3 require_once 'HTMLPurifier/AttrDef.php';
4 require_once 'HTMLPurifier/Config.php';
7 * Validates contents based on NMTOKENS attribute type.
8 * @note The only current use for this is the class attribute in HTML
9 * @note Could have some functionality factored out into Nmtoken class
10 * @warning We cannot assume this class will be used only for 'class'
11 * attributes. Not sure how to hook in magic behavior, then.
13 class HTMLPurifier_AttrDef_HTML_Nmtokens
extends HTMLPurifier_AttrDef
16 function validate($string, $config, &$context) {
18 $string = trim($string);
20 // early abort: '' and '0' (strings that convert to false) are invalid
21 if (!$string) return false;
24 // do the preg_match, capture all subpatterns for reformulation
26 // we don't support U+00A1 and up codepoints or
27 // escaping because I don't know how to do that with regexps
28 // and plus it would complicate optimization efforts (you never
31 $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
32 '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'.
33 '(?:(?=\s)|\z)/'; // look ahead for space or string end
34 preg_match_all($pattern, $string, $matches);
36 if (empty($matches[1])) return false;
40 foreach ($matches[1] as $token) {
41 $new_string .= $token . ' ';
43 $new_string = rtrim($new_string);