[ Index ]

PHP Cross Reference of phpBB-3.3.7-deutsch

title

Body

[close]

/vendor/s9e/text-formatter/src/Configurator/Helpers/ -> ContextSafeness.php (summary)

(no description)

Copyright: Copyright (c) 2010-2021 The s9e authors
License: http://www.opensource.org/licenses/mit-license.php The MIT License
File Size: 62 lines (2 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 3 functions

  getDisallowedCharactersAsURL()
  getDisallowedCharactersInCSS()
  getDisallowedCharactersInJS()

Functions
Functions that are not part of a class:

getDisallowedCharactersAsURL()   X-Ref
Get the list of UTF-8 characters that are disallowed as a URL

":" is disallowed to prevent the URL to have a scheme.

return: string[]

getDisallowedCharactersInCSS()   X-Ref
Get the list of UTF-8 characters that are disallowed in CSS

- "(" and ")" are disallowed to prevent executing CSS functions or proprietary extensions that
may execute JavaScript.
- ":" is disallowed to prevent setting extra CSS properties as well as possibly misusing the
url() function with javascript: URIs.
- "\", '"' and "'" are disallowed to prevent breaking out of or interfering with strings.
- ";", "{" and "}" to prevent breaking out of a declaration

return: string[]

getDisallowedCharactersInJS()   X-Ref
Get the list of UTF-8 characters that are disallowed in JS

Allowing *any* input inside of a JavaScript context is a risky proposition. The use cases are
also pretty rare. This list of disallowed characters attempts to block any character that is
potentially unsafe either inside or outside of a string.

- "(" and ")" are disallowed to prevent executing functions.
- '"',  "'", "\" and "`" are disallowed to prevent breaking out of or interfering with strings.
- "\r", "\n", U+2028 and U+2029 are disallowed inside of JavaScript strings.
- ":" and "%" are disallowed to prevent potential exploits that set document.location to a
javascript: URI.
- "=" is disallowed to prevent overwriting existing vars (or constructors, such as Array's) if
the input is used outside of a string

return: string[]



Generated: Thu Mar 24 21:31:15 2022 Cross-referenced by PHPXref 0.7.1