HTML-Defang
view release on metacpan or search on metacpan
lib/HTML/Defang.pm view on Meta::CPAN
# href: Not javascript, vbs or vbscript
"href" => [ qr/^((?:[a-z]*script|mocha|opera|about|data|tcl)\s*:|.*\&\{|hcp|smb|\/dev\/|<)/i ],
"usemap-href" => qr/^#[A-Za-z0-9_.-]+$/, # this is not really a href at all!
"input-size" => qr/^(\d{1,4})$/, # some browsers freak out with very large widgets
"input-type" => qr/^(button|checkbox|file|hidden|image|password|radio|readonly|reset|submit|text)$/i,
"integer" => qr/^(-|\+)?\d+$/,
"number" => qr/^(-|\+)?[\d.,]+$/,
# language: Not javascript, vbs or vbscript
"language" => qr/^(XML)$/i,
"media" => qr/^((screen|print|projection|braille|speech|all)[,\s]*)+$/i,
"meta:name" => qr/^(author|progid|originator|generator|keywords|description|content-type|pragma|expires)$/i,
# mime-type: Not javascript
"mime-type" => qr/^(cite|text\/(plain|css|html|xml))$/i,
"list-type" => qr/^(none,a,i,upper-alpha,lower-alpha,upper-roman,lower-roman,decimal,disc,square,circle,round)$/i,
# "rel" => qr/^((copyright|author|stylesheet)\s*)+$/i,
"rel" => qr/^((copyright|author)\s*)+$/i, # XXX external stylesheets can contain scripting, so kill them
"rules" => qr/^(none|groups|rows|cols|all)$/i,
"scope" => qr/^(row|col|rowgroup|colgroup)$/i,
"shape" => qr/^(rect|rectangle|circ|circle|poly|polygon)$/i,
# The following two are for URLs we expect to be auto-loaded by the browser,
# because they are within a frame, image or something like that.
( run in 1.953 second using v1.01-cache-2.11-cpan-524268b4103 )