1URI.Munge
2TYPE: string/null
3VERSION: 1.3.0
4DEFAULT: NULL
5--DESCRIPTION--
6
7<p>
8    Munges all browsable (usually http, https and ftp)
9    absolute URIs into another URI, usually a URI redirection service.
10    This directive accepts a URI, formatted with a <code>%s</code> where
11    the url-encoded original URI should be inserted (sample:
12    <code>http://www.google.com/url?q=%s</code>).
13</p>
14<p>
15    Uses for this directive:
16</p>
17<ul>
18    <li>
19        Prevent PageRank leaks, while being fairly transparent
20        to users (you may also want to add some client side JavaScript to
21        override the text in the statusbar). <strong>Notice</strong>:
22        Many security experts believe that this form of protection does not deter spam-bots.
23    </li>
24    <li>
25        Redirect users to a splash page telling them they are leaving your
26        website. While this is poor usability practice, it is often mandated
27        in corporate environments.
28    </li>
29</ul>
30<p>
31    Prior to HTML Purifier 3.1.1, this directive also enabled the munging
32    of browsable external resources, which could break things if your redirection
33    script was a splash page or used <code>meta</code> tags. To revert to
34    previous behavior, please use %URI.MungeResources.
35</p>
36<p>
37    You may want to also use %URI.MungeSecretKey along with this directive
38    in order to enforce what URIs your redirector script allows. Open
39    redirector scripts can be a security risk and negatively affect the
40    reputation of your domain name.
41</p>
42<p>
43    Starting with HTML Purifier 3.1.1, there is also these substitutions:
44</p>
45<table>
46    <thead>
47        <tr>
48            <th>Key</th>
49            <th>Description</th>
50            <th>Example <code>&lt;a href=""&gt;</code></th>
51        </tr>
52    </thead>
53    <tbody>
54        <tr>
55            <td>%r</td>
56            <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
57            <td></td>
58        </tr>
59        <tr>
60            <td>%n</td>
61            <td>The name of the tag this URI came from</td>
62            <td>a</td>
63        </tr>
64        <tr>
65            <td>%m</td>
66            <td>The name of the attribute this URI came from</td>
67            <td>href</td>
68        </tr>
69        <tr>
70            <td>%p</td>
71            <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
72            <td></td>
73        </tr>
74    </tbody>
75</table>
76<p>
77    Admittedly, these letters are somewhat arbitrary; the only stipulation
78    was that they couldn't be a through f. r is for resource (I would have preferred
79    e, but you take what you can get), n is for name, m
80    was picked because it came after n (and I couldn't use a), p is for
81    property.
82</p>
83--# vim: et sw=4 sts=4
84