[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / AttrDef.php

<?php\r
\r
/**\r
 * Base class for all validating attribute definitions.\r
 *\r
 * This family of classes forms the core for not only HTML attribute validation,\r
 * but also any sort of string that needs to be validated or cleaned (which\r
 * means CSS properties and composite definitions are defined here too).\r
 * Besides defining (through code) what precisely makes the string valid,\r
 * subclasses are also responsible for cleaning the code if possible.\r
 */\r
\r
abstract class HTMLPurifier_AttrDef\r
{\r
\r
    /**\r
     * Tells us whether or not an HTML attribute is minimized.\r
     * Has no meaning in other contexts.\r
     * @type bool\r
     */\r
    public $minimized = false;\r
\r
    /**\r
     * Tells us whether or not an HTML attribute is required.\r
     * Has no meaning in other contexts\r
     * @type bool\r
     */\r
    public $required = false;\r
\r
    /**\r
     * Validates and cleans passed string according to a definition.\r
     *\r
     * @param string $string String to be validated and cleaned.\r
     * @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.\r
     * @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object.\r
     */\r
    abstract public function validate($string, $config, $context);\r
\r
    /**\r
     * Convenience method that parses a string as if it were CDATA.\r
     *\r
     * This method process a string in the manner specified at\r
     * <http://www.w3.org/TR/html4/types.html#h-6.2> by removing\r
     * leading and trailing whitespace, ignoring line feeds, and replacing\r
     * carriage returns and tabs with spaces.  While most useful for HTML\r
     * attributes specified as CDATA, it can also be applied to most CSS\r
     * values.\r
     *\r
     * @note This method is not entirely standards compliant, as trim() removes\r
     *       more types of whitespace than specified in the spec. In practice,\r
     *       this is rarely a problem, as those extra characters usually have\r
     *       already been removed by HTMLPurifier_Encoder.\r
     *\r
     * @warning This processing is inconsistent with XML's whitespace handling\r
     *          as specified by section 3.3.3 and referenced XHTML 1.0 section\r
     *          4.7.  However, note that we are NOT necessarily\r
     *          parsing XML, thus, this behavior may still be correct. We\r
     *          assume that newlines have been normalized.\r
     */\r
    public function parseCDATA($string)\r
    {\r
        $string = trim($string);\r
        $string = str_replace(array("\n", "\t", "\r"), ' ', $string);\r
        return $string;\r
    }\r
\r
    /**\r
     * Factory method for creating this class from a string.\r
     * @param string $string String construction info\r
     * @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string\r
     */\r
    public function make($string)\r
    {\r
        // default implementation, return a flyweight of this object.\r
        // If $string has an effect on the returned object (i.e. you\r
        // need to overload this method), it is best\r
        // to clone or instantiate new copies. (Instantiation is safer.)\r
        return $this;\r
    }\r
\r
    /**\r
     * Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work\r
     * properly. THIS IS A HACK!\r
     * @param string $string a CSS colour definition\r
     * @return string\r
     */\r
    protected function mungeRgb($string)\r
    {\r
        return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);\r
    }\r
\r
    /**\r
     * Parses a possibly escaped CSS string and returns the "pure"\r
     * version of it.\r
     */\r
    protected function expandCSSEscape($string)\r
    {\r
        // flexibly parse it\r
        $ret = '';\r
        for ($i = 0, $c = strlen($string); $i < $c; $i++) {\r
            if ($string[$i] === '\\') {\r
                $i++;\r
                if ($i >= $c) {\r
                    $ret .= '\\';\r
                    break;\r
                }\r
                if (ctype_xdigit($string[$i])) {\r
                    $code = $string[$i];\r
                    for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {\r
                        if (!ctype_xdigit($string[$i])) {\r
                            break;\r
                        }\r
                        $code .= $string[$i];\r
                    }\r
                    // We have to be extremely careful when adding\r
                    // new characters, to make sure we're not breaking\r
                    // the encoding.\r
                    $char = HTMLPurifier_Encoder::unichr(hexdec($code));\r
                    if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {\r
                        continue;\r
                    }\r
                    $ret .= $char;\r
                    if ($i < $c && trim($string[$i]) !== '') {\r
                        $i--;\r
                    }\r
