HTMLPurifier_Lexer Class Reference

Forgivingly lexes HTML (SGML-style) markup into tokens. More...

Inheritance diagram for HTMLPurifier_Lexer:

Collaboration diagram for HTMLPurifier_Lexer:

Public Member Functions
	__construct ()
	parseText ($string, $config)
	parseAttr ($string, $config)
	parseData ($string, $is_attr, $config)
	Parses special entities into the proper characters. More...
	tokenizeHTML ($string, $config, $context)
	Lexes an HTML string into tokens. More...
	normalize ($html, $config, $context)
	Takes a piece of HTML and normalizes it by converting entities, fixing encoding, extracting bits, and other good stuff. More...
	extractBody ($html)
	Takes a string of HTML (fragment or document) and returns the content. More...

Static Public Member Functions
static	create ($config)
	Retrieves or sets the default Lexer as a Prototype Factory. More...

Data Fields
	$tracksLineNumbers = false
	Whether or not this lexer implements line-number/column-number tracking. More...

Static Protected Member Functions
static	escapeCDATA ($string)
	Translates CDATA sections into regular sections (through escaping). More...
static	escapeCommentedCDATA ($string)
	Special CDATA case that is especially convoluted for <script> More...
static	removeIEConditional ($string)
	Special Internet Explorer conditional comments should be removed. More...
static	CDATACallback ($matches)
	Callback function for escapeCDATA() that does the work. More...

Protected Attributes
	$_special_entity2str
	Most common entity to raw value conversion table for special entities. More...

Detailed Description

Forgivingly lexes HTML (SGML-style) markup into tokens.

A lexer parses a string of SGML-style markup and converts them into corresponding tokens. It doesn't check for well-formedness, although its internal mechanism may make this automatic (such as the case of HTMLPurifier_Lexer_DOMLex). There are several implementations to choose from.

A lexer is HTML-oriented: it might work with XML, but it's not recommended, as we adhere to a subset of the specification for optimization reasons. This might change in the future. Also, most tokenizers are not expected to handle DTDs or PIs.

This class should not be directly instantiated, but you may use create() to retrieve a default copy of the lexer. Being a supertype, this class does not actually define any implementation, but offers commonly used convenience functions for subclasses.

Note

The unit tests will instantiate this class for testing purposes, as many of the utility functions require a class to be instantiated. This means that, even though this class is not runnable, it will not be declared abstract.

Note

We use tokens rather than create a DOM representation because DOM would:

1. Require more processing and memory to create,
2. Is not streamable, and
3. Has the entire document structure (html and body not needed).

However, DOM is helpful in that it makes it easy to move around nodes without a lot of lookaheads to see when a tag is closed. This is a limitation of the token system and some workarounds would be nice.

Definition at line 42 of file Lexer.php.

Constructor & Destructor Documentation

__construct()

HTMLPurifier_Lexer::__construct

(

)

Definition at line 152 of file Lexer.php.

    {
        $this->_entity_parser = new HTMLPurifier_EntityParser();
    }

Member Function Documentation

CDATACallback()

static HTMLPurifier_Lexer::CDATACallback (   $matches )

staticprotected

Callback function for escapeCDATA() that does the work.

Warning

Though this is public in order to let the callback happen, calling it directly is not recommended.

Parameters

array

$matches

PCRE matches array, with index 0 the entire match and 1 the inside of the CDATA section.

Returns

string Escaped internals of the CDATA section.

Definition at line 290 of file Lexer.php.

    {
        // not exactly sure why the character set is needed, but whatever
        return htmlspecialchars($matches[1], ENT_COMPAT, 'UTF-8');
    }

create()

static HTMLPurifier_Lexer::create (   $config )

static

Retrieves or sets the default Lexer as a Prototype Factory.

By default HTMLPurifier_Lexer_DOMLex will be returned. There are a few exceptions involving special features that only DirectLex implements.

Note

The behavior of this class has changed, rather than accepting a prototype object, it now accepts a configuration object. To specify your own prototype, set Core.LexerImpl to it. This change in behavior de-singletonizes the lexer object.

Parameters

HTMLPurifier_Config

$config

Returns

HTMLPurifier_Lexer

Exceptions

HTMLPurifier_Exception

Definition at line 69 of file Lexer.php.

References $config.

Referenced by HTMLPurifier\purify().

