lib/htmlpurifier/HTMLPurifier/Strategy/ValidateAttributes.php

   1 <?php
   2
   3 require_once 'HTMLPurifier/Strategy.php';
   4 require_once 'HTMLPurifier/HTMLDefinition.php';
   5 require_once 'HTMLPurifier/IDAccumulator.php';
   6
   7 require_once 'HTMLPurifier/AttrValidator.php';
   8
   9 HTMLPurifier_ConfigSchema::define(
  10     'Attr', 'IDBlacklist', array(), 'list',
  11     'Array of IDs not allowed in the document.');
  12
  13 /**
  14  * Validate all attributes in the tokens.
  15  */
  16
  17 class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
  18 {
  19
  20     function execute($tokens, $config, &$context) {
  21
  22         // setup id_accumulator context
  23         $id_accumulator = new HTMLPurifier_IDAccumulator();
  24         $id_accumulator->load($config->get('Attr', 'IDBlacklist'));
  25         $context->register('IDAccumulator', $id_accumulator);
  26
  27         // setup validator
  28         $validator = new HTMLPurifier_AttrValidator();
  29
  30         $token = false;
  31         $context->register('CurrentToken', $token);
  32
  33         foreach ($tokens as $key => $token) {
  34
  35             // only process tokens that have attributes,
  36             //   namely start and empty tags
  37             if ($token->type !== 'start' && $token->type !== 'empty') continue;
  38
  39             // skip tokens that are armored
  40             if (!empty($token->armor['ValidateAttributes'])) continue;
  41
  42             // note that we have no facilities here for removing tokens
  43             $validator->validateToken($token, $config, $context);
  44
  45             $tokens[$key] = $token; // for PHP 4
  46         }
  47
  48         $context->destroy('IDAccumulator');
  49         $context->destroy('CurrentToken');
  50
  51         return $tokens;
  52     }
  53
  54 }
  55