123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 |
- <?php
- /**
- * Base class for all validating attribute definitions.
- *
- * This family of classes forms the core for not only HTML attribute validation,
- * but also any sort of string that needs to be validated or cleaned (which
- * means CSS properties and composite definitions are defined here too).
- * Besides defining (through code) what precisely makes the string valid,
- * subclasses are also responsible for cleaning the code if possible.
- */
- abstract class HTMLPurifier_AttrDef
- {
- /**
- * Tells us whether or not an HTML attribute is minimized.
- * Has no meaning in other contexts.
- * @type bool
- */
- public $minimized = false;
- /**
- * Tells us whether or not an HTML attribute is required.
- * Has no meaning in other contexts
- * @type bool
- */
- public $required = false;
- /**
- * Validates and cleans passed string according to a definition.
- *
- * @param string $string String to be validated and cleaned.
- * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.
- * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object.
- */
- abstract public function validate($string, $config, $context);
- /**
- * Convenience method that parses a string as if it were CDATA.
- *
- * This method process a string in the manner specified at
- * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing
- * leading and trailing whitespace, ignoring line feeds, and replacing
- * carriage returns and tabs with spaces. While most useful for HTML
- * attributes specified as CDATA, it can also be applied to most CSS
- * values.
- *
- * @note This method is not entirely standards compliant, as trim() removes
- * more types of whitespace than specified in the spec. In practice,
- * this is rarely a problem, as those extra characters usually have
- * already been removed by HTMLPurifier_Encoder.
- *
- * @warning This processing is inconsistent with XML's whitespace handling
- * as specified by section 3.3.3 and referenced XHTML 1.0 section
- * 4.7. However, note that we are NOT necessarily
- * parsing XML, thus, this behavior may still be correct. We
- * assume that newlines have been normalized.
- */
- public function parseCDATA($string)
- {
- $string = trim($string);
- $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
- return $string;
- }
- /**
- * Factory method for creating this class from a string.
- * @param string $string String construction info
- * @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string
- */
- public function make($string)
- {
- // default implementation, return a flyweight of this object.
- // If $string has an effect on the returned object (i.e. you
- // need to overload this method), it is best
- // to clone or instantiate new copies. (Instantiation is safer.)
- return $this;
- }
- /**
- * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work
- * properly. THIS IS A HACK!
- * @param string $string a CSS colour definition
- * @return string
- */
- protected function mungeRgb($string)
- {
- $p = '\s*(\d+(\.\d+)?([%]?))\s*';
- if (preg_match('/(rgba|hsla)\(/', $string)) {
- return preg_replace('/(rgba|hsla)\('.$p.','.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8,\11)', $string);
- }
- return preg_replace('/(rgb|hsl)\('.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8)', $string);
- }
- /**
- * Parses a possibly escaped CSS string and returns the "pure"
- * version of it.
- */
- protected function expandCSSEscape($string)
- {
- // flexibly parse it
- $ret = '';
- for ($i = 0, $c = strlen($string); $i < $c; $i++) {
- if ($string[$i] === '\\') {
- $i++;
- if ($i >= $c) {
- $ret .= '\\';
- break;
- }
- if (ctype_xdigit($string[$i])) {
- $code = $string[$i];
- for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
- if (!ctype_xdigit($string[$i])) {
- break;
- }
- $code .= $string[$i];
- }
- // We have to be extremely careful when adding
- // new characters, to make sure we're not breaking
- // the encoding.
- $char = HTMLPurifier_Encoder::unichr(hexdec($code));
- if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
- continue;
- }
- $ret .= $char;
- if ($i < $c && trim($string[$i]) !== '') {
- $i--;
- }
- continue;
- }
- if ($string[$i] === "\n") {
- continue;
- }
- }
- $ret .= $string[$i];
- }
- return $ret;
- }
- }
- // vim: et sw=4 sts=4
|