                    continue;\r
                }\r
                if ($string[$i] === "\n") {\r
                    continue;\r
                }\r
            }\r
            $ret .= $string[$i];\r
        }\r
        return $ret;\r
    }\r
}\r
\r
// vim: et sw=4 sts=4\r
Commit	Line	Data
d4949327 NL	1	<?php\r
	2	\r
	3	/**\r
	4	* Base class for all validating attribute definitions.\r
	5	*\r
	6	* This family of classes forms the core for not only HTML attribute validation,\r
	7	* but also any sort of string that needs to be validated or cleaned (which\r
	8	* means CSS properties and composite definitions are defined here too).\r
	9	* Besides defining (through code) what precisely makes the string valid,\r
	10	* subclasses are also responsible for cleaning the code if possible.\r
	11	*/\r
	12	\r
	13	abstract class HTMLPurifier_AttrDef\r
	14	{\r
	15	\r
	16	/**\r
	17	* Tells us whether or not an HTML attribute is minimized.\r
	18	* Has no meaning in other contexts.\r
	19	* @type bool\r
	20	*/\r
	21	public $minimized = false;\r
	22	\r
	23	/**\r
	24	* Tells us whether or not an HTML attribute is required.\r
	25	* Has no meaning in other contexts\r
	26	* @type bool\r
	27	*/\r
	28	public $required = false;\r
	29	\r
	30	/**\r
	31	* Validates and cleans passed string according to a definition.\r
	32	*\r
	33	* @param string $string String to be validated and cleaned.\r
	34	* @param HTMLPurifier_Config $config Mandatory HTMLPurifier_Config object.\r
	35	* @param HTMLPurifier_Context $context Mandatory HTMLPurifier_Context object.\r
	36	*/\r
	37	abstract public function validate($string, $config, $context);\r
	38	\r
	39	/**\r
	40	* Convenience method that parses a string as if it were CDATA.\r
	41	*\r
	42	* This method process a string in the manner specified at\r
	43	* <http://www.w3.org/TR/html4/types.html#h-6.2> by removing\r
	44	* leading and trailing whitespace, ignoring line feeds, and replacing\r
	45	* carriage returns and tabs with spaces. While most useful for HTML\r
	46	* attributes specified as CDATA, it can also be applied to most CSS\r
	47	* values.\r
	48	*\r
	49	* @note This method is not entirely standards compliant, as trim() removes\r
	50	* more types of whitespace than specified in the spec. In practice,\r
	51	* this is rarely a problem, as those extra characters usually have\r
	52	* already been removed by HTMLPurifier_Encoder.\r
	53	*\r
	54	* @warning This processing is inconsistent with XML's whitespace handling\r
	55	* as specified by section 3.3.3 and referenced XHTML 1.0 section\r
	56	* 4.7. However, note that we are NOT necessarily\r
	57	* parsing XML, thus, this behavior may still be correct. We\r
	58	* assume that newlines have been normalized.\r
	59	*/\r
	60	public function parseCDATA($string)\r
	61	{\r
	62	$string = trim($string);\r
	63	$string = str_replace(array("\n", "\t", "\r"), ' ', $string);\r
	64	return $string;\r
65	}\r
66	\r
67	/**\r
68	* Factory method for creating this class from a string.\r
69	* @param string $string String construction info\r
70	* @return HTMLPurifier_AttrDef Created AttrDef object corresponding to $string\r
71	*/\r
72	public function make($string)\r
73	{\r
74	// default implementation, return a flyweight of this object.\r
75	// If $string has an effect on the returned object (i.e. you\r
76	// need to overload this method), it is best\r
77	// to clone or instantiate new copies. (Instantiation is safer.)\r
78	return $this;\r
79	}\r
80	\r
81	/**\r
82	* Removes spaces from rgb(0, 0, 0) so that shorthand CSS properties work\r
83	* properly. THIS IS A HACK!\r
84	* @param string $string a CSS colour definition\r
85	* @return string\r
86	*/\r
87	protected function mungeRgb($string)\r
88	{\r
89	return preg_replace('/rgb\((\d+)\s,\s(\d+)\s,\s(\d+)\)/', 'rgb(\1,\2,\3)', $string);\r
90	}\r
91	\r
92	/**\r
93	* Parses a possibly escaped CSS string and returns the "pure"\r
94	* version of it.\r
95	*/\r
96	protected function expandCSSEscape($string)\r
97	{\r
98	// flexibly parse it\r
99	$ret = '';\r
100	for ($i = 0, $c = strlen($string); $i < $c; $i++) {\r
101	if ($string[$i] === '\\') {\r
102	$i++;\r
103	if ($i >= $c) {\r
104	$ret .= '\\';\r
105	break;\r
106	}\r
107	if (ctype_xdigit($string[$i])) {\r
108	$code = $string[$i];\r
109	for ($a = 1, $i++; $i < $c && $a < 6; $i++, $a++) {\r
110	if (!ctype_xdigit($string[$i])) {\r
111	break;\r
112	}\r
113	$code .= $string[$i];\r
114	}\r
115	// We have to be extremely careful when adding\r
116	// new characters, to make sure we're not breaking\r
117	// the encoding.\r
118	$char = HTMLPurifier_Encoder::unichr(hexdec($code));\r
119	if (HTMLPurifier_Encoder::cleanUTF8($char) === '') {\r
120	continue;\r
121	}\r
122	$ret .= $char;\r
123	if ($i < $c && trim($string[$i]) !== '') {\r
124	$i--;\r
125	}\r
126	continue;\r
127	}\r
128	if ($string[$i] === "\n") {\r
129	continue;\r
130	}\r
131	}\r
132	$ret .= $string[$i];\r
133	}\r
134	return $ret;\r
135	}\r
136	}\r
137	\r
138	// vim: et sw=4 sts=4\r