),
array(
'body_only' => !empty($options['inline']),
+ // See Ticket #8836
+ 'noprefetch' => (!empty($options['inline']) && $browser->isBrowser('mozilla') && !$browser->usingSSLConnection()),
'strip_styles' => $strip_styles,
'strip_style_attributes' => $strip_style_attributes
)
* <pre>
* 'body_only' - (boolean) Only scan within the HTML body tags?
* DEFAULT: true
+ * 'noprefetch' - (boolean) Disable DNS pre-fetching? See:
+ * https://developer.mozilla.org/En/Controlling_DNS_prefetching
+ * DEFAULT: false
* 'replace' - (string) The string to replace filtered tags with.
* DEFAULT: 'XSSCleaned'
* 'strip_styles' - (boolean) Strip style tags?
*/
protected $_params = array(
'body_only' => true,
+ 'noprefetch' => false,
'replace' => 'XSSCleaned',
'strip_styles' => true,
'strip_style_attributes' => true
$this->_cdatacount = 0;
}
+ if ($this->_params['noprefetch']) {
+ if (preg_match('/<html[^>]*>/si', $text, $matches, PREG_OFFSET_CAPTURE)) {
+ preg_match('/<\/html>/si', $text, $matches2, PREG_OFFSET_CAPTURE);
+ $end = $matches[0][1] + strlen($matches[0][0]);
+ $text = substr($text, 0, $end) .
+ '<meta http-equiv="x-dns-prefetch-control" value="off" />' .
+ substr($text, $end, $matches2[0][1] - $end) .
+ '<meta http-equiv="x-dns-prefetch-control" value="on" />' .
+ substr($text, $matches2[0][1]);
+ } else {
+ $text = '<meta http-equiv="x-dns-prefetch-control" value="off" />' .
+ $text .
+ '<meta http-equiv="x-dns-prefetch-control" value="on" />';
+ }
+ }
+
return $text;
}
<api>beta</api>
</stability>
<license uri="http://www.gnu.org/copyleft/lesser.html">LGPL</license>
- <notes>* Add XSS filtering for data URLs in A HREF parameters (Bug #8715).
+ <notes>* Add 'noprefetch' parameter to XSS filter (Ticket #8836).
+ * Add XSS filtering for data URLs in A HREF parameters (Bug #8715).
* Add support for Google Closure Compiler in javascript minfiy filter.
* Fix dimming signatures when mixed with quoted text (Bug #4299).
* Added javscript minify filter.
projects / horde.git / commitdiff