[3.1.0] Landed modified patch by Braden Anderson for %CSS.AllowedProperties

[htmlpurifier/bfroehle.git] / library / HTMLPurifier / ConfigSchema / schema / Filter.ExtractStyleBlocksScope.txt

Filter.ExtractStyleBlocksScope\r
TYPE: string/null\r
VERSION: 3.0.0\r
DEFAULT: NULL\r
--DESCRIPTION--\r
\r
<p>\r
  If you would like users to be able to define external stylesheets, but\r
  only allow them to specify CSS declarations for a specific node and\r
  prevent them from fiddling with other elements, use this directive.\r
  It accepts any valid CSS selector, and will prepend this to any\r
  CSS declaration extracted from the document. For example, if this\r
  directive is set to <code>#user-content</code> and a user uses the\r
  selector <code>a:hover</code>, the final selector will be\r
  <code>#user-content a:hover</code>.\r
</p>\r
<p>\r
  The comma shorthand may be used; consider the above example, with\r
  <code>#user-content, #user-content2</code>, the final selector will\r
  be <code>#user-content a:hover, #user-content2 a:hover</code>.\r
</p>\r
<p>\r
  <strong>Warning:</strong> It is possible for users to bypass this measure\r
  using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML\r
  Purifier, and I am working to get it fixed. Until then, HTML Purifier\r
  performs a basic check to prevent this.\r
</p>\r