OStatus: save file records for enclosures

Also stripping id from foreign HTML messages (could interfere with UI) and disabled failing attachment popup for a.attachment links that don't have a proper id, so you can click through instead of getting an error.

Issues:
* any other links aren't marked and saved
* inconsistent behavior between local and remote attachments (local displays in lightbox, remote doesn't)
* if the enclosure'd object isn't referenced in the content, you won't be offered a link to it in our UI

plugins/OStatus/classes/Ostatus_profile.php

@@ -550,7 +550,8 @@ class Ostatus_profile extends Memcached_DataObject
                         'rendered' => $rendered,
                         'replies' => array(),
                         'groups' => array(),
-                        'tags' => array());
+                        'tags' => array(),
+                        'urls' => array());
 
         // Check for optional attributes...
 
@@ -595,6 +596,12 @@ class Ostatus_profile extends Memcached_DataObject
             }
         }
 
+        // Atom enclosures -> attachment URLs
+        foreach ($activity->enclosures as $href) {
+            // @fixme save these locally or....?
+            $options['urls'][] = $href;
+        }
+
         try {
             $saved = Notice::saveNew($oprofile->profile_id,
                                      $content,
@@ -620,7 +627,8 @@ class Ostatus_profile extends Memcached_DataObject
     protected function purify($html)
     {
         require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-        $config = array('safe' => 1);
+        $config = array('safe' => 1,
+                        'deny_attribute' => 'id,style,on*');
         return htmLawed($html, $config);
     }