Commit FontFamily implementation. It's a little flaky, but should be reasonable for 99% of all fonts.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@282 48356398-32a2-884e-a903-53898d9a118a
2025-07-31 19:30:21 +02:00 · 2006-08-16 17:25:25 +00:00
parent ad31107b1e
commit ed7e72f2e3
6 changed files with 90 additions and 1 deletions
--- a/library/HTMLPurifier/AttrDef/FontFamily.php
+++ b/library/HTMLPurifier/AttrDef/FontFamily.php
@@ -0,0 +1,59 @@
+<?php
+
+require_once 'HTMLPurifier/AttrDef.php';
+
+// whitelisting allowed fonts would be nice
+
+class HTMLPurifier_AttrDef_FontFamily extends HTMLPurifier_AttrDef
+{
+    
+    var $generic_names = array(
+        'serif' => true,
+        'sans-serif' => true,
+        'monospace' => true,
+        'fantasy' => true,
+        'cursive' => true
+    );
+    
+    function validate($string, $config, &$context) {
+        $string = $this->parseCDATA($string);
+        // assume that no font names contain commas in them
+        $fonts = explode(',', $string);
+        $final = '';
+        foreach($fonts as $font) {
+            $font = trim($font);
+            if ($font === '') continue;
+            // match a generic name
+            if (isset($this->generic_names[$font])) {
+                $final .= $font . ', ';
+                continue;
+            }
+            // match a quoted name
+            if ($font[0] === '"' || $font[0] === "'") {
+                $length = strlen($font);
+                if ($length <= 2) continue;
+                $quote = $font[0];
+                if ($font[$length - 1] !== $quote) continue;
+                $font = substr($font, 1, $length - 2);
+            }
+            // process font
+            if (ctype_alnum($font)) {
+                // very simple font, allow it in unharmed
+                $final .= $font . ', ';
+                continue;
+            }
+            $nospace = str_replace(array(' ', '.', '!'), '', $font);
+            if (ctype_alnum($nospace)) {
+                // font with spaces in it
+                $final .= "'$font', ";
+                continue;
+            }
+        }
+        $final = rtrim($final, ', ');
+        if ($final === '') return false;
+        return $final;
+    }
+    
+}
+
+?>
--- a/library/HTMLPurifier/CSSDefinition.php
+++ b/library/HTMLPurifier/CSSDefinition.php
@@ -7,6 +7,7 @@ require_once 'HTMLPurifier/AttrDef/CSSLength.php';
 require_once 'HTMLPurifier/AttrDef/Percentage.php';
 require_once 'HTMLPurifier/AttrDef/Multiple.php';
 require_once 'HTMLPurifier/AttrDef/TextDecoration.php';
+require_once 'HTMLPurifier/AttrDef/FontFamily.php';

 class HTMLPurifier_CSSDefinition
 {
@@ -143,6 +144,8 @@ class HTMLPurifier_CSSDefinition
        
        $this->info['text-decoration'] = new HTMLPurifier_AttrDef_TextDecoration();
        
+        $this->info['font-family'] = new HTMLPurifier_AttrDef_FontFamily();
+        
        // this could use specialized code
        $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
            array('normal', 'bold', 'bolder', 'lighter', '100', '200', '300',