HTMLPurifier 4.4.0
|
00001 <?php 00002 00014 class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef 00015 { 00016 00017 public function validate($css, $config, $context) { 00018 00019 $css = $this->parseCDATA($css); 00020 00021 $definition = $config->getCSSDefinition(); 00022 00023 // we're going to break the spec and explode by semicolons. 00024 // This is because semicolon rarely appears in escaped form 00025 // Doing this is generally flaky but fast 00026 // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI 00027 // for details 00028 00029 $declarations = explode(';', $css); 00030 $propvalues = array(); 00031 00035 $property = false; 00036 $context->register('CurrentCSSProperty', $property); 00037 00038 foreach ($declarations as $declaration) { 00039 if (!$declaration) continue; 00040 if (!strpos($declaration, ':')) continue; 00041 list($property, $value) = explode(':', $declaration, 2); 00042 $property = trim($property); 00043 $value = trim($value); 00044 $ok = false; 00045 do { 00046 if (isset($definition->info[$property])) { 00047 $ok = true; 00048 break; 00049 } 00050 if (ctype_lower($property)) break; 00051 $property = strtolower($property); 00052 if (isset($definition->info[$property])) { 00053 $ok = true; 00054 break; 00055 } 00056 } while(0); 00057 if (!$ok) continue; 00058 // inefficient call, since the validator will do this again 00059 if (strtolower(trim($value)) !== 'inherit') { 00060 // inherit works for everything (but only on the base property) 00061 $result = $definition->info[$property]->validate( 00062 $value, $config, $context ); 00063 } else { 00064 $result = 'inherit'; 00065 } 00066 if ($result === false) continue; 00067 $propvalues[$property] = $result; 00068 } 00069 00070 $context->destroy('CurrentCSSProperty'); 00071 00072 // procedure does not write the new CSS simultaneously, so it's 00073 // slightly inefficient, but it's the only way of getting rid of 00074 // duplicates. Perhaps config to optimize it, but not now. 00075 00076 $new_declarations = ''; 00077 foreach ($propvalues as $prop => $value) { 00078 $new_declarations .= "$prop:$value;"; 00079 } 00080 00081 return $new_declarations ? $new_declarations : false; 00082 00083 } 00084 00085 } 00086 00087 // vim: et sw=4 sts=4