aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php')
-rw-r--r--inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php106
1 files changed, 106 insertions, 0 deletions
diff --git a/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
new file mode 100644
index 00000000..81afcf96
--- /dev/null
+++ b/inc/3rdparty/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
@@ -0,0 +1,106 @@
1<?php
2
3/**
4 * Validates the HTML attribute style, otherwise known as CSS.
5 * @note We don't implement the whole CSS specification, so it might be
6 * difficult to reuse this component in the context of validating
7 * actual stylesheet declarations.
8 * @note If we were really serious about validating the CSS, we would
9 * tokenize the styles and then parse the tokens. Obviously, we
10 * are not doing that. Doing that could seriously harm performance,
11 * but would make these components a lot more viable for a CSS
12 * filtering solution.
13 */
14class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
15{
16
17 /**
18 * @param string $css
19 * @param HTMLPurifier_Config $config
20 * @param HTMLPurifier_Context $context
21 * @return bool|string
22 */
23 public function validate($css, $config, $context)
24 {
25 $css = $this->parseCDATA($css);
26
27 $definition = $config->getCSSDefinition();
28
29 // we're going to break the spec and explode by semicolons.
30 // This is because semicolon rarely appears in escaped form
31 // Doing this is generally flaky but fast
32 // IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
33 // for details
34
35 $declarations = explode(';', $css);
36 $propvalues = array();
37
38 /**
39 * Name of the current CSS property being validated.
40 */
41 $property = false;
42 $context->register('CurrentCSSProperty', $property);
43
44 foreach ($declarations as $declaration) {
45 if (!$declaration) {
46 continue;
47 }
48 if (!strpos($declaration, ':')) {
49 continue;
50 }
51 list($property, $value) = explode(':', $declaration, 2);
52 $property = trim($property);
53 $value = trim($value);
54 $ok = false;
55 do {
56 if (isset($definition->info[$property])) {
57 $ok = true;
58 break;
59 }
60 if (ctype_lower($property)) {
61 break;
62 }
63 $property = strtolower($property);
64 if (isset($definition->info[$property])) {
65 $ok = true;
66 break;
67 }
68 } while (0);
69 if (!$ok) {
70 continue;
71 }
72 // inefficient call, since the validator will do this again
73 if (strtolower(trim($value)) !== 'inherit') {
74 // inherit works for everything (but only on the base property)
75 $result = $definition->info[$property]->validate(
76 $value,
77 $config,
78 $context
79 );
80 } else {
81 $result = 'inherit';
82 }
83 if ($result === false) {
84 continue;
85 }
86 $propvalues[$property] = $result;
87 }
88
89 $context->destroy('CurrentCSSProperty');
90
91 // procedure does not write the new CSS simultaneously, so it's
92 // slightly inefficient, but it's the only way of getting rid of
93 // duplicates. Perhaps config to optimize it, but not now.
94
95 $new_declarations = '';
96 foreach ($propvalues as $prop => $value) {
97 $new_declarations .= "$prop:$value;";
98 }
99
100 return $new_declarations ? $new_declarations : false;
101
102 }
103
104}
105
106// vim: et sw=4 sts=4