Munges all browsable (usually http, https and ftp)
absolute URIs into another URI, usually a URI redirection service.
This directive accepts a URI, formatted with a <code>%s</code> where
the url-encoded original URI should be inserted (sample:
Uses for this directive:
Prevent PageRank leaks, while being fairly transparent
override the text in the statusbar). <strong>Notice</strong>:
Many security experts believe that this form of protection does not deter spam-bots.
Redirect users to a splash page telling them they are leaving your
website. While this is poor usability practice, it is often mandated
in corporate environments.
Prior to HTML Purifier 3.1.1, this directive also enabled the munging
of browsable external resources, which could break things if your redirection
script was a splash page or used <code>meta</code> tags. To revert to
previous behavior, please use %URI.MungeResources.
You may want to also use %URI.MungeSecretKey along with this directive
in order to enforce what URIs your redirector script allows. Open
redirector scripts can be a security risk and negatively affect the
reputation of your domain name.
Starting with HTML Purifier 3.1.1, there is also these substitutions:
<th>Example <code><a href=""></code></th>
<td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
<td>The name of the tag this URI came from</td>
<td>The name of the attribute this URI came from</td>
<td>The name of the CSS property this URI came from, or blank if irrelevant</td>
Admittedly, these letters are somewhat arbitrary; the only stipulation
was that they couldn't be a through f. r is for resource (I would have preferred
e, but you take what you can get), n is for name, m
was picked because it came after n (and I couldn't use a), p is for
--# vim: et sw=4 sts=4