    {
        if (!($config instanceof HTMLPurifier_Config)) {
            $lexer = $config;
            trigger_error(
                "Passing a prototype to
                HTMLPurifier_Lexer::create() is deprecated, please instead
                use %Core.LexerImpl",
                E_USER_WARNING
            );
        } else {
            $lexer = $config->get('Core.LexerImpl');
        }

        $needs_tracking =
            $config->get('Core.MaintainLineNumbers') ||
            $config->get('Core.CollectErrors');

        $inst = null;
        if (is_object($lexer)) {
            $inst = $lexer;
        } else {
            if (is_null($lexer)) {
                do {
                    // auto-detection algorithm
                    if ($needs_tracking) {
                        $lexer = 'DirectLex';
                        break;
                    }

                    if (class_exists('DOMDocument', false) &&
                        method_exists('DOMDocument', 'loadHTML') &&
                        !extension_loaded('domxml')
                    ) {
                        // check for DOM support, because while it's part of the
                        // core, it can be disabled compile time. Also, the PECL
                        // domxml extension overrides the default DOM, and is evil
                        // and nasty and we shan't bother to support it
                        $lexer = 'DOMLex';
                    } else {
                        $lexer = 'DirectLex';
                    }
                } while (0);
            } // do..while so we can break

            // instantiate recognized string names
            switch ($lexer) {
                case 'DOMLex':
                    $inst = new HTMLPurifier_Lexer_DOMLex();
                    break;
                case 'DirectLex':
                    $inst = new HTMLPurifier_Lexer_DirectLex();
                    break;
                case 'PH5P':
                    $inst = new HTMLPurifier_Lexer_PH5P();
                    break;
                default:
                    throw new HTMLPurifier_Exception(
                        "Cannot instantiate unrecognized Lexer type " .
                        htmlspecialchars($lexer)
                    );
            }
        }

        if (!$inst) {
            throw new HTMLPurifier_Exception('No lexer was instantiated');
        }

        // once PHP DOM implements native line numbers, or we
        // hack out something using XSLT, remove this stipulation
        if ($needs_tracking && !$inst->tracksLineNumbers) {
            throw new HTMLPurifier_Exception(
                'Cannot use lexer that does not support line numbers with ' .
                'Core.MaintainLineNumbers or Core.CollectErrors (use DirectLex instead)'
            );
        }

        return $inst;

    }

Here is the caller graph for this function:

escapeCDATA()

static HTMLPurifier_Lexer::escapeCDATA (   $string )

staticprotected

Translates CDATA sections into regular sections (through escaping).

Parameters

string

$string

HTML string to process.

Returns

string HTML with CDATA sections escaped.

Definition at line 244 of file Lexer.php.

Referenced by normalize().

    {
        return preg_replace_callback(
            '/<!\[CDATA\[(.+?)\]\]>/s',
            array('HTMLPurifier_Lexer', 'CDATACallback'),
            $string
        );
    }

Here is the caller graph for this function:

escapeCommentedCDATA()

static HTMLPurifier_Lexer::escapeCommentedCDATA (   $string )

staticprotected

Special CDATA case that is especially convoluted for <script>

Parameters

string

$string

HTML string to process.

Returns

string HTML with CDATA sections escaped.

Definition at line 258 of file Lexer.php.

Referenced by normalize().

    {
        return preg_replace_callback(
            '#<!--//--><!\[CDATA\[//><!--(.+?)//--><!\]\]>#s',
            array('HTMLPurifier_Lexer', 'CDATACallback'),
            $string
        );
    }

Here is the caller graph for this function:

extractBody()

HTMLPurifier_Lexer::extractBody

(

$html

)

Takes a string of HTML (fragment or document) and returns the content.

Todo:

Consider making protected

Definition at line 365 of file Lexer.php.

References $html, and $result.

Referenced by normalize().

    {
        $matches = array();
        $result = preg_match('|(.*?)<body[^>]*>(.*)</body>|is', $html, $matches);
        if ($result) {
            // Make sure it's not in a comment
            $comment_start = strrpos($matches[1], '<!--');
            $comment_end   = strrpos($matches[1], '-->');
            if ($comment_start === false ||
                ($comment_end !== false && $comment_end > $comment_start)) {
                return $matches[2];
            }
        }
        return $html;
    }

Here is the caller graph for this function:

normalize()

HTMLPurifier_Lexer::normalize	(		$html,
			$config,
			$context
	)

Takes a piece of HTML and normalizes it by converting entities, fixing encoding, extracting bits, and other good stuff.

Parameters

string	$html	HTML.
HTMLPurifier_Config	$config
HTMLPurifier_Context	$context

Returns

string

Todo:

Consider making protected

Definition at line 305 of file Lexer.php.

References $config, $context, $html, HTMLPurifier_Encoder\cleanUTF8(), escapeCDATA(), escapeCommentedCDATA(), extractBody(), and removeIEConditional().

Referenced by HTMLPurifier_Lexer_PH5P\tokenizeHTML(), HTMLPurifier_Lexer_DirectLex\tokenizeHTML(), and HTMLPurifier_Lexer_DOMLex\tokenizeHTML().

