friendica/vendor/ezyang/htmlpurifier/library/HTMLPurifier/AttrDef/CSS.php

107 lines
3.4 KiB
PHP
Raw Normal View History

2010-09-08 23:14:17 -04:00
<?php
/**
* Validates the HTML attribute style, otherwise known as CSS.
* @note We don't implement the whole CSS specification, so it might be
* difficult to reuse this component in the context of validating
* actual stylesheet declarations.
* @note If we were really serious about validating the CSS, we would
* tokenize the styles and then parse the tokens. Obviously, we
* are not doing that. Doing that could seriously harm performance,
* but would make these components a lot more viable for a CSS
* filtering solution.
*/
class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
{
2016-02-09 05:06:17 -05:00
/**
* @param string $css
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($css, $config, $context)
{
2010-09-08 23:14:17 -04:00
$css = $this->parseCDATA($css);
$definition = $config->getCSSDefinition();
// we're going to break the spec and explode by semicolons.
// This is because semicolon rarely appears in escaped form
// Doing this is generally flaky but fast
// IT MIGHT APPEAR IN URIs, see HTMLPurifier_AttrDef_CSSURI
// for details
$declarations = explode(';', $css);
$propvalues = array();
/**
* Name of the current CSS property being validated.
*/
$property = false;
$context->register('CurrentCSSProperty', $property);
foreach ($declarations as $declaration) {
2016-02-09 05:06:17 -05:00
if (!$declaration) {
continue;
}
if (!strpos($declaration, ':')) {
continue;
}
2010-09-08 23:14:17 -04:00
list($property, $value) = explode(':', $declaration, 2);
$property = trim($property);
2016-02-09 05:06:17 -05:00
$value = trim($value);
2010-09-08 23:14:17 -04:00
$ok = false;
do {
if (isset($definition->info[$property])) {
$ok = true;
break;
}
2016-02-09 05:06:17 -05:00
if (ctype_lower($property)) {
break;
}
2010-09-08 23:14:17 -04:00
$property = strtolower($property);
if (isset($definition->info[$property])) {
$ok = true;
break;
}
2016-02-09 05:06:17 -05:00
} while (0);
if (!$ok) {
continue;
}
2010-09-08 23:14:17 -04:00
// inefficient call, since the validator will do this again
if (strtolower(trim($value)) !== 'inherit') {
// inherit works for everything (but only on the base property)
$result = $definition->info[$property]->validate(
2016-02-09 05:06:17 -05:00
$value,
$config,
$context
);
2010-09-08 23:14:17 -04:00
} else {
$result = 'inherit';
}
2016-02-09 05:06:17 -05:00
if ($result === false) {
continue;
}
2010-09-08 23:14:17 -04:00
$propvalues[$property] = $result;
}
$context->destroy('CurrentCSSProperty');
// procedure does not write the new CSS simultaneously, so it's
// slightly inefficient, but it's the only way of getting rid of
// duplicates. Perhaps config to optimize it, but not now.
$new_declarations = '';
foreach ($propvalues as $prop => $value) {
$new_declarations .= "$prop:$value;";
}
return $new_declarations ? $new_declarations : false;
}
}
// vim: et sw=4 sts=4