library/HTMLPurifier/Strategy/ValidateAttributes.php

   1 <?php
   2
   3 /**
   4  * Validate all attributes in the tokens.
   5  */
   6
   7 class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
   8 {
   9
  10     public function execute($tokens, $config, $context) {
  11
  12         // setup validator
  13         $validator = new HTMLPurifier_AttrValidator();
  14
  15         $token = false;
  16         $context->register('CurrentToken', $token);
  17
  18         foreach ($tokens as $key => $token) {
  19
  20             // only process tokens that have attributes,
  21             //   namely start and empty tags
  22             if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) continue;
  23
  24             // skip tokens that are armored
  25             if (!empty($token->armor['ValidateAttributes'])) continue;
  26
  27             // note that we have no facilities here for removing tokens
  28             $validator->validateToken($token, $config, $context);
  29
  30             $tokens[$key] = $token; // for PHP 4
  31         }
  32         $context->destroy('CurrentToken');
  33
  34         return $tokens;
  35     }
  36
  37 }
  38
  39 // vim: et sw=4 sts=4