...
- Add HTMLPurifier library for proper HTML sanitization
- Add function to html helper
- html::escape($input) - Escape HTML entities.
- html::strip_tags($input, $escape = TRUE) - strip all tags. Optionally escapes HTML entities too.
- html::clean($input) - Limit HTML tags to only whitelisted elements.
- These should be used instead of htmlentities, string_tags or other built in HTML cleaning functions
- If you're upgrading make sure to copy the new config options (see below) from config.template.php
If you make heavy use of HTML in your report descriptions you may need to modify the whitelist options in config.php
If you are upgrading from you should copy the following config into you config.php file:Anchor xss-config-settings
Code Block | ||
---|---|---|
| ||
/**
* Allowed HTML tags in report description and other large text fields
*
* Formated is based on http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed
*/
$config['allowed_html'] = "a[href|title],p,img[src|alt],br,b,u,strong,em,i,h2,h3,h4,h5,h6";
/**
* Allowed iframe URLs in report description and other large text fields
*
* Formated is based on http://htmlpurifier.org/live/configdoc/plain.html#URI.SafeIframeRegexp
*/
$config['safe_iframe_regexp'] = '%^http://(www.youtube.com/embed/|player.vimeo.com/video/|w.soundcloud.com/player)%'; |
Theming changes
- The following functions are now deprecated (but should continue to work)
plugin::add_javascript() - use Requirements::js()
plugin::add_stylesheet() - use Requirements::css()
plugin::remove_javascript() - use Requirements::block()
- Add theme inheritance and css/js overriding
- This still default to including the default theme
Allows themes to specify CSS/JS files to include through readme.txt
Code Block Theme Name: Default Description: Version: 1.0 Author: Ushahidi Author Email: team@ushahidi.com Demo: http://www.ushahidi.com CSS: base,accordion,slider,style JS:
- Allow themes to override CSS/JS from parent theme by include a file of the same name
- Split out themes/default/css/style.css
- Handle all CSS / JS includes through 1 library: Requirements
- This enables us to combine and compress these files
- We're adding CSSMin and JSMin to compress files
- A bunch of new options in application/config/requirements.php
- Add support for RTL css files through Requirements library.
- All CSS files can be replaced by a file of the same name with the -rtl suffix.
- Now using CDN (when configured) for theme files too #904
- Further documentation here: https://wiki.ushahidi.com/display/WIKI/Managing+CSS+and+JS+in+Ushahidi
...