URI.Munge TYPE: string/null VERSION: 1.3.0 DEFAULT: NULL --DESCRIPTION--

Munges all browsable (usually http, https and ftp) absolute URIs into another URI, usually a URI redirection service. This directive accepts a URI, formatted with a %s where the url-encoded original URI should be inserted (sample: http://www.google.com/url?q=%s).

Uses for this directive:

Prevent PageRank leaks, while being fairly transparent to users (you may also want to add some client side JavaScript to override the text in the statusbar). Notice: Many security experts believe that this form of protection does not deter spam-bots.
Redirect users to a splash page telling them they are leaving your website. While this is poor usability practice, it is often mandated in corporate environments.

Prior to HTML Purifier 3.1.1, this directive also enabled the munging of browsable external resources, which could break things if your redirection script was a splash page or used meta tags. To revert to previous behavior, please use %URI.MungeResources.

You may want to also use %URI.MungeSecretKey along with this directive in order to enforce what URIs your redirector script allows. Open redirector scripts can be a security risk and negatively affect the reputation of your domain name.

Starting with HTML Purifier 3.1.1, there is also these substitutions:

Key	Description	Example `<a href="">`
%r	1 - The URI embeds a resource (blank) - The URI is merely a link
%n	The name of the tag this URI came from	a
%m	The name of the attribute this URI came from	href
%p	The name of the CSS property this URI came from, or blank if irrelevant

Admittedly, these letters are somewhat arbitrary; the only stipulation was that they couldn't be a through f. r is for resource (I would have preferred e, but you take what you can get), n is for name, m was picked because it came after n (and I couldn't use a), p is for property.

--# vim: et sw=4 sts=4