HTMLPurifier 4.4.0
/home/ezyang/Dev/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php
Go to the documentation of this file.
00001 <?php
00002 
00014 class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
00015 {
00016 
00017     public function validate($css, $config, $context) {
00018 
00019         $css = $this->parseCDATA($css);
00020 
00021         $definition = $config->getCSSDefinition();
00022 
00023         // we're going to break the spec and explode by semicolons.
00024         // This is because semicolon rarely appears in escaped form
00025         // Doing this is generally flaky but fast
00026         // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
00027         // for details
00028 
00029         $declarations = explode(';', $css);
00030         $propvalues = array();
00031 
00035         $property = false;
00036         $context->register('CurrentCSSProperty', $property);
00037 
00038         foreach ($declarations as $declaration) {
00039             if (!$declaration) continue;
00040             if (!strpos($declaration, ':')) continue;
00041             list($property, $value) = explode(':', $declaration, 2);
00042             $property = trim($property);
00043             $value    = trim($value);
00044             $ok = false;
00045             do {
00046                 if (isset($definition->info[$property])) {
00047                     $ok = true;
00048                     break;
00049                 }
00050                 if (ctype_lower($property)) break;
00051                 $property = strtolower($property);
00052                 if (isset($definition->info[$property])) {
00053                     $ok = true;
00054                     break;
00055                 }
00056             } while(0);
00057             if (!$ok) continue;
00058             // inefficient call, since the validator will do this again
00059             if (strtolower(trim($value)) !== 'inherit') {
00060                 // inherit works for everything (but only on the base property)
00061                 $result = $definition->info[$property]->validate(
00062                     $value, $config, $context );
00063             } else {
00064                 $result = 'inherit';
00065             }
00066             if ($result === false) continue;
00067             $propvalues[$property] = $result;
00068         }
00069 
00070         $context->destroy('CurrentCSSProperty');
00071 
00072         // procedure does not write the new CSS simultaneously, so it's
00073         // slightly inefficient, but it's the only way of getting rid of
00074         // duplicates. Perhaps config to optimize it, but not now.
00075 
00076         $new_declarations = '';
00077         foreach ($propvalues as $prop => $value) {
00078             $new_declarations .= "$prop:$value;";
00079         }
00080 
00081         return $new_declarations ? $new_declarations : false;
00082 
00083     }
00084 
00085 }
00086 
00087 // vim: et sw=4 sts=4