On Tue, 2007-06-26 at 11:02 -0400, Jonathan Vanasco wrote: > On Jun 26, 2007, at 10:22 AM, Clinton Gormley wrote: > > > HTML::StripScripts > > thanks! I'm already a happy user. > excited to check out the changelog. > > does the new version automagically do the anti-xss flash embed > extensions that myspace had adobe put in? > allowScriptAccess="never" > allownetworking="internal" > > in the old version, i need to do that manually. > xss didn't launch with that, but I believe its on the site now.
I don't know what those are :) <object> tags are removed by default, and you would still need to subclass HTML::StripScripts in order to allow those elements. The Rules (for safety's sake) are applied after the standard parsing has already happened, and object's are not allowed because they are just too risky. So if you want to do that, subclass the WHITELIST INITIALIZATION METHODS and add the relevant config in there. After that, the full power of Rules is available to you Clint
