load($config->get('Attr', 'IDBlacklist')); $context->register('IDAccumulator', $id_accumulator); // setup validator $validator = new HTMLPurifier_AttrValidator(); $token = false; $context->register('CurrentToken', $token); foreach ($tokens as $key => $token) { // only process tokens that have attributes, // namely start and empty tags if ($token->type !== 'start' && $token->type !== 'empty') continue; // skip tokens that are armored if (!empty($token->armor['ValidateAttributes'])) continue; // note that we have no facilities here for removing tokens $validator->validateToken($token, $config, $context); $tokens[$key] = $token; // for PHP 4 } $context->destroy('IDAccumulator'); $context->destroy('CurrentToken'); return $tokens; } }