Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2025-08-05 05:37:49 +02:00 · 2009-05-25 21:55:44 -04:00
parent bf71c3f392
commit baf053b016
13 changed files with 98 additions and 22 deletions
--- a/library/HTMLPurifier/AttrDef/HTML/Class.php
+++ b/library/HTMLPurifier/AttrDef/HTML/Class.php
@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * Implements special behavior for class attribute (normally NMTOKENS)
+ */
+class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
+{
+    protected function filter($tokens, $config, $context) {
+        $allowed = $config->get('Attr.AllowedClasses');
+        $forbidden = $config->get('Attr.ForbiddenClasses');
+        $ret = array();
+        foreach ($tokens as $token) {
+            if (
+                ($allowed === null || isset($allowed[$token])) &&
+                !isset($forbidden[$token])
+            ) {
+                $ret[] = $token;
+            }
+        }
+        return $ret;
+    }
+}