[github/wallabag/wallabag.git] / inc / 3rdparty / htmlpurifier / HTMLPurifier / Filter / ExtractStyleBlocks.php

<?php\r
\r
// why is this a top level function? Because PHP 5.2.0 doesn't seem to\r
// understand how to interpret this filter if it's a static method.\r
// It's all really silly, but if we go this route it might be reasonable\r
// to coalesce all of these methods into one.\r
function htmlpurifier_filter_extractstyleblocks_muteerrorhandler()\r
{\r
}\r
\r
/**\r
 * This filter extracts <style> blocks from input HTML, cleans them up\r
 * using CSSTidy, and then places them in $purifier->context->get('StyleBlocks')\r
 * so they can be used elsewhere in the document.\r
 *\r
 * @note\r
 *      See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for\r
 *      sample usage.\r
 *\r
 * @note\r
 *      This filter can also be used on stylesheets not included in the\r
 *      document--something purists would probably prefer. Just directly\r
 *      call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS()\r
 */\r
class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter\r
{\r
    /**\r
     * @type string\r
     */\r
    public $name = 'ExtractStyleBlocks';\r
\r
    /**\r
     * @type array\r
     */\r
    private $_styleMatches = array();\r
\r
    /**\r
     * @type csstidy\r
     */\r
    private $_tidy;\r
\r
    /**\r
     * @type HTMLPurifier_AttrDef_HTML_ID\r
     */\r
    private $_id_attrdef;\r
\r
    /**\r
     * @type HTMLPurifier_AttrDef_CSS_Ident\r
     */\r
    private $_class_attrdef;\r
\r
    /**\r
     * @type HTMLPurifier_AttrDef_Enum\r
     */\r
    private $_enum_attrdef;\r
\r
    public function __construct()\r
    {\r
        $this->_tidy = new csstidy();\r
        $this->_tidy->set_cfg('lowercase_s', false);\r
        $this->_id_attrdef = new HTMLPurifier_AttrDef_HTML_ID(true);\r
        $this->_class_attrdef = new HTMLPurifier_AttrDef_CSS_Ident();\r
        $this->_enum_attrdef = new HTMLPurifier_AttrDef_Enum(\r
            array(\r
                'first-child',\r
                'link',\r
                'visited',\r
                'active',\r
                'hover',\r
                'focus'\r
            )\r
        );\r
    }\r
\r
    /**\r
     * Save the contents of CSS blocks to style matches\r
     * @param array $matches preg_replace style $matches array\r
     */\r
    protected function styleCallback($matches)\r
    {\r
        $this->_styleMatches[] = $matches[1];\r
    }\r
\r
    /**\r
     * Removes inline <style> tags from HTML, saves them for later use\r
     * @param string $html\r
     * @param HTMLPurifier_Config $config\r
     * @param HTMLPurifier_Context $context\r
     * @return string\r
     * @todo Extend to indicate non-text/css style blocks\r
     */\r
    public function preFilter($html, $config, $context)\r
    {\r
        $tidy = $config->get('Filter.ExtractStyleBlocks.TidyImpl');\r
        if ($tidy !== null) {\r
            $this->_tidy = $tidy;\r
        }\r
        $html = preg_replace_callback('#<style(?:\s.*)?>(.+)</style>#isU', array($this, 'styleCallback'), $html);\r
        $style_blocks = $this->_styleMatches;\r
        $this->_styleMatches = array(); // reset\r
        $context->register('StyleBlocks', $style_blocks); // $context must not be reused\r
        if ($this->_tidy) {\r
            foreach ($style_blocks as &$style) {\r
                $style = $this->cleanCSS($style, $config, $context);\r
            }\r
        }\r
        return $html;\r
    }\r
\r
    /**\r
     * Takes CSS (the stuff found in <style>) and cleans it.\r
     * @warning Requires CSSTidy <http://csstidy.sourceforge.net/>\r
     * @param string $css CSS styling to clean\r
     * @param HTMLPurifier_Config $config\r
     * @param HTMLPurifier_Context $context\r
     * @throws HTMLPurifier_Exception\r
     * @return string Cleaned CSS\r
     */\r
    public function cleanCSS($css, $config, $context)\r
    {\r
        // prepare scope\r
        $scope = $config->get('Filter.ExtractStyleBlocks.Scope');\r
        if ($scope !== null) {\r
