issue 1860 add htmlpurifier to core

support for editor component, widget
check safe iframe in htmlpurifier instead of Embed class


git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@11812 201d5d3c-b55e-5fd7-737f-ddc643e51545

config/func.inc.php

@@ -768,6 +768,13 @@
         return preg_replace('/%u([[:alnum:]]{4})/', '&#x\\1;',$str);
     }
 
+	function purifierHtml(&$content)
+	{
+		require_once(_XE_PATH_.'classes/security/Purifier.class.php');
+		$oPurifier = Purifier::getInstance();
+		$oPurifier->purify($content);
+	}
+
     /**
      * Pre-block the codes which may be hacking attempts
 	 *
@@ -779,6 +786,8 @@
 		$oEmbedFilter = EmbedFilter::getInstance();
 		$oEmbedFilter->check($content);
 
+		purifierHtml($content);
+
         // change the specific tags to the common texts
         $content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*)[\w\s>])@i', '&lt;$1', $content);