URI.Munge.txt 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. URI.Munge
  2. TYPE: string/null
  3. VERSION: 1.3.0
  4. DEFAULT: NULL
  5. --DESCRIPTION--
  6. <p>
  7. Munges all browsable (usually http, https and ftp)
  8. absolute URIs into another URI, usually a URI redirection service.
  9. This directive accepts a URI, formatted with a <code>%s</code> where
  10. the url-encoded original URI should be inserted (sample:
  11. <code>http://www.google.com/url?q=%s</code>).
  12. </p>
  13. <p>
  14. Uses for this directive:
  15. </p>
  16. <ul>
  17. <li>
  18. Prevent PageRank leaks, while being fairly transparent
  19. to users (you may also want to add some client side JavaScript to
  20. override the text in the statusbar). <strong>Notice</strong>:
  21. Many security experts believe that this form of protection does not deter spam-bots.
  22. </li>
  23. <li>
  24. Redirect users to a splash page telling them they are leaving your
  25. website. While this is poor usability practice, it is often mandated
  26. in corporate environments.
  27. </li>
  28. </ul>
  29. <p>
  30. Prior to HTML Purifier 3.1.1, this directive also enabled the munging
  31. of browsable external resources, which could break things if your redirection
  32. script was a splash page or used <code>meta</code> tags. To revert to
  33. previous behavior, please use %URI.MungeResources.
  34. </p>
  35. <p>
  36. You may want to also use %URI.MungeSecretKey along with this directive
  37. in order to enforce what URIs your redirector script allows. Open
  38. redirector scripts can be a security risk and negatively affect the
  39. reputation of your domain name.
  40. </p>
  41. <p>
  42. Starting with HTML Purifier 3.1.1, there is also these substitutions:
  43. </p>
  44. <table>
  45. <thead>
  46. <tr>
  47. <th>Key</th>
  48. <th>Description</th>
  49. <th>Example <code>&lt;a href=""&gt;</code></th>
  50. </tr>
  51. </thead>
  52. <tbody>
  53. <tr>
  54. <td>%r</td>
  55. <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
  56. <td></td>
  57. </tr>
  58. <tr>
  59. <td>%n</td>
  60. <td>The name of the tag this URI came from</td>
  61. <td>a</td>
  62. </tr>
  63. <tr>
  64. <td>%m</td>
  65. <td>The name of the attribute this URI came from</td>
  66. <td>href</td>
  67. </tr>
  68. <tr>
  69. <td>%p</td>
  70. <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
  71. <td></td>
  72. </tr>
  73. </tbody>
  74. </table>
  75. <p>
  76. Admittedly, these letters are somewhat arbitrary; the only stipulation
  77. was that they couldn't be a through f. r is for resource (I would have preferred
  78. e, but you take what you can get), n is for name, m
  79. was picked because it came after n (and I couldn't use a), p is for
  80. property.
  81. </p>
  82. --# vim: et sw=4 sts=4