mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
2d6bf12fe0
- All important classes that use Context were migrated. Todo: Classes that currently use $config but not $context are AttrTransform (done in r493) and URIScheme+Registry (done in r500). There may be more classes, incl TagTransform (done in r497) that should have both $config and $context added. - Strategy unit tests now migrated to use HTMLPurifier_Harness git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@485 48356398-32a2-884e-a903-53898d9a118a
70 lines
2.7 KiB
PHP
70 lines
2.7 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Base class for all validating attribute definitions.
|
|
*
|
|
* This family of classes forms the core for not only HTML attribute validation,
|
|
* but also any sort of string that needs to be validated or cleaned (which
|
|
* means CSS properties and composite definitions are defined here too).
|
|
* Besides defining (through code) what precisely makes the string valid,
|
|
* subclasses are also responsible for cleaning the code if possible.
|
|
*/
|
|
|
|
class HTMLPurifier_AttrDef
|
|
{
|
|
|
|
/**
|
|
* Tells us whether or not an HTML attribute is minimized. Only the
|
|
* boolean attribute vapourware would use this.
|
|
*/
|
|
var $minimized = false;
|
|
|
|
/**
|
|
* Abstract function defined for functions that validate and clean strings.
|
|
*
|
|
* This function forms the basis for all the subclasses: they must
|
|
* define this method.
|
|
*
|
|
* @public
|
|
* @param $string String to be validated and cleaned.
|
|
* @param $config Mandatory HTMLPurifier_Config object.
|
|
* @param $context Mandatory HTMLPurifier_AttrContext object.
|
|
*/
|
|
function validate($string, $config, &$context) {
|
|
trigger_error('Cannot call abstract function', E_USER_ERROR);
|
|
}
|
|
|
|
/**
|
|
* Convenience method that parses a string as if it were CDATA.
|
|
*
|
|
* This method process a string in the manner specified at
|
|
* <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
|
|
* leading and trailing whitespace, ignoring line feeds, and replacing
|
|
* carriage returns and tabs with spaces. While most useful for HTML
|
|
* attributes specified as CDATA, it can also be applied to most CSS
|
|
* values.
|
|
*
|
|
* @note This method is not entirely standards compliant, as trim() removes
|
|
* more types of whitespace than specified in the spec. In practice,
|
|
* this is rarely a problem, as those extra characters usually have
|
|
* already been removed by HTMLPurifier_Encoder.
|
|
*
|
|
* @warning This processing is inconsistent with XML's whitespace handling
|
|
* as specified by section 3.3.3 and referenced XHTML 1.0 section
|
|
* 4.7. Compliant processing requires all line breaks normalized
|
|
* to "\n", so the fix is not as simple as fixing it in this
|
|
* function. Trim and whitespace collapsing are supposed to only
|
|
* occur in NMTOKENs. However, note that we are NOT necessarily
|
|
* parsing XML, thus, this behavior may still be correct.
|
|
*
|
|
* @public
|
|
*/
|
|
function parseCDATA($string) {
|
|
$string = trim($string);
|
|
$string = str_replace("\n", '', $string);
|
|
$string = str_replace(array("\r", "\t"), ' ', $string);
|
|
return $string;
|
|
}
|
|
}
|
|
|
|
?>
|