            $scopes = array_map('trim', explode(',', $scope));\r
        } else {\r
            $scopes = array();\r
        }\r
        // remove comments from CSS\r
        $css = trim($css);\r
        if (strncmp('<!--', $css, 4) === 0) {\r
            $css = substr($css, 4);\r
        }\r
        if (strlen($css) > 3 && substr($css, -3) == '-->') {\r
            $css = substr($css, 0, -3);\r
        }\r
        $css = trim($css);\r
        set_error_handler('htmlpurifier_filter_extractstyleblocks_muteerrorhandler');\r
        $this->_tidy->parse($css);\r
        restore_error_handler();\r
        $css_definition = $config->getDefinition('CSS');\r
        $html_definition = $config->getDefinition('HTML');\r
        $new_css = array();\r
        foreach ($this->_tidy->css as $k => $decls) {\r
            // $decls are all CSS declarations inside an @ selector\r
            $new_decls = array();\r
            foreach ($decls as $selector => $style) {\r
                $selector = trim($selector);\r
                if ($selector === '') {\r
                    continue;\r
                } // should not happen\r
                // Parse the selector\r
                // Here is the relevant part of the CSS grammar:\r
                //\r
                // ruleset\r
                //   : selector [ ',' S* selector ]* '{' ...\r
                // selector\r
                //   : simple_selector [ combinator selector | S+ [ combinator? selector ]? ]?\r
                // combinator\r
                //   : '+' S*\r
                //   : '>' S*\r
                // simple_selector\r
                //   : element_name [ HASH | class | attrib | pseudo ]*\r
                //   | [ HASH | class | attrib | pseudo ]+\r
                // element_name\r
                //   : IDENT | '*'\r
                //   ;\r
                // class\r
                //   : '.' IDENT\r
                //   ;\r
                // attrib\r
                //   : '[' S* IDENT S* [ [ '=' | INCLUDES | DASHMATCH ] S*\r
                //     [ IDENT | STRING ] S* ]? ']'\r
                //   ;\r
                // pseudo\r
                //   : ':' [ IDENT | FUNCTION S* [IDENT S*]? ')' ]\r
                //   ;\r
                //\r
                // For reference, here are the relevant tokens:\r
                //\r
                // HASH         #{name}\r
                // IDENT        {ident}\r
                // INCLUDES     ==\r
                // DASHMATCH    |=\r
                // STRING       {string}\r
                // FUNCTION     {ident}\(\r
                //\r
                // And the lexical scanner tokens\r
                //\r
                // name         {nmchar}+\r
                // nmchar       [_a-z0-9-]|{nonascii}|{escape}\r
                // nonascii     [\240-\377]\r
                // escape       {unicode}|\\[^\r\n\f0-9a-f]\r
                // unicode      \\{h}}{1,6}(\r\n|[ \t\r\n\f])?\r
                // ident        -?{nmstart}{nmchar*}\r
                // nmstart      [_a-z]|{nonascii}|{escape}\r
                // string       {string1}|{string2}\r
                // string1      \"([^\n\r\f\\"]|\\{nl}|{escape})*\"\r
                // string2      \'([^\n\r\f\\"]|\\{nl}|{escape})*\'\r
                //\r
                // We'll implement a subset (in order to reduce attack\r
                // surface); in particular:\r
                //\r
                //      - No Unicode support\r
                //      - No escapes support\r
                //      - No string support (by proxy no attrib support)\r
                //      - element_name is matched against allowed\r
                //        elements (some people might find this\r
                //        annoying...)\r
                //      - Pseudo-elements one of :first-child, :link,\r
                //        :visited, :active, :hover, :focus\r
\r
                // handle ruleset\r
                $selectors = array_map('trim', explode(',', $selector));\r
                $new_selectors = array();\r
                foreach ($selectors as $sel) {\r
