File indexing completed on 2024-12-22 05:36:18
0001 <?php 0002 0003 /** 0004 * Implements special behavior for class attribute (normally NMTOKENS) 0005 */ 0006 class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens 0007 { 0008 /** 0009 * @param string $string 0010 * @param HTMLPurifier_Config $config 0011 * @param HTMLPurifier_Context $context 0012 * @return bool|string 0013 */ 0014 protected function split($string, $config, $context) 0015 { 0016 // really, this twiddle should be lazy loaded 0017 $name = $config->getDefinition('HTML')->doctype->name; 0018 if ($name == "XHTML 1.1" || $name == "XHTML 2.0") { 0019 return parent::split($string, $config, $context); 0020 } else { 0021 return preg_split('/\s+/', $string); 0022 } 0023 } 0024 0025 /** 0026 * @param array $tokens 0027 * @param HTMLPurifier_Config $config 0028 * @param HTMLPurifier_Context $context 0029 * @return array 0030 */ 0031 protected function filter($tokens, $config, $context) 0032 { 0033 $allowed = $config->get('Attr.AllowedClasses'); 0034 $forbidden = $config->get('Attr.ForbiddenClasses'); 0035 $ret = array(); 0036 foreach ($tokens as $token) { 0037 if (($allowed === null || isset($allowed[$token])) && 0038 !isset($forbidden[$token]) && 0039 // We need this O(n) check because of PHP's array 0040 // implementation that casts -0 to 0. 0041 !in_array($token, $ret, true) 0042 ) { 0043 $ret[] = $token; 0044 } 0045 } 0046 return $ret; 0047 } 0048 }