[Summary view] [Print] [Text view]

   1  URI.Munge
   2  TYPE: string/null
   3  VERSION: 1.3.0
   4  DEFAULT: NULL
   5  --DESCRIPTION--
   6  
   7  <p>
   8      Munges all browsable (usually http, https and ftp)
   9      absolute URIs into another URI, usually a URI redirection service.
  10      This directive accepts a URI, formatted with a <code>%s</code> where
  11      the url-encoded original URI should be inserted (sample:
  12      <code>http://www.google.com/url?q=%s</code>).
  13  </p>
  14  <p>
  15      Uses for this directive:
  16  </p>
  17  <ul>
  18      <li>
  19          Prevent PageRank leaks, while being fairly transparent
  20          to users (you may also want to add some client side JavaScript to
  21          override the text in the statusbar). <strong>Notice</strong>:
  22          Many security experts believe that this form of protection does not deter spam-bots.
  23      </li>
  24      <li>
  25          Redirect users to a splash page telling them they are leaving your
  26          website. While this is poor usability practice, it is often mandated
  27          in corporate environments.
  28      </li>
  29  </ul>
  30  <p>
  31      Prior to HTML Purifier 3.1.1, this directive also enabled the munging
  32      of browsable external resources, which could break things if your redirection
  33      script was a splash page or used <code>meta</code> tags. To revert to
  34      previous behavior, please use %URI.MungeResources.
  35  </p>
  36  <p>
  37      You may want to also use %URI.MungeSecretKey along with this directive
  38      in order to enforce what URIs your redirector script allows. Open
  39      redirector scripts can be a security risk and negatively affect the
  40      reputation of your domain name.
  41  </p>
  42  <p>
  43      Starting with HTML Purifier 3.1.1, there is also these substitutions:
  44  </p>
  45  <table>
  46      <thead>
  47          <tr>
  48              <th>Key</th>
  49              <th>Description</th>
  50              <th>Example <code>&lt;a href=""&gt;</code></th>
  51          </tr>
  52      </thead>
  53      <tbody>
  54          <tr>
  55              <td>%r</td>
  56              <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
  57              <td></td>
  58          </tr>
  59          <tr>
  60              <td>%n</td>
  61              <td>The name of the tag this URI came from</td>
  62              <td>a</td>
  63          </tr>
  64          <tr>
  65              <td>%m</td>
  66              <td>The name of the attribute this URI came from</td>
  67              <td>href</td>
  68          </tr>
  69          <tr>
  70              <td>%p</td>
  71              <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
  72              <td></td>
  73          </tr>
  74      </tbody>
  75  </table>
  76  <p>
  77      Admittedly, these letters are somewhat arbitrary; the only stipulation
  78      was that they couldn't be a through f. r is for resource (I would have preferred
  79      e, but you take what you can get), n is for name, m
  80      was picked because it came after n (and I couldn't use a), p is for
  81      property.
  82  </p>
  83  --# vim: et sw=4 sts=4