HTMLPurifier_AttrValidator Class Reference
Validates the attributes of a token. More...
Collaboration diagram for HTMLPurifier_AttrValidator:
Public Member Functions | |
| validateToken ($token, $config, $context) | |
| Validates the attributes of a token, mutating it as necessary. More... | |
Detailed Description
Validates the attributes of a token.
Doesn't manage required attributes very well. The only reason we factored this out was because RemoveForeignElements also needed it besides ValidateAttributes.
Definition at line 8 of file AttrValidator.php.
Member Function Documentation
◆ validateToken()
| HTMLPurifier_AttrValidator::validateToken | ( | $token, | |
| $config, | |||
| $context | |||
| ) |
Validates the attributes of a token, mutating it as necessary.
that has valid tokens
- Parameters
-
HTMLPurifier_Token $token Token to validate. HTMLPurifier_Config $config Instance of HTMLPurifier_Config HTMLPurifier_Context $context Instance of HTMLPurifier_Context
Definition at line 18 of file AttrValidator.php.
19 {
20 $definition = $config->getHTMLDefinition();
21 $e =& $context->get('ErrorCollector', true);
22
23 // initialize IDAccumulator if necessary
26 $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
27 $context->register('IDAccumulator', $id_accumulator);
28 }
29
30 // initialize CurrentToken if necessary
31 $current_token =& $context->get('CurrentToken', true);
32 if (!$current_token) {
33 $context->register('CurrentToken', $token);
34 }
35
37 !$token instanceof HTMLPurifier_Token_Empty
38 ) {
39 return;
40 }
41
42 // create alias to global definition array, see also $defs
43 // DEFINITION CALL
44 $d_defs = $definition->info_global_attr;
45
46 // don't update token until the very end, to ensure an atomic update
47 $attr = $token->attr;
48
49 // do global transformations (pre)
50 // nothing currently utilizes this
51 foreach ($definition->info_attr_transform_pre as $transform) {
52 $attr = $transform->transform($o = $attr, $config, $context);
53 if ($e) {
54 if ($attr != $o) {
55 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
56 }
57 }
58 }
59
60 // do local transformations only applicable to this element (pre)
61 // ex. <p align="right"> to <p style="text-align:right;">
62 foreach ($definition->info[$token->name]->attr_transform_pre as $transform) {
63 $attr = $transform->transform($o = $attr, $config, $context);
64 if ($e) {
65 if ($attr != $o) {
66 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
67 }
68 }
69 }
70
71 // create alias to this element's attribute definition array, see
72 // also $d_defs (global attribute definition array)
73 // DEFINITION CALL
74 $defs = $definition->info[$token->name]->attr;
75
76 $attr_key = false;
77 $context->register('CurrentAttr', $attr_key);
78
79 // iterate through all the attribute keypairs
80 // Watch out for name collisions: $key has previously been used
81 foreach ($attr as $attr_key => $value) {
82
83 // call the definition
84 if (isset($defs[$attr_key])) {
85 // there is a local definition defined
86 if ($defs[$attr_key] === false) {
87 // We've explicitly been told not to allow this element.
88 // This is usually when there's a global definition
89 // that must be overridden.
90 // Theoretically speaking, we could have a
91 // AttrDef_DenyAll, but this is faster!
93 } else {
94 // validate according to the element's definition
95 $result = $defs[$attr_key]->validate(
96 $value,
97 $config,
98 $context
99 );
100 }
101 } elseif (isset($d_defs[$attr_key])) {
102 // there is a global definition defined, validate according
103 // to the global definition
104 $result = $d_defs[$attr_key]->validate(
105 $value,
106 $config,
107 $context
108 );
109 } else {
110 // system never heard of the attribute? DELETE!
112 }
113
114 // put the results into effect
116 // this is a generic error message that should replaced
117 // with more specific ones when possible
118 if ($e) {
119 $e->send(E_ERROR, 'AttrValidator: Attribute removed');
120 }
121
122 // remove the attribute
123 unset($attr[$attr_key]);
124 } elseif (is_string($result)) {
125 // generally, if a substitution is happening, there
126 // was some sort of implicit correction going on. We'll
127 // delegate it to the attribute classes to say exactly what.
128
129 // simple substitution
130 $attr[$attr_key] = $result;
131 } else {
132 // nothing happens
133 }
134
135 // we'd also want slightly more complicated substitution
136 // involving an array as the return value,
137 // although we're not sure how colliding attributes would
138 // resolve (certain ones would be completely overriden,
139 // others would prepend themselves).
140 }
141
142 $context->destroy('CurrentAttr');
143
144 // post transforms
145
146 // global (error reporting untested)
147 foreach ($definition->info_attr_transform_post as $transform) {
148 $attr = $transform->transform($o = $attr, $config, $context);
149 if ($e) {
150 if ($attr != $o) {
151 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
152 }
153 }
154 }
155
156 // local (error reporting untested)
157 foreach ($definition->info[$token->name]->attr_transform_post as $transform) {
158 $attr = $transform->transform($o = $attr, $config, $context);
159 if ($e) {
160 if ($attr != $o) {
161 $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
162 }
163 }
164 }
165
166 $token->attr = $attr;
167
168 // destroy CurrentToken if we made it ourselves
169 if (!$current_token) {
170 $context->destroy('CurrentToken');
171 }
172
173 }
static build($config, $context)
Builds an IDAccumulator, also initializing the default blacklist.
Definition: IDAccumulator.php:24
References $ok, $result, and HTMLPurifier_IDAccumulator\build().
Here is the call graph for this function:
The documentation for this class was generated from the following file:
- Services/Html/HtmlPurifier/library/HTMLPurifier/AttrValidator.php
