diff options
author | Andrew Dolgov <[email protected]> | 2009-06-22 13:56:49 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2009-06-22 13:56:49 +0400 |
commit | f45a286b8d62f710b519a98c7d4b75a0c34d5d10 (patch) | |
tree | 0c310b7b9d44e12fac1cd11e1563c4cef9b5eab2 /lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt | |
parent | 5c4461432c290ad4863fd7dc4107121db59b298c (diff) |
strip_tags_long: use htmlpurifier to properly reformat html content
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt')
-rwxr-xr-x | lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt new file mode 100755 index 000000000..0d00f62ea --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt @@ -0,0 +1,30 @@ +URI.MungeSecretKey +TYPE: string/null +VERSION: 3.1.1 +DEFAULT: NULL +--DESCRIPTION-- +<p> + This directive enables secure checksum generation along with %URI.Munge. + It should be set to a secure key that is not shared with anyone else. + The checksum can be placed in the URI using %t. Use of this checksum + affords an additional level of protection by allowing a redirector + to check if a URI has passed through HTML Purifier with this line: +</p> + +<pre>$checksum === sha1($secret_key . ':' . $url)</pre> + +<p> + If the output is TRUE, the redirector script should accept the URI. +</p> + +<p> + Please note that it would still be possible for an attacker to procure + secure hashes en-mass by abusing your website's Preview feature or the + like, but this service affords an additional level of protection + that should be combined with website blacklisting. +</p> + +<p> + Remember this has no effect if %URI.Munge is not on. +</p> +--# vim: et sw=4 sts=4 |