diff options
Diffstat (limited to 'lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML')
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php | 0 | ||||
-rw-r--r-- | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php | 34 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php | 2 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php | 2 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php | 10 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php | 0 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php | 2 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php | 0 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php | 36 | ||||
-rw-r--r--[-rwxr-xr-x] | lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php | 0 |
10 files changed, 62 insertions, 24 deletions
diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php index e06987eb8..e06987eb8 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Bool.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php new file mode 100644 index 000000000..370068d97 --- /dev/null +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Class.php @@ -0,0 +1,34 @@ +<?php + +/** + * Implements special behavior for class attribute (normally NMTOKENS) + */ +class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens +{ + protected function split($string, $config, $context) { + // really, this twiddle should be lazy loaded + $name = $config->getDefinition('HTML')->doctype->name; + if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { + return parent::split($string, $config, $context); + } else { + return preg_split('/\s+/', $string); + } + } + protected function filter($tokens, $config, $context) { + $allowed = $config->get('Attr.AllowedClasses'); + $forbidden = $config->get('Attr.ForbiddenClasses'); + $ret = array(); + foreach ($tokens as $token) { + if ( + ($allowed === null || isset($allowed[$token])) && + !isset($forbidden[$token]) && + // We need this O(n) check because of PHP's array + // implementation that casts -0 to 0. + !in_array($token, $ret, true) + ) { + $ret[] = $token; + } + } + return $ret; + } +} diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php index 5311a3c61..d01e20454 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Color.php @@ -9,7 +9,7 @@ class HTMLPurifier_AttrDef_HTML_Color extends HTMLPurifier_AttrDef public function validate($string, $config, $context) { static $colors = null; - if ($colors === null) $colors = $config->get('Core', 'ColorKeywords'); + if ($colors === null) $colors = $config->get('Core.ColorKeywords'); $string = trim($string); diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php index bd281a89f..ae6ea7c01 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php @@ -12,7 +12,7 @@ class HTMLPurifier_AttrDef_HTML_FrameTarget extends HTMLPurifier_AttrDef_Enum public function __construct() {} public function validate($string, $config, $context) { - if ($this->valid_values === false) $this->valid_values = $config->get('Attr', 'AllowedFrameTargets'); + if ($this->valid_values === false) $this->valid_values = $config->get('Attr.AllowedFrameTargets'); return parent::validate($string, $config, $context); } diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php index 7c5c169c2..81d03762d 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/ID.php @@ -17,18 +17,18 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef public function validate($id, $config, $context) { - if (!$config->get('Attr', 'EnableID')) return false; + if (!$config->get('Attr.EnableID')) return false; $id = trim($id); // trim it first if ($id === '') return false; - $prefix = $config->get('Attr', 'IDPrefix'); + $prefix = $config->get('Attr.IDPrefix'); if ($prefix !== '') { - $prefix .= $config->get('Attr', 'IDPrefixLocal'); + $prefix .= $config->get('Attr.IDPrefixLocal'); // prevent re-appending the prefix if (strpos($id, $prefix) !== 0) $id = $prefix . $id; - } elseif ($config->get('Attr', 'IDPrefixLocal') !== '') { + } elseif ($config->get('Attr.IDPrefixLocal') !== '') { trigger_error('%Attr.IDPrefixLocal cannot be used unless '. '%Attr.IDPrefix is set', E_USER_WARNING); } @@ -51,7 +51,7 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef $result = ($trim === ''); } - $regexp = $config->get('Attr', 'IDBlacklistRegexp'); + $regexp = $config->get('Attr.IDBlacklistRegexp'); if ($regexp && preg_match($regexp, $id)) { return false; } diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php index a242f9c23..a242f9c23 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Length.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php index 8a0da0c89..76d25ed08 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php @@ -27,7 +27,7 @@ class HTMLPurifier_AttrDef_HTML_LinkTypes extends HTMLPurifier_AttrDef public function validate($string, $config, $context) { - $allowed = $config->get('Attr', $this->name); + $allowed = $config->get('Attr.' . $this->name); if (empty($allowed)) return false; $string = $this->parseCDATA($string); diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php index c72fc76e4..c72fc76e4 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/MultiLength.php diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php index 55035c4d0..aa34120bd 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php @@ -2,10 +2,6 @@ /** * Validates contents based on NMTOKENS attribute type. - * @note The only current use for this is the class attribute in HTML - * @note Could have some functionality factored out into Nmtoken class - * @warning We cannot assume this class will be used only for 'class' - * attributes. Not sure how to hook in magic behavior, then. */ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef { @@ -17,6 +13,17 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef // early abort: '' and '0' (strings that convert to false) are invalid if (!$string) return false; + $tokens = $this->split($string, $config, $context); + $tokens = $this->filter($tokens, $config, $context); + if (empty($tokens)) return false; + return implode(' ', $tokens); + + } + + /** + * Splits a space separated list of tokens into its constituent parts. + */ + protected function split($string, $config, $context) { // OPTIMIZABLE! // do the preg_match, capture all subpatterns for reformulation @@ -24,23 +31,20 @@ class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef // escaping because I don't know how to do that with regexps // and plus it would complicate optimization efforts (you never // see that anyway). - $matches = array(); $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'. '(?:(?=\s)|\z)/'; // look ahead for space or string end preg_match_all($pattern, $string, $matches); + return $matches[1]; + } - if (empty($matches[1])) return false; - - // reconstruct string - $new_string = ''; - foreach ($matches[1] as $token) { - $new_string .= $token . ' '; - } - $new_string = rtrim($new_string); - - return $new_string; - + /** + * Template method for removing certain tokens based on arbitrary criteria. + * @note If we wanted to be really functional, we'd do an array_filter + * with a callback. But... we're not. + */ + protected function filter($tokens, $config, $context) { + return $tokens; } } diff --git a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php index 4cb2c1b85..4cb2c1b85 100755..100644 --- a/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php +++ b/lib/htmlpurifier/library/HTMLPurifier/AttrDef/HTML/Pixels.php |