HTMLPurifier_AttrDef Class Reference

Base class for all validating attribute definitions. More...

Inheritance diagram for HTMLPurifier_AttrDef:

Collaboration diagram for HTMLPurifier_AttrDef:

Public Member Functions
	validate ($string, $config, $context)
	Validates and cleans passed string according to a definition. More...
	parseCDATA ($string)
	Convenience method that parses a string as if it were CDATA. More...
	make ($string)
	Factory method for creating this class from a string. More...

Data Fields
	$minimized = false
	Tells us whether or not an HTML attribute is minimized. More...
	$required = false
	Tells us whether or not an HTML attribute is required. More...

Protected Member Functions
	mungeRgb ($string)
	Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work properly. More...
	expandCSSEscape ($string)
	Parses a possibly escaped CSS string and returns the "pure" version of it. More...

Detailed Description

Base class for all validating attribute definitions.

This family of classes forms the core for not only HTML attribute validation, but also any sort of string that needs to be validated or cleaned (which means CSS properties and composite definitions are defined here too). Besides defining (through code) what precisely makes the string valid, subclasses are also responsible for cleaning the code if possible.

Definition at line 13 of file AttrDef.php.

Member Function Documentation

expandCSSEscape()

HTMLPurifier_AttrDef::expandCSSEscape (   $string )

protected

Parses a possibly escaped CSS string and returns the "pure" version of it.

Definition at line 102 of file AttrDef.php.

References $c, $code, $i, $ret, HTMLPurifier_Encoder\cleanUTF8(), and HTMLPurifier_Encoder\unichr().

Referenced by HTMLPurifier_AttrDef_CSS_URI\validate(), and HTMLPurifier_AttrDef_CSS_FontFamily\validate().

    {
        // flexibly parse it
        $ret = '';
        for ($i = 0, $c = strlen($string); $i < $c; $i++) {
            if ($string[$i] === '\\') {
                $i++;
                if ($i >= $c) {
                    $ret .= '\\';
                    break;
                }
                if (ctype_xdigit($string[$i])) {
                    $code = $string[$i];
                    for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {
                        if (!ctype_xdigit($string[$i])) {
                            break;
                        }
                        $code .= $string[$i];
                    }
                    // We have to be extremely careful when adding
                    // new characters, to make sure we're not breaking
                    // the encoding.
                    $char = HTMLPurifier_Encoder::unichr(hexdec($code));
                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {
                        continue;
                    }
                    $ret .= $char;
                    if ($i < $c && trim($string[$i]) !== '') {
                        $i--;
                    }
                    continue;
                }
                if ($string[$i] === "\n") {
                    continue;
                }
            }
            $ret .= $string[$i];
        }
        return $ret;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

make()

HTMLPurifier_AttrDef::make

(

$string

)

Factory method for creating this class from a string.

Parameters

string

$string

String construction info

Returns

HTMLPurifier_AttrDef Created AttrDef object corresponding to $string

Definition at line 72 of file AttrDef.php.

    {
        // default implementation, return a flyweight of this object.
        // If $string has an effect on the returned object (i.e. you
        // need to overload this method), it is best
        // to clone or instantiate new copies. (Instantiation is safer.)
        return $this;
    }

mungeRgb()

HTMLPurifier_AttrDef::mungeRgb (   $string )

protected

Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work properly.

THIS IS A HACK!

Parameters

string

$string

a CSS colour definition

Returns

string

Definition at line 87 of file AttrDef.php.

Referenced by HTMLPurifier_AttrDef_CSS_Border\validate(), HTMLPurifier_AttrDef_CSS_Background\validate(), and HTMLPurifier_AttrDef_CSS_Multiple\validate().

    {
        $p = '\s*(\d+(\.\d+)?([%]?))\s*';

        if (preg_match('/(rgba|hsla)\(/', $string)) {
            return preg_replace('/(rgba|hsla)\('.$p.','.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8,\11)', $string);
        }

        return preg_replace('/(rgb|hsl)\('.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8)', $string);
    }

Here is the caller graph for this function:

parseCDATA()

HTMLPurifier_AttrDef::parseCDATA

(

$string

)

Convenience method that parses a string as if it were CDATA.

This method process a string in the manner specified at http://www.w3.org/TR/html4/types.html#h-6.2 by removing leading and trailing whitespace, ignoring line feeds, and replacing carriage returns and tabs with spaces. While most useful for HTML attributes specified as CDATA, it can also be applied to most CSS values.

Note

This method is not entirely standards compliant, as trim() removes more types of whitespace than specified in the spec. In practice, this is rarely a problem, as those extra characters usually have already been removed by HTMLPurifier_Encoder.

Warning

This processing is inconsistent with XML's whitespace handling as specified by section 3.3.3 and referenced XHTML 1.0 section 4.7. However, note that we are NOT necessarily parsing XML, thus, this behavior may still be correct. We assume that newlines have been normalized.

Definition at line 60 of file AttrDef.php.

Referenced by HTMLPurifier_AttrDef_Text\validate(), HTMLPurifier_AttrDef_CSS_TextDecoration\validate(), HTMLPurifier_AttrDef_CSS\validate(), HTMLPurifier_AttrDef_CSS_Filter\validate(), HTMLPurifier_AttrDef_CSS_URI\validate(), HTMLPurifier_AttrDef_CSS_Percentage\validate(), HTMLPurifier_AttrDef_CSS_Number\validate(), HTMLPurifier_AttrDef_CSS_Border\validate(), HTMLPurifier_AttrDef_CSS_ListStyle\validate(), HTMLPurifier_AttrDef_CSS_Length\validate(), HTMLPurifier_AttrDef_CSS_Background\validate(), HTMLPurifier_AttrDef_CSS_Font\validate(), HTMLPurifier_AttrDef_HTML_LinkTypes\validate(), HTMLPurifier_AttrDef_CSS_Multiple\validate(), HTMLPurifier_AttrDef_URI\validate(), HTMLPurifier_AttrDef_Integer\validate(), and HTMLPurifier_AttrDef_CSS_BackgroundPosition\validate().

    {
        $string = trim($string);
        $string = str_replace(array("\n", "\t", "\r"), ' ', $string);
        return $string;
    }

Here is the caller graph for this function:

validate()

HTMLPurifier_AttrDef::validate (   $string,   $config,   $context  )

abstract

Validates and cleans passed string according to a definition.

Parameters

string	$string	String to be validated and cleaned.
HTMLPurifier_Config	$config	Mandatory HTMLPurifier_Config object.
HTMLPurifier_Context	$context	Mandatory HTMLPurifier_Context object.

Field Documentation

$minimized

HTMLPurifier_AttrDef::$minimized = false

Tells us whether or not an HTML attribute is minimized.

Has no meaning in other contexts. bool

Definition at line 21 of file AttrDef.php.

$required

HTMLPurifier_AttrDef::$required = false

Tells us whether or not an HTML attribute is required.

Has no meaning in other contexts bool

Definition at line 28 of file AttrDef.php.

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef.php