 1
   h3: 1
   h4: 1
   h5: 1
   h6: 1
   head: 1
   header: 1
+  hgroup: 1
   hr: 0
   html: 1
   i: 1
   img: 0
   ins: 1
   kbd: 1
   keygen: 1
   li: 1
   map: 1
   mark: 1
   meta: 0
+  meter: 1
+  nav: 1
   ol: 1
+  output: 1
   p: 1
   pre: 1
   progress: 1
   q: 1
+  rp: 1
+  rt: 1
+  ruby: 1
   samp: 1
   section: 1
   small: 1
+  source: 1
   span: 1
   strong: 1
   sub: 1
-  summary: 1
   sup: 1
   table: 1
   tbody: 1
   td: 1
+  tfoot: 1
   th: 1
   thead: 1
+  time: 1
   title: 1
   tr: 1
   tt: 1
   u: 1
   ul: 1
   var: 1
   video: 1
parent c0e132ce
...@@ -24,6 +24,12 @@ ...@@ -24,6 +24,12 @@
<key> <string>data</string> </key> <key> <string>data</string> </key>
<value> <value>
<dictionary> <dictionary>
<item>
<key> <string>class_blacklist</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item> <item>
<key> <string>default_encoding</string> </key> <key> <string>default_encoding</string> </key>
<value> <string>utf-8</string> </value> <value> <string>utf-8</string> </value>
...@@ -35,13 +41,13 @@ ...@@ -35,13 +41,13 @@
<item> <item>
<key> <string>inputs</string> </key> <key> <string>inputs</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value> </value>
</item> </item>
<item> <item>
<key> <string>nasty_tags</string> </key> <key> <string>nasty_tags</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value> </value>
</item> </item>
<item> <item>
...@@ -52,10 +58,28 @@ ...@@ -52,10 +58,28 @@
<key> <string>remove_javascript</string> </key> <key> <string>remove_javascript</string> </key>
<value> <int>1</int> </value> <value> <int>1</int> </value>
</item> </item>
<item>
<key> <string>stripped_attributes</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAU=</string> </persistent>
</value>
</item>
<item>
<key> <string>stripped_combinations</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAY=</string> </persistent>
</value>
</item>
<item>
<key> <string>style_whitelist</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAc=</string> </persistent>
</value>
</item>
<item> <item>
<key> <string>valid_tags</string> </key> <key> <string>valid_tags</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAg=</string> </persistent>
</value> </value>
</item> </item>
</dictionary> </dictionary>
...@@ -78,40 +102,64 @@ ...@@ -78,40 +102,64 @@
<key> <string>data</string> </key> <key> <string>data</string> </key>
<value> <value>
<dictionary> <dictionary>
<item>
<key> <string>class_blacklist</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAk=</string> </persistent>
</value>
</item>
<item> <item>
<key> <string>default_encoding</string> </key> <key> <string>default_encoding</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAU=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAo=</string> </persistent>
</value> </value>
</item> </item>
<item> <item>
<key> <string>disable_transform</string> </key> <key> <string>disable_transform</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAY=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAs=</string> </persistent>
</value> </value>
</item> </item>
<item> <item>
<key> <string>inputs</string> </key> <key> <string>inputs</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAc=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAw=</string> </persistent>
</value> </value>
</item> </item>
<item> <item>
<key> <string>nasty_tags</string> </key> <key> <string>nasty_tags</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAg=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAA0=</string> </persistent>
</value> </value>
</item> </item>
<item> <item>
<key> <string>remove_javascript</string> </key> <key> <string>remove_javascript</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAk=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAA4=</string> </persistent>
</value>
</item>
<item>
<key> <string>stripped_attributes</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAA8=</string> </persistent>
</value>
</item>
<item>
<key> <string>stripped_combinations</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAABA=</string> </persistent>
</value>
</item>
<item>
<key> <string>style_whitelist</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAABE=</string> </persistent>
</value> </value>
</item> </item>
<item> <item>
<key> <string>valid_tags</string> </key> <key> <string>valid_tags</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAo=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAABI=</string> </persistent>
</value> </value>
</item> </item>
</dictionary> </dictionary>
...@@ -156,6 +204,21 @@ ...@@ -156,6 +204,21 @@
</pickle> </pickle>
</record> </record>
<record id="2" aka="AAAAAAAAAAI="> <record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentList" module="persistent.list"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<list/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle> <pickle>
<global name="PersistentList" module="persistent.list"/> <global name="PersistentList" module="persistent.list"/>
</pickle> </pickle>
...@@ -172,7 +235,7 @@ ...@@ -172,7 +235,7 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="3" aka="AAAAAAAAAAM="> <record id="4" aka="AAAAAAAAAAQ=">
<pickle> <pickle>
<global name="PersistentMapping" module="Persistence.mapping"/> <global name="PersistentMapping" module="Persistence.mapping"/>
