3
require_once 'HTMLPurifier/AttrDef.php';
4
require_once 'HTMLPurifier/Config.php';
7
* Validates contents based on NMTOKENS attribute type.
8
* @note The only current use for this is the class attribute in HTML
9
* @note Could have some functionality factored out into Nmtoken class
10
* @warning We cannot assume this class will be used only for 'class'
11
* attributes. Not sure how to hook in magic behavior, then.
13
class HTMLPurifier_AttrDef_HTML_Nmtokens extends HTMLPurifier_AttrDef
16
function validate($string, $config, &$context) {
18
$string = trim($string);
20
// early abort: '' and '0' (strings that convert to false) are invalid
21
if (!$string) return false;
24
// do the preg_match, capture all subpatterns for reformulation
26
// we don't support U+00A1 and up codepoints or
27
// escaping because I don't know how to do that with regexps
28
// and plus it would complicate optimization efforts (you never
31
$pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
32
'((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'.
33
'(?:(?=\s)|\z)/'; // look ahead for space or string end
34
preg_match_all($pattern, $string, $matches);
36
if (empty($matches[1])) return false;
40
foreach ($matches[1] as $token) {
41
$new_string .= $token . ' ';
43
$new_string = rtrim($new_string);