library/HTMLPurifier/AttrDef/HTML/Class.php

   1 <?php
   2
   3 /**
   4  * Implements special behavior for class attribute (normally NMTOKENS)
   5  */
   6 class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
   7 {
   8     /**
   9      * @param string $string
  10      * @param HTMLPurifier_Config $config
  11      * @param HTMLPurifier_Context $context
  12      * @return bool|string
  13      */
  14     protected function split($string, $config, $context)
  15     {
  16         // really, this twiddle should be lazy loaded
  17         $name = $config->getDefinition('HTML')->doctype->name;
  18         if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
  19             return parent::split($string, $config, $context);
  20         } else {
  21             return preg_split('/\s+/', $string);
  22         }
  23     }
  24
  25     /**
  26      * @param array $tokens
  27      * @param HTMLPurifier_Config $config
  28      * @param HTMLPurifier_Context $context
  29      * @return array
  30      */
  31     protected function filter($tokens, $config, $context)
  32     {
  33         $allowed = $config->get('Attr.AllowedClasses');
  34         $forbidden = $config->get('Attr.ForbiddenClasses');
  35         $ret = array();
  36         foreach ($tokens as $token) {
  37             if (($allowed === null || isset($allowed[$token])) &&
  38                 !isset($forbidden[$token]) &&
  39                 // We need this O(n) check because of PHP's array
  40                 // implementation that casts -0 to 0.
  41                 !in_array($token, $ret, true)
  42             ) {
  43                 $ret[] = $token;
  44             }
  45         }
  46         return $ret;
  47     }
  48 }