Better regex for mungeRgb

library/HTMLPurifier/AttrDef.php

@@ -9,6 +9,7 @@
  * Besides defining (through code) what precisely makes the string valid,
  * subclasses are also responsible for cleaning the code if possible.
  */
+
 abstract class HTMLPurifier_AttrDef
 {
 
@@ -85,13 +86,13 @@ abstract class HTMLPurifier_AttrDef
      */
     protected function mungeRgb($string)
     {
-        $p = '(\d+(\.\d+)?([%]?))';
+        $p = '\s*(\d+(\.\d+)?([%]?))\s*';
 
         if (preg_match('/(rgba|hsla)\(/', $string)) {
-            return preg_replace('/(rgba|hsla)\(' . $p . '\s*,\s*' . $p . '\s*,\s*' . $p . '\s*,\s*' . $p . '\)/', '\1(\2,\5,\8,\11)', $string);
+            return preg_replace('/(rgba|hsla)\('.$p.','.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8,\11)', $string);
         }
 
-        return preg_replace('/(rgb|hsl)\(' . $p . '\s*,\s*' . $p . '\s*,\s*' . $p . '\)/', '\1(\2,\5,\8)', $string);
+        return preg_replace('/(rgb|hsl)\('.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8)', $string);
     }
 
     /**