<?php

/**
 * A "safe" object module. In theory, objects permitted by this module will
 * be safe, and untrusted users can be allowed to embed arbitrary flash objects
 * (maybe other types too, but only Flash is supported as of right now).
 * Highly experimental.
 */
class HTMLPurifier_HTMLModule_SafeObject extends HTMLPurifier_HTMLModule
{
    /**
     * @type string
     */
    public $name = 'SafeObject';

    /**
     * @param HTMLPurifier_Config $config
     */
    public function setup($config)
    {
        // These definitions are not intrinsically safe: the attribute transforms
        // are a vital part of ensuring safety.

        $max = $config->get('HTML.MaxImgLength');
        $object = $this->addElement(
            'object',
            'Inline',
            'Optional: param | Flow | #PCDATA',
            'Common',
            array(
                // While technically not required by the spec, we're forcing
                // it to this value.
                'type' => 'Enum#application/x-shockwave-flash',
                'width' => 'Pixels#' . $max,
                'height' => 'Pixels#' . $max,
                'data' => 'URI#embedded',
                'codebase' => new HTMLPurifier_AttrDef_Enum(
                    array(
                        'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0'
                    )
                ),
            )
        );
        $object->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeObject();

        $param = $this->addElement(
            'param',
            false,
            'Empty',
            false,
            array(
                'id' => 'ID',
                'name*' => 'Text',
                'value' => 'Text'
            )
        );
        $param->attr_transform_post[] = new HTMLPurifier_AttrTransform_SafeParam();
        $this->info_injector[] = 'SafeObject';
    }
}

// vim: et sw=4 sts=4

• [D] Tidy
• [F] Bdo.php
  Delete
• [F] CommonAttributes.php
  Delete
• [F] Edit.php
  Delete
• [F] Forms.php
  Delete
• [F] Hypertext.php
  Delete
• [F] Iframe.php
  Delete
• [F] Image.php
  Delete
• [F] Legacy.php
  Delete
• [F] List.php
  Delete
• [F] Name.php
  Delete
• [F] Nofollow.php
  Delete
• [F] NonXMLCommonAttributes.php
  Delete
• [F] Object.php
  Delete
• [F] Presentation.php
  Delete
• [F] Proprietary.php
  Delete
• [F] Ruby.php
  Delete
• [F] SafeEmbed.php
  Delete
• [F] SafeObject.php
  Delete
• [F] SafeScripting.php
  Delete
• [F] Scripting.php
  Delete
• [F] StyleAttribute.php
  Delete
• [F] Tables.php
  Delete
• [F] Target.php
  Delete
• [F] TargetBlank.php
  Delete
• [F] TargetNoopener.php
  Delete
• [F] TargetNoreferrer.php
  Delete
• [F] Text.php
  Delete
• [F] Tidy.php
  Delete
• [F] XMLCommonAttributes.php
  Delete

Contact Section

Get in Touch with Us for Any Questions or Support

We’d love to hear from you! Whether you have questions, feedback, or need support, our team is here to help. Reach out to us via email, phone, or visit our office. We’re committed to providing you with exceptional service and ensuring your experience with NFC Pay is seamless and satisfying. Let’s connect!

Name*

Email*

Message*

Send Message

Our Location

20-22 Wenlock Road, England, N1 7GU

Call us on: +03601 885399

Our office hours Monday–Friday, 9am - 9pm

Email us directly

support@example.com