                    // split on +, > and spaces\r
                    $basic_selectors = preg_split('/\s*([+> ])\s*/', $sel, -1, PREG_SPLIT_DELIM_CAPTURE);\r
                    // even indices are chunks, odd indices are\r
                    // delimiters\r
                    $nsel = null;\r
                    $delim = null; // guaranteed to be non-null after\r
                    // two loop iterations\r
                    for ($i = 0, $c = count($basic_selectors); $i < $c; $i++) {\r
                        $x = $basic_selectors[$i];\r
                        if ($i % 2) {\r
                            // delimiter\r
                            if ($x === ' ') {\r
                                $delim = ' ';\r
                            } else {\r
                                $delim = ' ' . $x . ' ';\r
                            }\r
                        } else {\r
                            // simple selector\r
                            $components = preg_split('/([#.:])/', $x, -1, PREG_SPLIT_DELIM_CAPTURE);\r
                            $sdelim = null;\r
                            $nx = null;\r
                            for ($j = 0, $cc = count($components); $j < $cc; $j++) {\r
                                $y = $components[$j];\r
                                if ($j === 0) {\r
                                    if ($y === '*' || isset($html_definition->info[$y = strtolower($y)])) {\r
                                        $nx = $y;\r
                                    } else {\r
                                        // $nx stays null; this matters\r
                                        // if we don't manage to find\r
                                        // any valid selector content,\r
                                        // in which case we ignore the\r
                                        // outer $delim\r
                                    }\r
                                } elseif ($j % 2) {\r
                                    // set delimiter\r
                                    $sdelim = $y;\r
                                } else {\r
                                    $attrdef = null;\r
                                    if ($sdelim === '#') {\r
                                        $attrdef = $this->_id_attrdef;\r
                                    } elseif ($sdelim === '.') {\r
                                        $attrdef = $this->_class_attrdef;\r
                                    } elseif ($sdelim === ':') {\r
                                        $attrdef = $this->_enum_attrdef;\r
                                    } else {\r
                                        throw new HTMLPurifier_Exception('broken invariant sdelim and preg_split');\r
                                    }\r
                                    $r = $attrdef->validate($y, $config, $context);\r
                                    if ($r !== false) {\r
                                        if ($r !== true) {\r
                                            $y = $r;\r
                                        }\r
                                        if ($nx === null) {\r
                                            $nx = '';\r
                                        }\r
                                        $nx .= $sdelim . $y;\r
                                    }\r
                                }\r
                            }\r
                            if ($nx !== null) {\r
                                if ($nsel === null) {\r
                                    $nsel = $nx;\r
                                } else {\r
                                    $nsel .= $delim . $nx;\r
                                }\r
                            } else {\r
                                // delimiters to the left of invalid\r
                                // basic selector ignored\r
                            }\r
                        }\r
                    }\r
                    if ($nsel !== null) {\r
                        if (!empty($scopes)) {\r
