library/HTMLPurifier/AttrDef/HTML/Nmtokens.php

   1 <?php
   2
   3 require_once 'HTMLPurifier/AttrDef.php';
   4 require_once 'HTMLPurifier/Config.php';
   5
   6 /**
   7  * Validates contents based on NMTOKENS attribute type.
   8  * @note The only current use for this is the class attribute in HTML
   9  * @note Could have some functionality factored out into Nmtoken class
  10  * @warning We cannot assume this class will be used only for 'class'
  11  *          attributes. Not sure how to hook in magic behavior, then.
  12  */
  13 class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
  14 {
  15
  16     function validate($string, $config, &$context) {
  17
  18         $string = trim($string);
  19
  20         // early abort: '' and '0' (strings that convert to false) are invalid
  21         if (!$string) return false;
  22
  23         // OPTIMIZABLE!
  24         // do the preg_match, capture all subpatterns for reformulation
  25
  26         // we don't support U+00A1 and up codepoints or
  27         // escaping because I don't know how to do that with regexps
  28         // and plus it would complicate optimization efforts (you never
  29         // see that anyway).
  30         $matches = array();
  31         $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
  32                    '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'.
  33                    '(?:(?=\s)|\z)/'; // look ahead for space or string end
  34         preg_match_all($pattern, $string, $matches);
  35
  36         if (empty($matches[1])) return false;
  37
  38         // reconstruct string
  39         $new_string = '';
  40         foreach ($matches[1] as $token) {
  41             $new_string .= $token . ' ';
  42         }
  43         $new_string = rtrim($new_string);
  44
  45         return $new_string;
  46
  47     }
  48
  49 }
  50