You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Nmtokens.php 2.1KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
  1. <?php
  2. /**
  3. * Validates contents based on NMTOKENS attribute type.
  4. */
  5. class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
  6. {
  7. /**
  8. * @param string $string
  9. * @param HTMLPurifier_Config $config
  10. * @param HTMLPurifier_Context $context
  11. * @return bool|string
  12. */
  13. public function validate($string, $config, $context)
  14. {
  15. $string = trim($string);
  16. // early abort: '' and '0' (strings that convert to false) are invalid
  17. if (!$string) {
  18. return false;
  19. }
  20. $tokens = $this->split($string, $config, $context);
  21. $tokens = $this->filter($tokens, $config, $context);
  22. if (empty($tokens)) {
  23. return false;
  24. }
  25. return implode(' ', $tokens);
  26. }
  27. /**
  28. * Splits a space separated list of tokens into its constituent parts.
  29. * @param string $string
  30. * @param HTMLPurifier_Config $config
  31. * @param HTMLPurifier_Context $context
  32. * @return array
  33. */
  34. protected function split($string, $config, $context)
  35. {
  36. // OPTIMIZABLE!
  37. // do the preg_match, capture all subpatterns for reformulation
  38. // we don't support U+00A1 and up codepoints or
  39. // escaping because I don't know how to do that with regexps
  40. // and plus it would complicate optimization efforts (you never
  41. // see that anyway).
  42. $pattern = '/(?:(?<=\s)|\A)' . // look behind for space or string start
  43. '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)' .
  44. '(?:(?=\s)|\z)/'; // look ahead for space or string end
  45. preg_match_all($pattern, $string, $matches);
  46. return $matches[1];
  47. }
  48. /**
  49. * Template method for removing certain tokens based on arbitrary criteria.
  50. * @note If we wanted to be really functional, we'd do an array_filter
  51. * with a callback. But... we're not.
  52. * @param array $tokens
  53. * @param HTMLPurifier_Config $config
  54. * @param HTMLPurifier_Context $context
  55. * @return array
  56. */
  57. protected function filter($tokens, $config, $context)
  58. {
  59. return $tokens;
  60. }
  61. }
  62. // vim: et sw=4 sts=4