</pickle> </pickle>
...@@ -190,6 +253,10 @@ ...@@ -190,6 +253,10 @@
<key> <string>embed</string> </key> <key> <string>embed</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>meta</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>object</string> </key> <key> <string>object</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -198,13 +265,81 @@ ...@@ -198,13 +265,81 @@
<key> <string>script</string> </key> <key> <string>script</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>style</string> </key>
<value> <string>1</string> </value>
</item>
</dictionary> </dictionary>
</value> </value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="4" aka="AAAAAAAAAAQ="> <record id="5" aka="AAAAAAAAAAU=">
<pickle>
<global name="PersistentList" module="persistent.list"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<list>
<string>lang</string>
<string>valign</string>
<string>halign</string>
<string>border</string>
<string>frame</string>
<string>rules</string>
<string>cellspacing</string>
<string>cellpadding</string>
<string>bgcolor</string>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="6" aka="AAAAAAAAAAY=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary>
<item>
<key> <string>table th td</string> </key>
<value> <string>width height</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="7" aka="AAAAAAAAAAc=">
<pickle>
<global name="PersistentList" module="persistent.list"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<list>
<string>text-align</string>
<string>list-style-type</string>
<string>float</string>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="8" aka="AAAAAAAAAAg=">
<pickle> <pickle>
<global name="PersistentMapping" module="Persistence.mapping"/> <global name="PersistentMapping" module="Persistence.mapping"/>
</pickle> </pickle>
...@@ -232,12 +367,16 @@ ...@@ -232,12 +367,16 @@
</item> </item>
<item> <item>
<key> <string>area</string> </key> <key> <string>area</string> </key>
<value> <string>1</string> </value> <value> <string>0</string> </value>
</item> </item>
<item> <item>
<key> <string>article</string> </key> <key> <string>article</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>aside</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>audio</string> </key> <key> <string>audio</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -270,6 +409,10 @@ ...@@ -270,6 +409,10 @@
<key> <string>br</string> </key> <key> <string>br</string> </key>
<value> <string>0</string> </value> <value> <string>0</string> </value>
</item> </item>
<item>
<key> <string>canvas</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>caption</string> </key> <key> <string>caption</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -290,6 +433,14 @@ ...@@ -290,6 +433,14 @@
<key> <string>colgroup</string> </key> <key> <string>colgroup</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>command</string> </key>
<value> <string>1</string> </value>
</item>
<item>
<key> <string>datalist</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>dd</string> </key> <key> <string>dd</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -306,6 +457,10 @@ ...@@ -306,6 +457,10 @@
<key> <string>dfn</string> </key> <key> <string>dfn</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>dialog</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>div</string> </key> <key> <string>div</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -322,6 +477,10 @@ ...@@ -322,6 +477,10 @@
<key> <string>em</string> </key> <key> <string>em</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>figure</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>font</string> </key> <key> <string>font</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -362,6 +521,10 @@ ...@@ -362,6 +521,10 @@
<key> <string>header</string> </key> <key> <string>header</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>hgroup</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>hr</string> </key> <key> <string>hr</string> </key>
<value> <string>0</string> </value> <value> <string>0</string> </value>
...@@ -386,6 +549,10 @@ ...@@ -386,6 +549,10 @@
<key> <string>kbd</string> </key> <key> <string>kbd</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>keygen</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>li</string> </key> <key> <string>li</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -394,14 +561,30 @@ ...@@ -394,14 +561,30 @@
<key> <string>map</string> </key> <key> <string>map</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>mark</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>meta</string> </key> <key> <string>meta</string> </key>
<value> <string>0</string> </value> <value> <string>0</string> </value>
</item> </item>
<item>
<key> <string>meter</string> </key>
<value> <string>1</string> </value>
</item>
<item>
<key> <string>nav</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>ol</string> </key> <key> <string>ol</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>output</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>p</string> </key> <key> <string>p</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -410,10 +593,26 @@ ...@@ -410,10 +593,26 @@