                            foreach ($scopes as $s) {\r
                                $new_selectors[] = "$s $nsel";\r
                            }\r
                        } else {\r
                            $new_selectors[] = $nsel;\r
                        }\r
                    }\r
                }\r
                if (empty($new_selectors)) {\r
                    continue;\r
                }\r
                $selector = implode(', ', $new_selectors);\r
                foreach ($style as $name => $value) {\r
                    if (!isset($css_definition->info[$name])) {\r
                        unset($style[$name]);\r
                        continue;\r
                    }\r
                    $def = $css_definition->info[$name];\r
                    $ret = $def->validate($value, $config, $context);\r
                    if ($ret === false) {\r
                        unset($style[$name]);\r
                    } else {\r
                        $style[$name] = $ret;\r
                    }\r
                }\r
                $new_decls[$selector] = $style;\r
            }\r
            $new_css[$k] = $new_decls;\r
        }\r
        // remove stuff that shouldn't be used, could be reenabled\r
        // after security risks are analyzed\r
        $this->_tidy->css = $new_css;\r
        $this->_tidy->import = array();\r
        $this->_tidy->charset = null;\r
        $this->_tidy->namespace = null;\r
        $css = $this->_tidy->print->plain();\r
        // we are going to escape any special characters <>& to ensure\r
        // that no funny business occurs (i.e. </style> in a font-family prop).\r
        if ($config->get('Filter.ExtractStyleBlocks.Escaping')) {\r
            $css = str_replace(\r
                array('<', '>', '&'),\r
                array('\3C ', '\3E ', '\26 '),\r
                $css\r
            );\r
        }\r
        return $css;\r
    }\r
}\r
\r
// vim: et sw=4 sts=4\r
Commit	Line	Data
d4949327 NL	1	<?php\r
	2	\r
	3	// why is this a top level function? Because PHP 5.2.0 doesn't seem to\r
	4	// understand how to interpret this filter if it's a static method.\r
	5	// It's all really silly, but if we go this route it might be reasonable\r
	6	// to coalesce all of these methods into one.\r
	7	function htmlpurifier_filter_extractstyleblocks_muteerrorhandler()\r
	8	{\r
	9	}\r
	10	\r
	11	/**\r
	12	* This filter extracts <style> blocks from input HTML, cleans them up\r
	13	* using CSSTidy, and then places them in $purifier->context->get('StyleBlocks')\r
	14	* so they can be used elsewhere in the document.\r
	15	*\r
	16	* @note\r
	17	* See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for\r
	18	* sample usage.\r
	19	*\r
	20	* @note\r
	21	* This filter can also be used on stylesheets not included in the\r
	22	* document--something purists would probably prefer. Just directly\r
	23	* call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS()\r
	24	*/\r
	25	class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter\r
	26	{\r
	27	/**\r
	28	* @type string\r
	29	*/\r
	30	public $name = 'ExtractStyleBlocks';\r
	31	\r
	32	/**\r
	33	* @type array\r
	34	*/\r
	35	private $_styleMatches = array();\r
	36	\r
	37	/**\r
	38	* @type csstidy\r
	39	*/\r
	40	private $_tidy;\r
	41	\r
	42	/**\r
	43	* @type HTMLPurifier_AttrDef_HTML_ID\r
	44	*/\r
	45	private $_id_attrdef;\r
	46	\r
	47	/**\r
	48	* @type HTMLPurifier_AttrDef_CSS_Ident\r
	49	*/\r
	50	private $_class_attrdef;\r
	51	\r
	52	/**\r
	53	* @type HTMLPurifier_AttrDef_Enum\r
	54	*/\r
	55	private $_enum_attrdef;\r
	56	\r
	57	public function __construct()\r
	58	{\r
	59	$this->_tidy = new csstidy();\r
	60	$this->_tidy->set_cfg('lowercase_s', false);\r
	61	$this->_id_attrdef = new HTMLPurifier_AttrDef_HTML_ID(true);\r
	62	$this->_class_attrdef = new HTMLPurifier_AttrDef_CSS_Ident();\r
	63	$this->_enum_attrdef = new HTMLPurifier_AttrDef_Enum(\r
	64	array(\r
65	'first-child',\r
66	'link',\r
67	'visited',\r
68	'active',\r
69	'hover',\r
70	'focus'\r
71	)\r
72	);\r
73	}\r
74	\r
75	/**\r
76	* Save the contents of CSS blocks to style matches\r