    {
        // normalize newlines to \n
        if ($config->get('Core.NormalizeNewlines')) {
            $html = str_replace("\r\n", "\n", $html);
            $html = str_replace("\r", "\n", $html);
        }

        if ($config->get('HTML.Trusted')) {
            // escape convoluted CDATA
            $html = $this->escapeCommentedCDATA($html);
        }

        // escape CDATA
        $html = $this->escapeCDATA($html);

        $html = $this->removeIEConditional($html);

        // extract body from document if applicable
        if ($config->get('Core.ConvertDocumentToFragment')) {
            $e = false;
            if ($config->get('Core.CollectErrors')) {
                $e =& $context->get('ErrorCollector');
            }
            $new_html = $this->extractBody($html);
            if ($e && $new_html != $html) {
                $e->send(E_WARNING, 'Lexer: Extracted body');
            }
            $html = $new_html;
        }

        // expand entities that aren't the big five
        if ($config->get('Core.LegacyEntityDecoder')) {
            $html = $this->_entity_parser->substituteNonSpecialEntities($html);
        }

        // clean into wellformed UTF-8 string for an SGML context: this has
        // to be done after entity expansion because the entities sometimes
        // represent non-SGML characters (horror, horror!)
        $html = HTMLPurifier_Encoder::cleanUTF8($html);

        // if processing instructions are to removed, remove them now
        if ($config->get('Core.RemoveProcessingInstructions')) {
            $html = preg_replace('#<\?.+?\?>#s', '', $html);
        }

        $hidden_elements = $config->get('Core.HiddenElements');
        if ($config->get('Core.AggressivelyRemoveScript') &&
            !($config->get('HTML.Trusted') || !$config->get('Core.RemoveScriptContents')
            || empty($hidden_elements["script"]))) {
            $html = preg_replace('#<script[^>]*>.*?</script>#i', '', $html);
        }

        return $html;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

parseAttr()

HTMLPurifier_Lexer::parseAttr	(		$string,
			$config
	)

Definition at line 176 of file Lexer.php.

References $config, and parseData().

Referenced by HTMLPurifier_Lexer_DirectLex\parseAttributeString().

                                                {
        return $this->parseData($string, true, $config);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

parseData()

HTMLPurifier_Lexer::parseData	(		$string,
			$is_attr,
			$config
	)

Parses special entities into the proper characters.

This string will translate escaped versions of the special characters into the correct ones.

Parameters

string

$string

String character data to be parsed.

Returns

string Parsed character data.

Definition at line 189 of file Lexer.php.

References $config.

Referenced by parseAttr(), and parseText().

    {
        // following functions require at least one character
        if ($string === '') {
            return '';
        }

        // subtracts amps that cannot possibly be escaped
        $num_amp = substr_count($string, '&') - substr_count($string, '& ') -
            ($string[strlen($string) - 1] === '&' ? 1 : 0);

        if (!$num_amp) {
            return $string;
        } // abort if no entities
        $num_esc_amp = substr_count($string, '&');
        $string = strtr($string, $this->_special_entity2str);

        // code duplication for sake of optimization, see above
        $num_amp_2 = substr_count($string, '&') - substr_count($string, '& ') -
            ($string[strlen($string) - 1] === '&' ? 1 : 0);

        if ($num_amp_2 <= $num_esc_amp) {
            return $string;
        }

        // hmm... now we have some uncommon entities. Use the callback.
        if ($config->get('Core.LegacyEntityDecoder')) {
            $string = $this->_entity_parser->substituteSpecialEntities($string);
        } else {
            if ($is_attr) {
                $string = $this->_entity_parser->substituteAttrEntities($string);
            } else {
                $string = $this->_entity_parser->substituteTextEntities($string);
            }
        }
        return $string;
    }

Here is the caller graph for this function:

parseText()

HTMLPurifier_Lexer::parseText	(		$string,
			$config
	)

Definition at line 172 of file Lexer.php.

References $config, and parseData().

Referenced by HTMLPurifier_Lexer_DOMLex\createStartNode(), and HTMLPurifier_Lexer_DirectLex\tokenizeHTML().

                                                {
        return $this->parseData($string, false, $config);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

removeIEConditional()

static HTMLPurifier_Lexer::removeIEConditional (   $string )

staticprotected

Special Internet Explorer conditional comments should be removed.

Parameters

string

$string

HTML string to process.

Returns

string HTML with conditional comments removed.

Definition at line 272 of file Lexer.php.

Referenced by normalize().

    {
        return preg_replace(
            '#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
            '',
            $string
        );
    }

Here is the caller graph for this function:

tokenizeHTML()

HTMLPurifier_Lexer::tokenizeHTML	(		$string,
			$config,
			$context
	)

Lexes an HTML string into tokens.

Parameters

	$string	String HTML.
HTMLPurifier_Config	$config
HTMLPurifier_Context	$context

Returns

HTMLPurifier_Token[] array representation of HTML.

Definition at line 234 of file Lexer.php.

    {
        trigger_error('Call to abstract class', E_USER_ERROR);
    }

Field Documentation

$_special_entity2str

HTMLPurifier_Lexer::$_special_entity2str

protected

Initial value:

=
        array(
            '"' => '"',
            '&' => '&',
            '&lt;' => '<',
            '&gt;' => '>',
            '&#39;' => "'",
            '&#039;' => "'",
            '&#x27;' => "'"
        )

Most common entity to raw value conversion table for special entities.

array

Definition at line 161 of file Lexer.php.

$tracksLineNumbers

HTMLPurifier_Lexer::$tracksLineNumbers = false

Whether or not this lexer implements line-number/column-number tracking.

If it does, set to true.

Definition at line 49 of file Lexer.php.

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Lexer.php