4 * This filter extracts <style> blocks from input HTML, cleans them up
5 * using CSSTidy, and then places them in $purifier->context->get('StyleBlocks')
6 * so they can be used elsewhere in the document.
9 * See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for
13 * This filter can also be used on stylesheets not included in the
14 * document--something purists would probably prefer. Just directly
15 * call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS()
17 class HTMLPurifier_Filter_ExtractStyleBlocks
extends HTMLPurifier_Filter
20 public $name = 'ExtractStyleBlocks';
21 private $_styleMatches = array();
24 public function __construct() {
25 $this->_tidy
= new csstidy();
29 * Save the contents of CSS blocks to style matches
30 * @param $matches preg_replace style $matches array
32 protected function styleCallback($matches) {
33 $this->_styleMatches
[] = $matches[1];
37 * Removes inline <style> tags from HTML, saves them for later use
38 * @todo Extend to indicate non-text/css style blocks
40 public function preFilter($html, $config, $context) {
41 $tidy = $config->get('Filter.ExtractStyleBlocks.TidyImpl');
42 if ($tidy !== null) $this->_tidy
= $tidy;
43 $html = preg_replace_callback('#<style(?:\s.*)?>(.+)</style>#isU', array($this, 'styleCallback'), $html);
44 $style_blocks = $this->_styleMatches
;
45 $this->_styleMatches
= array(); // reset
46 $context->register('StyleBlocks', $style_blocks); // $context must not be reused
48 foreach ($style_blocks as &$style) {
49 $style = $this->cleanCSS($style, $config, $context);
56 * Takes CSS (the stuff found in <style>) and cleans it.
57 * @warning Requires CSSTidy <http://csstidy.sourceforge.net/>
58 * @param $css CSS styling to clean
59 * @param $config Instance of HTMLPurifier_Config
60 * @param $context Instance of HTMLPurifier_Context
63 public function cleanCSS($css, $config, $context) {
65 $scope = $config->get('Filter.ExtractStyleBlocks.Scope');
66 if ($scope !== null) {
67 $scopes = array_map('trim', explode(',', $scope));
71 // remove comments from CSS
73 if (strncmp('<!--', $css, 4) === 0) {
74 $css = substr($css, 4);
76 if (strlen($css) > 3 && substr($css, -3) == '-->') {
77 $css = substr($css, 0, -3);
80 $this->_tidy
->parse($css);
81 $css_definition = $config->getDefinition('CSS');
82 foreach ($this->_tidy
->css
as $k => $decls) {
83 // $decls are all CSS declarations inside an @ selector
85 foreach ($decls as $selector => $style) {
86 $selector = trim($selector);
87 if ($selector === '') continue; // should not happen
88 if ($selector[0] === '+') {
89 if ($selector !== '' && $selector[0] === '+') continue;
91 if (!empty($scopes)) {
92 $new_selector = array(); // because multiple ones are possible
93 $selectors = array_map('trim', explode(',', $selector));
94 foreach ($scopes as $s1) {
95 foreach ($selectors as $s2) {
96 $new_selector[] = "$s1 $s2";
99 $selector = implode(', ', $new_selector); // now it's a string
101 foreach ($style as $name => $value) {
102 if (!isset($css_definition->info
[$name])) {
103 unset($style[$name]);
106 $def = $css_definition->info
[$name];
107 $ret = $def->validate($value, $config, $context);
108 if ($ret === false) unset($style[$name]);
109 else $style[$name] = $ret;
111 $new_decls[$selector] = $style;
113 $this->_tidy
->css
[$k] = $new_decls;
115 // remove stuff that shouldn't be used, could be reenabled
116 // after security risks are analyzed
117 $this->_tidy
->import
= array();
118 $this->_tidy
->charset
= null;
119 $this->_tidy
->namespace = null;
120 $css = $this->_tidy
->print->plain();
121 // we are going to escape any special characters <>& to ensure
122 // that no funny business occurs (i.e. </style> in a font-family prop).
123 if ($config->get('Filter.ExtractStyleBlocks.Escaping')) {
125 array('<', '>', '&'),
126 array('\3C ', '\3E ', '\26 '),
135 // vim: et sw=4 sts=4