mirror of
https://github.com/smogon/pokemon-showdown-client.git
synced 2026-05-03 20:16:25 -05:00
2105dc8e57
Closes #1567 The main reason I'm not simply merging Annika's PR is because this way makes it clearer that I'm taking responsibility for all this code, that it's mostly code I wrote, and also because it makes it easier to ensure that none of the files have been changed. (Not that I don't personally trust Annika, but I have something resembling an obligation to users not to expose them to risks based on personal trust.)
17 lines
645 B
Plaintext
17 lines
645 B
Plaintext
Attr.EnableID
|
|
TYPE: bool
|
|
DEFAULT: false
|
|
VERSION: 1.2.0
|
|
--DESCRIPTION--
|
|
Allows the ID attribute in HTML. This is disabled by default due to the
|
|
fact that without proper configuration user input can easily break the
|
|
validation of a webpage by specifying an ID that is already on the
|
|
surrounding HTML. If you don't mind throwing caution to the wind, enable
|
|
this directive, but I strongly recommend you also consider blacklisting IDs
|
|
you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
|
|
(%Attr.IDPrefix). When set to true HTML Purifier reverts to the behavior of
|
|
pre-1.2.0 versions.
|
|
--ALIASES--
|
|
HTML.EnableAttrID
|
|
--# vim: et sw=4 sts=4
|