library/HTMLPurifier/AttrDef.php

   1 <?php
   2
   3 /**
   4  * Base class for all validating attribute definitions.
   5  *
   6  * This family of classes forms the core for not only HTML attribute validation,
   7  * but also any sort of string that needs to be validated or cleaned (which
   8  * means CSS properties and composite definitions are defined here too).
   9  * Besides defining (through code) what precisely makes the string valid,
  10  * subclasses are also responsible for cleaning the code if possible.
  11  */
  12
  13 abstract class HTMLPurifier_AttrDef
  14 {
  15
  16     /**
  17      * Tells us whether or not an HTML attribute is minimized. Has no
  18      * meaning in other contexts.
  19      */
  20     public $minimized = false;
  21
  22     /**
  23      * Tells us whether or not an HTML attribute is required. Has no
  24      * meaning in other contexts
  25      */
  26     public $required = false;
  27
  28     /**
  29      * Validates and cleans passed string according to a definition.
  30      *
  31      * @param $string String to be validated and cleaned.
  32      * @param $config Mandatory HTMLPurifier_Config object.
  33      * @param $context Mandatory HTMLPurifier_AttrContext object.
  34      */
  35     abstract public function validate($string, $config, $context);
  36
  37     /**
  38      * Convenience method that parses a string as if it were CDATA.
  39      *
  40      * This method process a string in the manner specified at
  41      * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
  42      * leading and trailing whitespace, ignoring line feeds, and replacing
  43      * carriage returns and tabs with spaces.  While most useful for HTML
  44      * attributes specified as CDATA, it can also be applied to most CSS
  45      * values.
  46      *
  47      * @note This method is not entirely standards compliant, as trim() removes
  48      *       more types of whitespace than specified in the spec. In practice,
  49      *       this is rarely a problem, as those extra characters usually have
  50      *       already been removed by HTMLPurifier_Encoder.
  51      *
  52      * @warning This processing is inconsistent with XML's whitespace handling
  53      *          as specified by section 3.3.3 and referenced XHTML 1.0 section
  54      *          4.7.  However, note that we are NOT necessarily
  55      *          parsing XML, thus, this behavior may still be correct. We
  56      *          assume that newlines have been normalized.
  57      */
  58     public function parseCDATA($string) {
  59         $string = trim($string);
  60         $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
  61         return $string;
  62     }
  63
  64     /**
  65      * Factory method for creating this class from a string.
  66      * @param $string String construction info
  67      * @return Created AttrDef object corresponding to $string
  68      */
  69     public function make($string) {
  70         // default implementation, return a flyweight of this object.
  71         // If $string has an effect on the returned object (i.e. you
  72         // need to overload this method), it is best
  73         // to clone or instantiate new copies. (Instantiation is safer.)
  74         return $this;
  75     }
  76
  77     /**
  78      * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
  79      * properly. THIS IS A HACK!
  80      */
  81     protected function mungeRgb($string) {
  82         return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
  83     }
  84
  85 }
  86
  87 // vim: et sw=4 sts=4