77	* @param array $matches preg_replace style $matches array\r
78	*/\r
79	protected function styleCallback($matches)\r
80	{\r
81	$this->_styleMatches[] = $matches[1];\r
82	}\r
83	\r
84	/**\r
85	* Removes inline <style> tags from HTML, saves them for later use\r
86	* @param string $html\r
87	* @param HTMLPurifier_Config $config\r
88	* @param HTMLPurifier_Context $context\r
89	* @return string\r
90	* @todo Extend to indicate non-text/css style blocks\r
91	*/\r
92	public function preFilter($html, $config, $context)\r
93	{\r
94	$tidy = $config->get('Filter.ExtractStyleBlocks.TidyImpl');\r
95	if ($tidy !== null) {\r
96	$this->_tidy = $tidy;\r
97	}\r
98	$html = preg_replace_callback('#<style(?:\s.*)?>(.+)</style>#isU', array($this, 'styleCallback'), $html);\r
99	$style_blocks = $this->_styleMatches;\r
100	$this->_styleMatches = array(); // reset\r
101	$context->register('StyleBlocks', $style_blocks); // $context must not be reused\r
102	if ($this->_tidy) {\r
103	foreach ($style_blocks as &$style) {\r
104	$style = $this->cleanCSS($style, $config, $context);\r
105	}\r
106	}\r
107	return $html;\r
108	}\r
109	\r
110	/**\r
111	* Takes CSS (the stuff found in <style>) and cleans it.\r
112	* @warning Requires CSSTidy <http://csstidy.sourceforge.net/>\r
113	* @param string $css CSS styling to clean\r
114	* @param HTMLPurifier_Config $config\r
115	* @param HTMLPurifier_Context $context\r
116	* @throws HTMLPurifier_Exception\r
117	* @return string Cleaned CSS\r
118	*/\r
119	public function cleanCSS($css, $config, $context)\r
120	{\r
121	// prepare scope\r
122	$scope = $config->get('Filter.ExtractStyleBlocks.Scope');\r
123	if ($scope !== null) {\r
124	$scopes = array_map('trim', explode(',', $scope));\r
125	} else {\r
126	$scopes = array();\r
127	}\r
128	// remove comments from CSS\r
129	$css = trim($css);\r
130	if (strncmp('<!--', $css, 4) === 0) {\r
131	$css = substr($css, 4);\r
132	}\r
133	if (strlen($css) > 3 && substr($css, -3) == '-->') {\r
134	$css = substr($css, 0, -3);\r
135	}\r
136	$css = trim($css);\r
137	set_error_handler('htmlpurifier_filter_extractstyleblocks_muteerrorhandler');\r
138	$this->_tidy->parse($css);\r
139	restore_error_handler();\r
140	$css_definition = $config->getDefinition('CSS');\r
141	$html_definition = $config->getDefinition('HTML');\r
142	$new_css = array();\r
143	foreach ($this->_tidy->css as $k => $decls) {\r
144	// $decls are all CSS declarations inside an @ selector\r
145	$new_decls = array();\r
146	foreach ($decls as $selector => $style) {\r
147	$selector = trim($selector);\r
148	if ($selector === '') {\r
149	continue;\r
150	} // should not happen\r
151	// Parse the selector\r
152	// Here is the relevant part of the CSS grammar:\r
153	//\r
154	// ruleset\r
155	// : selector [ ',' S* selector ]* '{' ...\r
156	// selector\r
157	// : simple_selector [ combinator selector \| S+ [ combinator? selector ]? ]?\r
158	// combinator\r
159	// : '+' S*\r
160	// : '>' S*\r
161	// simple_selector\r
162	// : element_name [ HASH \| class \| attrib \| pseudo ]*\r
163	// \| [ HASH \| class \| attrib \| pseudo ]+\r
164	// element_name\r
165	// : IDENT \| '*'\r
166	// ;\r
167	// class\r
168	// : '.' IDENT\r
169	// ;\r
170	// attrib\r
171	// : '[' S* IDENT S* [ [ '=' \| INCLUDES \| DASHMATCH ] S*\r
172	// [ IDENT \| STRING ] S* ]? ']'\r
173	// ;\r
174	// pseudo\r
175	// : ':' [ IDENT \| FUNCTION S* [IDENT S*]? ')' ]\r
176	// ;\r
177	//\r
178	// For reference, here are the relevant tokens:\r
179	//\r
180	// HASH #{name}\r
181	// IDENT {ident}\r
182	// INCLUDES ==\r
183	// DASHMATCH \|=\r
184	// STRING {string}\r
185	// FUNCTION {ident}\(\r
186	//\r
187	// And the lexical scanner tokens\r
188	//\r
189	// name {nmchar}+\r
190	// nmchar [_a-z0-9-]\|{nonascii}\|{escape}\r
191	// nonascii [\240-\377]\r
192	// escape {unicode}\|\\[^\r\n\f0-9a-f]\r
193	// unicode \\{h}}{1,6}(\r\n\|[ \t\r\n\f])?\r
194	// ident -?{nmstart}{nmchar*}\r
195	// nmstart [_a-z]\|{nonascii}\|{escape}\r
196	// string {string1}\|{string2}\r
197	// string1 \"([^\n\r\f\\"]\|\\{nl}\|{escape})*\"\r
198	// string2 \'([^\n\r\f\\"]\|\\{nl}\|{escape})*\'\r
