mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-25 01:31:53 +00:00
a2880bdff2
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@212 48356398-32a2-884e-a903-53898d9a118a
130 lines
5.1 KiB
PHP
130 lines
5.1 KiB
PHP
<?php
|
|
|
|
require_once 'HTMLPurifier/Strategy.php';
|
|
require_once 'HTMLPurifier/Definition.php';
|
|
require_once 'HTMLPurifier/IDAccumulator.php';
|
|
require_once 'HTMLPurifier/ConfigDef.php';
|
|
require_once 'HTMLPurifier/AttrContext.php';
|
|
|
|
HTMLPurifier_ConfigDef::define(
|
|
'Attr', 'IDBlacklist', array(),
|
|
'Array of IDs not allowed in the document.');
|
|
|
|
/**
|
|
* Validate all attributes in the tokens.
|
|
*/
|
|
|
|
class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
|
|
{
|
|
|
|
var $definition;
|
|
|
|
function HTMLPurifier_Strategy_ValidateAttributes() {
|
|
$this->definition = HTMLPurifier_Definition::instance();
|
|
}
|
|
|
|
function execute($tokens, $config = null) {
|
|
|
|
// load default configuration object if none passed
|
|
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
|
|
|
// setup StrategyContext
|
|
$context = new HTMLPurifier_AttrContext();
|
|
|
|
// setup ID accumulator and load it with blacklisted IDs
|
|
// eventually, we'll have a dedicated context object to hold
|
|
// all these accumulators and caches. For now, just an IDAccumulator
|
|
$context->id_accumulator = new HTMLPurifier_IDAccumulator();
|
|
$context->id_accumulator->load($config->get('Attr', 'IDBlacklist'));
|
|
|
|
// create alias to global definition array, see also $defs
|
|
// DEFINITION CALL
|
|
$d_defs = $this->definition->info_global_attr;
|
|
|
|
foreach ($tokens as $key => $token) {
|
|
|
|
// only process tokens that have attributes,
|
|
// namely start and empty tags
|
|
if ($token->type !== 'start' && $token->type !== 'empty') continue;
|
|
|
|
// copy out attributes for easy manipulation
|
|
$attr = $token->attributes;
|
|
|
|
// do global transformations
|
|
// ex. <ELEMENT lang="fr"> to <ELEMENT lang="fr" xml:lang="fr">
|
|
// DEFINITION CALL
|
|
foreach ($this->definition->info_attr_transform as $transform) {
|
|
$attr = $transform->transform($attr);
|
|
}
|
|
|
|
// do local transformations only applicable to this element
|
|
// ex. <p align="right"> to <p style="text-align:right;">
|
|
// DEFINITION CALL
|
|
foreach ($this->definition->info[$token->name]->attr_transform
|
|
as $transform
|
|
) {
|
|
$attr = $transform->transform($attr);
|
|
}
|
|
|
|
// create alias to this element's attribute definition array, see
|
|
// also $d_defs (global attribute definition array)
|
|
// DEFINITION CALL
|
|
$defs = $this->definition->info[$token->name]->attr;
|
|
|
|
// iterate through all the attribute keypairs
|
|
// Watch out for name collisions: $key has previously been used
|
|
foreach ($attr as $attr_key => $value) {
|
|
|
|
// call the definition
|
|
if ( isset($defs[$attr_key]) ) {
|
|
// there is a local definition defined
|
|
if ($defs[$attr_key] === false) {
|
|
// We've explicitly been told not to allow this element.
|
|
// This is usually when there's a global definition
|
|
// that must be overridden.
|
|
// Theoretically speaking, we could have a
|
|
// AttrDef_DenyAll, but this is faster!
|
|
$result = false;
|
|
} else {
|
|
// validate according to the element's definition
|
|
$result = $defs[$attr_key]->validate(
|
|
$value, $config, $context
|
|
);
|
|
}
|
|
} elseif ( isset($d_defs[$attr_key]) ) {
|
|
// there is a global definition defined, validate according
|
|
// to the global definition
|
|
$result = $d_defs[$attr_key]->validate(
|
|
$value, $config, $context
|
|
);
|
|
} else {
|
|
// system never heard of the attribute? DELETE!
|
|
$result = false;
|
|
}
|
|
|
|
// put the results into effect
|
|
if ($result === false || $result === null) {
|
|
// remove the attribute
|
|
unset($attr[$attr_key]);
|
|
} elseif (is_string($result)) {
|
|
// simple substitution
|
|
$attr[$attr_key] = $result;
|
|
}
|
|
|
|
// we'd also want slightly more complicated substitution
|
|
// involving an array as the return value,
|
|
// although we're not sure how colliding attributes would
|
|
// resolve (certain ones would be completely overriden,
|
|
// others would prepend themselves).
|
|
}
|
|
|
|
// commit changes
|
|
// could interfere with flyweight implementation
|
|
$tokens[$key]->attributes = $attr;
|
|
}
|
|
return $tokens;
|
|
}
|
|
|
|
}
|
|
|
|
?>
|