123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 |
- URI.Munge
- TYPE: string/null
- VERSION: 1.3.0
- DEFAULT: NULL
- --DESCRIPTION--
- <p>
- Munges all browsable (usually http, https and ftp)
- absolute URIs into another URI, usually a URI redirection service.
- This directive accepts a URI, formatted with a <code>%s</code> where
- the url-encoded original URI should be inserted (sample:
- <code>http://www.google.com/url?q=%s</code>).
- </p>
- <p>
- Uses for this directive:
- </p>
- <ul>
- <li>
- Prevent PageRank leaks, while being fairly transparent
- to users (you may also want to add some client side JavaScript to
- override the text in the statusbar). <strong>Notice</strong>:
- Many security experts believe that this form of protection does not deter spam-bots.
- </li>
- <li>
- Redirect users to a splash page telling them they are leaving your
- website. While this is poor usability practice, it is often mandated
- in corporate environments.
- </li>
- </ul>
- <p>
- Prior to HTML Purifier 3.1.1, this directive also enabled the munging
- of browsable external resources, which could break things if your redirection
- script was a splash page or used <code>meta</code> tags. To revert to
- previous behavior, please use %URI.MungeResources.
- </p>
- <p>
- You may want to also use %URI.MungeSecretKey along with this directive
- in order to enforce what URIs your redirector script allows. Open
- redirector scripts can be a security risk and negatively affect the
- reputation of your domain name.
- </p>
- <p>
- Starting with HTML Purifier 3.1.1, there is also these substitutions:
- </p>
- <table>
- <thead>
- <tr>
- <th>Key</th>
- <th>Description</th>
- <th>Example <code><a href=""></code></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>%r</td>
- <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
- <td></td>
- </tr>
- <tr>
- <td>%n</td>
- <td>The name of the tag this URI came from</td>
- <td>a</td>
- </tr>
- <tr>
- <td>%m</td>
- <td>The name of the attribute this URI came from</td>
- <td>href</td>
- </tr>
- <tr>
- <td>%p</td>
- <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
- <td></td>
- </tr>
- </tbody>
- </table>
- <p>
- Admittedly, these letters are somewhat arbitrary; the only stipulation
- was that they couldn't be a through f. r is for resource (I would have preferred
- e, but you take what you can get), n is for name, m
- was picked because it came after n (and I couldn't use a), p is for
- property.
- </p>
- --# vim: et sw=4 sts=4
|