projects / github / wallabag / wallabag.git / blame
| Commit | Line | Data |
|---|---|---|
| d4949327 NL |
1 | <?php\r |
| 2 | \r | |
| 3 | /**\r | |
| 4 | * Validates the HTML attribute style, otherwise known as CSS.\r | |
| 5 | * @note We don't implement the whole CSS specification, so it might be\r | |
| 6 | * difficult to reuse this component in the context of validating\r | |
| 7 | * actual stylesheet declarations.\r | |
| 8 | * @note If we were really serious about validating the CSS, we would\r | |
| 9 | * tokenize the styles and then parse the tokens. Obviously, we\r | |
| 10 | * are not doing that. Doing that could seriously harm performance,\r | |
| 11 | * but would make these components a lot more viable for a CSS\r | |
| 12 | * filtering solution.\r | |
| 13 | */\r | |
| 14 | class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef\r | |
| 15 | {\r | |
| 16 | \r | |
| 17 | /**\r | |
| 18 | * @param string $css\r | |
| 19 | * @param HTMLPurifier_Config $config\r | |
| 20 | * @param HTMLPurifier_Context $context\r | |
| 21 | * @return bool|string\r | |
| 22 | */\r | |
| 23 | public function validate($css, $config, $context)\r | |
| 24 | {\r | |
| 25 | $css = $this->parseCDATA($css);\r | |
| 26 | \r | |
| 27 | $definition = $config->getCSSDefinition();\r | |
| 28 | \r | |
| 29 | // we're going to break the spec and explode by semicolons.\r | |
| 30 | // This is because semicolon rarely appears in escaped form\r | |
| 31 | // Doing this is generally flaky but fast\r | |
| 32 | // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI\r | |
| 33 | // for details\r | |
| 34 | \r | |
| 35 | $declarations = explode(';', $css);\r | |
| 36 | $propvalues = array();\r | |
| 37 | \r | |
| 38 | /**\r | |
| 39 | * Name of the current CSS property being validated.\r | |
| 40 | */\r | |
| 41 | $property = false;\r | |
| 42 | $context->register('CurrentCSSProperty', $property);\r | |
| 43 | \r | |
| 44 | foreach ($declarations as $declaration) {\r | |
| 45 | if (!$declaration) {\r | |
| 46 | continue;\r | |
| 47 | }\r | |
| 48 | if (!strpos($declaration, ':')) {\r | |
| 49 | continue;\r | |
| 50 | }\r | |
| 51 | list($property, $value) = explode(':', $declaration, 2);\r | |
| 52 | $property = trim($property);\r | |
| 53 | $value = trim($value);\r | |
| 54 | $ok = false;\r | |
| 55 | do {\r | |
| 56 | if (isset($definition->info[$property])) {\r | |
| 57 | $ok = true;\r | |
| 58 | break;\r | |
| 59 | }\r | |
| 60 | if (ctype_lower($property)) {\r | |
| 61 | break;\r | |
| 62 | }\r | |
| 63 | $property = strtolower($property);\r | |
| 64 | if (isset($definition->info[$property])) {\r | |
| 65 | $ok = true;\r | |
| 66 | break;\r | |
| 67 | }\r | |
| 68 | } while (0);\r | |
| 69 | if (!$ok) {\r | |
| 70 | continue;\r | |
| 71 | }\r | |
| 72 | // inefficient call, since the validator will do this again\r | |
| 73 | if (strtolower(trim($value)) !== 'inherit') {\r | |
| 74 | // inherit works for everything (but only on the base property)\r | |
| 75 | $result = $definition->info[$property]->validate(\r | |
| 76 | $value,\r | |
| 77 | $config,\r | |
| 78 | $context\r | |
| 79 | );\r | |
| 80 | } else {\r | |
| 81 | $result = 'inherit';\r | |
| 82 | }\r | |
| 83 | if ($result === false) {\r | |
| 84 | continue;\r | |
| 85 | }\r | |
| 86 | $propvalues[$property] = $result;\r | |
| 87 | }\r | |
| 88 | \r | |
| 89 | $context->destroy('CurrentCSSProperty');\r | |
| 90 | \r | |
| 91 | // procedure does not write the new CSS simultaneously, so it's\r | |
| 92 | // slightly inefficient, but it's the only way of getting rid of\r | |
| 93 | // duplicates. Perhaps config to optimize it, but not now.\r | |
| 94 | \r | |
| 95 | $new_declarations = '';\r | |
| 96 | foreach ($propvalues as $prop => $value) {\r | |
| 97 | $new_declarations .= "$prop:$value;";\r | |
| 98 | }\r | |
| 99 | \r | |
| 100 | return $new_declarations ? $new_declarations : false;\r | |
| 101 | \r | |
| 102 | }\r | |
| 103 | \r | |
| 104 | }\r | |
| 105 | \r | |
| 106 | // vim: et sw=4 sts=4\r |