199	//\r
200	// We'll implement a subset (in order to reduce attack\r
201	// surface); in particular:\r
202	//\r
203	// - No Unicode support\r
204	// - No escapes support\r
205	// - No string support (by proxy no attrib support)\r
206	// - element_name is matched against allowed\r
207	// elements (some people might find this\r
208	// annoying...)\r
209	// - Pseudo-elements one of :first-child, :link,\r
210	// :visited, :active, :hover, :focus\r
211	\r
212	// handle ruleset\r
213	$selectors = array_map('trim', explode(',', $selector));\r
214	$new_selectors = array();\r
215	foreach ($selectors as $sel) {\r
216	// split on +, > and spaces\r
217	$basic_selectors = preg_split('/\s([+> ])\s/', $sel, -1, PREG_SPLIT_DELIM_CAPTURE);\r
218	// even indices are chunks, odd indices are\r
219	// delimiters\r
220	$nsel = null;\r
221	$delim = null; // guaranteed to be non-null after\r
222	// two loop iterations\r
223	for ($i = 0, $c = count($basic_selectors); $i < $c; $i++) {\r
224	$x = $basic_selectors[$i];\r
225	if ($i % 2) {\r
226	// delimiter\r
227	if ($x === ' ') {\r
228	$delim = ' ';\r
229	} else {\r
230	$delim = ' ' . $x . ' ';\r
231	}\r
232	} else {\r
233	// simple selector\r
234	$components = preg_split('/([#.:])/', $x, -1, PREG_SPLIT_DELIM_CAPTURE);\r
235	$sdelim = null;\r
236	$nx = null;\r
237	for ($j = 0, $cc = count($components); $j < $cc; $j++) {\r
238	$y = $components[$j];\r
239	if ($j === 0) {\r
240	if ($y === '*' \|\| isset($html_definition->info[$y = strtolower($y)])) {\r
241	$nx = $y;\r
242	} else {\r
243	// $nx stays null; this matters\r
244	// if we don't manage to find\r
245	// any valid selector content,\r
246	// in which case we ignore the\r
247	// outer $delim\r
248	}\r
249	} elseif ($j % 2) {\r
250	// set delimiter\r
251	$sdelim = $y;\r
252	} else {\r
253	$attrdef = null;\r
254	if ($sdelim === '#') {\r
255	$attrdef = $this->_id_attrdef;\r
256	} elseif ($sdelim === '.') {\r
257	$attrdef = $this->_class_attrdef;\r
258	} elseif ($sdelim === ':') {\r
259	$attrdef = $this->_enum_attrdef;\r
260	} else {\r
261	throw new HTMLPurifier_Exception('broken invariant sdelim and preg_split');\r
262	}\r
263	$r = $attrdef->validate($y, $config, $context);\r
264	if ($r !== false) {\r
265	if ($r !== true) {\r
266	$y = $r;\r
267	}\r
268	if ($nx === null) {\r
269	$nx = '';\r
270	}\r
271	$nx .= $sdelim . $y;\r
272	}\r
273	}\r
274	}\r
275	if ($nx !== null) {\r
276	if ($nsel === null) {\r
277	$nsel = $nx;\r
278	} else {\r
279	$nsel .= $delim . $nx;\r
280	}\r
281	} else {\r
282	// delimiters to the left of invalid\r
283	// basic selector ignored\r
284	}\r
285	}\r
286	}\r
287	if ($nsel !== null) {\r
288	if (!empty($scopes)) {\r
289	foreach ($scopes as $s) {\r
290	$new_selectors[] = "$s $nsel";\r
291	}\r
292	} else {\r
293	$new_selectors[] = $nsel;\r
294	}\r
295	}\r
296	}\r
297	if (empty($new_selectors)) {\r
298	continue;\r
299	}\r
300	$selector = implode(', ', $new_selectors);\r
301	foreach ($style as $name => $value) {\r
302	if (!isset($css_definition->info[$name])) {\r
303	unset($style[$name]);\r
304	continue;\r
305	}\r
306	$def = $css_definition->info[$name];\r
307	$ret = $def->validate($value, $config, $context);\r
308	if ($ret === false) {\r
309	unset($style[$name]);\r
310	} else {\r
311	$style[$name] = $ret;\r
312	}\r
313	}\r
314	$new_decls[$selector] = $style;\r
315	}\r
316	$new_css[$k] = $new_decls;\r
317	}\r
318	// remove stuff that shouldn't be used, could be reenabled\r
319	// after security risks are analyzed\r
320	$this->_tidy->css = $new_css;\r
321	$this->_tidy->import = array();\r
322	$this->_tidy->charset = null;\r
323	$this->_tidy->namespace = null;\r
324	$css = $this->_tidy->print->plain();\r
325	// we are going to escape any special characters <>& to ensure\r
326	// that no funny business occurs (i.e. </style> in a font-family prop).\r
327	if ($config->get('Filter.ExtractStyleBlocks.Escaping')) {\r
328	$css = str_replace(\r
329	array('<', '>', '&'),\r
330	array('\3C ', '\3E ', '\26 '),\r
331	$css\r
332	);\r
333	}\r
334	return $css;\r
335	}\r
336	}\r
337	\r
338	// vim: et sw=4 sts=4\r