<key> <string>pre</string> </key> <key> <string>pre</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>progress</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>q</string> </key> <key> <string>q</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>rp</string> </key>
<value> <string>1</string> </value>
</item>
<item>
<key> <string>rt</string> </key>
<value> <string>1</string> </value>
</item>
<item>
<key> <string>ruby</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>samp</string> </key> <key> <string>samp</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -427,25 +626,21 @@ ...@@ -427,25 +626,21 @@
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item> <item>
<key> <string>span</string> </key> <key> <string>source</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item> <item>
<key> <string>strong</string> </key> <key> <string>span</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item> <item>
<key> <string>style</string> </key> <key> <string>strong</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item> <item>
<key> <string>sub</string> </key> <key> <string>sub</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>summary</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>sup</string> </key> <key> <string>sup</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -462,10 +657,6 @@ ...@@ -462,10 +657,6 @@
<key> <string>td</string> </key> <key> <string>td</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>test</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>tfoot</string> </key> <key> <string>tfoot</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -478,6 +669,10 @@ ...@@ -478,6 +669,10 @@
<key> <string>thead</string> </key> <key> <string>thead</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
</item> </item>
<item>
<key> <string>time</string> </key>
<value> <string>1</string> </value>
</item>
<item> <item>
<key> <string>title</string> </key> <key> <string>title</string> </key>
<value> <string>1</string> </value> <value> <string>1</string> </value>
...@@ -512,7 +707,26 @@ ...@@ -512,7 +707,26 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="5" aka="AAAAAAAAAAU="> <record id="9" aka="AAAAAAAAAAk=">
<pickle>
<global name="PersistentList" module="persistent.list"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<list>
<string>list</string>
<string>class_blacklist</string>
<string>These class names are not allowed in class attributes.</string>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="10" aka="AAAAAAAAAAo=">
<pickle> <pickle>
<global name="PersistentList" module="persistent.list"/> <global name="PersistentList" module="persistent.list"/>
</pickle> </pickle>
...@@ -531,7 +745,7 @@ ...@@ -531,7 +745,7 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="6" aka="AAAAAAAAAAY="> <record id="11" aka="AAAAAAAAAAs=">
<pickle> <pickle>
<global name="PersistentList" module="persistent.list"/> <global name="PersistentList" module="persistent.list"/>
</pickle> </pickle>
...@@ -550,7 +764,7 @@ ...@@ -550,7 +764,7 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="7" aka="AAAAAAAAAAc="> <record id="12" aka="AAAAAAAAAAw=">
<pickle> <pickle>
<global name="PersistentList" module="persistent.list"/> <global name="PersistentList" module="persistent.list"/>
</pickle> </pickle>
...@@ -569,7 +783,7 @@ ...@@ -569,7 +783,7 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="8" aka="AAAAAAAAAAg="> <record id="13" aka="AAAAAAAAAA0=">
<pickle> <pickle>
<global name="PersistentList" module="persistent.list"/> <global name="PersistentList" module="persistent.list"/>
</pickle> </pickle>
...@@ -592,7 +806,7 @@ ...@@ -592,7 +806,7 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="9" aka="AAAAAAAAAAk="> <record id="14" aka="AAAAAAAAAA4=">
<pickle> <pickle>
<global name="PersistentList" module="persistent.list"/> <global name="PersistentList" module="persistent.list"/>
</pickle> </pickle>
...@@ -615,7 +829,68 @@ ...@@ -615,7 +829,68 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="10" aka="AAAAAAAAAAo="> <record id="15" aka="AAAAAAAAAA8=">
<pickle>
<global name="PersistentList" module="persistent.list"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<list>
<string>list</string>
<string>stripped_attributes</string>
<string>These attributes are stripped from any tag.</string>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="16" aka="AAAAAAAAABA=">
<pickle>
<global name="PersistentList" module="persistent.list"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<list>
<string>dict</string>
<string>stripped_combinations</string>
<string>These attributes are stripped from any tag.</string>
<tuple>
<string>tag</string>
<string>value</string>
</tuple>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="17" aka="AAAAAAAAABE=">
<pickle>
<global name="PersistentList" module="persistent.list"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<list>
<string>list</string>
<string>style_whitelist</string>
<string>These CSS styles are allowed in style attributes.</string>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="18" aka="AAAAAAAAABI=">
<pickle> <pickle>
<global name="PersistentList" module="persistent.list"/> <global name="PersistentList" module="persistent.list"/>
</pickle> </pickle>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment