mirror of
https://github.com/jlengrand/Leaflet-1.git
synced 2026-03-10 08:31:26 +00:00
252 lines
7.2 KiB
XML
252 lines
7.2 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
|
|
|
<!--
|
|
Policy file that matches the functionality of the Bootstrap rich text widget, without hyperlinks
|
|
-->
|
|
|
|
<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:noNamespaceSchemaLocation="antisamy.xsd">
|
|
|
|
<directives>
|
|
<directive name="omitXmlDeclaration" value="true" />
|
|
<directive name="omitDoctypeDeclaration" value="true" />
|
|
<directive name="maxInputSize" value="100000" />
|
|
<directive name="embedStyleSheets" value="false" />
|
|
<directive name="useXHTML" value="true" />
|
|
<directive name="formatOutput" value="false" />
|
|
</directives>
|
|
|
|
<common-regexps>
|
|
|
|
<!--
|
|
From W3C:
|
|
This attribute assigns a class name or set of class names to an
|
|
element. Any number of elements may be assigned the same class
|
|
name or names. Multiple class names must be separated by white
|
|
space characters.
|
|
-->
|
|
<regexp name="htmlTitle" value="[a-zA-Z0-9\s\-_',:\[\]!\./\\\(\)&]*" />
|
|
|
|
<!-- force non-empty with a '+' at the end instead of '*'
|
|
-->
|
|
<regexp name="onsiteURL" value="([\p{L}\p{N}\p{Zs}/\.\?=&\-~])+" />
|
|
|
|
<!-- ([\w\\/\.\?=&;\#-~]+|\#(\w)+)
|
|
-->
|
|
|
|
<!-- ([\p{L}/ 0-9&\#-.?=])*
|
|
-->
|
|
<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@\#\$%&;:,\?=/\+!\(\)]*(\s)*" />
|
|
|
|
<regexp name="imgsrc" value="data:image/[jpg|gif|png].*"/>
|
|
|
|
<regexp name="positiveLength" value="((\+)?0|(\+)?([0-9]+(\.[0-9]+)?)(em|ex|px|in|cm|mm|pt|pc))"/>
|
|
</common-regexps>
|
|
|
|
<!--
|
|
Tag.name = a, b, div, body, etc.
|
|
Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
|
|
Attribute.name = id, class, href, align, width, etc.
|
|
Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
|
|
Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
|
|
-->
|
|
|
|
<!--
|
|
Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
|
|
collisions between any of these attribute names with attribute names of other tags that are for different purposes.
|
|
-->
|
|
|
|
<common-attributes>
|
|
|
|
<attribute name="name">
|
|
<regexp-list>
|
|
<regexp value="[a-zA-Z0-9\-_]+"/>
|
|
</regexp-list>
|
|
</attribute>
|
|
|
|
<attribute name="lang"
|
|
description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
|
|
|
|
<regexp-list>
|
|
<regexp value="[a-zA-Z]{2,20}" />
|
|
</regexp-list>
|
|
</attribute>
|
|
|
|
<attribute name="title"
|
|
description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
|
|
|
|
<regexp-list>
|
|
<regexp name="htmlTitle" />
|
|
</regexp-list>
|
|
</attribute>
|
|
|
|
<attribute name="href" onInvalid="filterTag">
|
|
|
|
<regexp-list>
|
|
<regexp name="onsiteURL" />
|
|
<regexp name="offsiteURL" />
|
|
|
|
<!--
|
|
-->
|
|
</regexp-list>
|
|
</attribute>
|
|
|
|
<attribute name="align"
|
|
description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
|
|
|
|
<literal-list>
|
|
<literal value="center" />
|
|
<literal value="left" />
|
|
<literal value="right" />
|
|
<literal value="justify" />
|
|
<literal value="char" />
|
|
</literal-list>
|
|
</attribute>
|
|
<attribute name="style"
|
|
description="The 'style' attribute provides the ability for users to change many attributes of the tag's contents using a strict syntax" />
|
|
</common-attributes>
|
|
|
|
<!--
|
|
This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
|
|
this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after
|
|
a while?
|
|
|
|
|
|
-->
|
|
|
|
<global-tag-attributes>
|
|
<attribute name="title" />
|
|
<attribute name="lang" />
|
|
<attribute name="style" />
|
|
</global-tag-attributes>
|
|
|
|
<tags-to-encode>
|
|
<tag>g</tag>
|
|
<tag>grin</tag>
|
|
</tags-to-encode>
|
|
|
|
<tag-rules>
|
|
|
|
<!-- Remove -->
|
|
|
|
<tag name="script" action="remove" />
|
|
<tag name="noscript" action="remove" />
|
|
<tag name="iframe" action="remove" />
|
|
<tag name="frameset" action="remove" />
|
|
<tag name="frame" action="remove" />
|
|
<tag name="noframes" action="remove" />
|
|
<tag name="head" action="remove" />
|
|
<tag name="title" action="remove" />
|
|
<tag name="base" action="remove" />
|
|
<tag name="style" action="remove" />
|
|
<tag name="link" action="remove" />
|
|
<tag name="input" action="remove" />
|
|
<tag name="textarea" action="remove" />
|
|
|
|
<!-- Truncate -->
|
|
<tag name="br" action="truncate" />
|
|
|
|
<!-- Validate -->
|
|
|
|
<tag name="h1" action="validate"/>
|
|
<tag name="h2" action="validate"/>
|
|
<tag name="h3" action="validate"/>
|
|
<tag name="h4" action="validate"/>
|
|
<tag name="h5" action="validate"/>
|
|
<tag name="h6" action="validate"/>
|
|
|
|
<tag name="p" action="validate">
|
|
<attribute name="align" />
|
|
</tag>
|
|
<tag name="div" action="validate" />
|
|
<tag name="span" action="validate" />
|
|
<tag name="i" action="validate" />
|
|
<tag name="b" action="validate" />
|
|
<tag name="strong" action="validate" />
|
|
<tag name="s" action="validate" />
|
|
<tag name="strike" action="validate" />
|
|
<tag name="u" action="validate" />
|
|
<tag name="em" action="validate" />
|
|
<tag name="blockquote" action="validate" />
|
|
<tag name="tt" action="truncate" />
|
|
|
|
<tag name="font" action="validate">
|
|
|
|
<attribute name="face">
|
|
<regexp-list>
|
|
<regexp value="[\w;, \-]+"/>
|
|
</regexp-list>
|
|
</attribute>
|
|
|
|
<attribute name="size">
|
|
<regexp-list>
|
|
<regexp value="(\+|-){0,1}(\d)+"/>
|
|
</regexp-list>
|
|
</attribute>
|
|
</tag>
|
|
|
|
<!-- Image & image related tags -->
|
|
|
|
<tag name="img" action="validate">
|
|
<attribute name="src" onInvalid="removeTag">
|
|
<regexp-list>
|
|
<regexp name="imgsrc"/>
|
|
</regexp-list>
|
|
</attribute>
|
|
</tag>
|
|
|
|
<!-- List tags
|
|
-->
|
|
<tag name="ul" action="validate" />
|
|
<tag name="ol" action="validate" />
|
|
<tag name="li" action="validate" />
|
|
<tag name="dl" action="validate" />
|
|
<tag name="dt" action="validate" />
|
|
<tag name="dd" action="validate" />
|
|
</tag-rules>
|
|
|
|
<css-rules>
|
|
|
|
<property name="margin" description="">
|
|
<category-list>
|
|
<category value="visual"/>
|
|
</category-list>
|
|
<regexp-list>
|
|
<regexp name="positiveLength"/>
|
|
</regexp-list>
|
|
</property>
|
|
|
|
<property name="padding" description="">
|
|
<category-list>
|
|
<category value="visual"/>
|
|
</category-list>
|
|
<regexp-list>
|
|
<regexp name="positiveLength"/>
|
|
</regexp-list>
|
|
</property>
|
|
|
|
<property name="border" description="">
|
|
<category-list>
|
|
<category value="visual"/>
|
|
</category-list>
|
|
|
|
<literal-list>
|
|
<literal value="none"/>
|
|
</literal-list>
|
|
</property>
|
|
|
|
<property name="text-align" description="This property describes how inline content of a block is aligned.">
|
|
<category-list>
|
|
<category value="visual"/>
|
|
</category-list>
|
|
<!-- For safety, ignoring string alignment which can be used to line table cells on characters -->
|
|
<literal-list>
|
|
<literal value="left"/>
|
|
<literal value="right"/>
|
|
<literal value="center"/>
|
|
<literal value="justify"/>
|
|
</literal-list>
|
|
</property>
|
|
|
|
</css-rules>
|
|
</anti-samy-rules> |