mirror of
https://github.com/smogon/pokemon-showdown-client.git
synced 2026-03-22 10:05:46 -05:00
2105dc8e57
Closes #1567 The main reason I'm not simply merging Annika's PR is because this way makes it clearer that I'm taking responsibility for all this code, that it's mostly code I wrote, and also because it makes it easier to ensure that none of the files have been changed. (Not that I don't personally trust Annika, but I have something resembling an obligation to users not to expose them to risks based on personal trust.)
40 lines
1.0 KiB
PHP
40 lines
1.0 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Validate all attributes in the tokens.
|
|
*/
|
|
|
|
class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
|
|
{
|
|
|
|
public function execute($tokens, $config, $context) {
|
|
|
|
// setup validator
|
|
$validator = new HTMLPurifier_AttrValidator();
|
|
|
|
$token = false;
|
|
$context->register('CurrentToken', $token);
|
|
|
|
foreach ($tokens as $key => $token) {
|
|
|
|
// only process tokens that have attributes,
|
|
// namely start and empty tags
|
|
if (!$token instanceof HTMLPurifier_Token_Start && !$token instanceof HTMLPurifier_Token_Empty) continue;
|
|
|
|
// skip tokens that are armored
|
|
if (!empty($token->armor['ValidateAttributes'])) continue;
|
|
|
|
// note that we have no facilities here for removing tokens
|
|
$validator->validateToken($token, $config, $context);
|
|
|
|
$tokens[$key] = $token; // for PHP 4
|
|
}
|
|
$context->destroy('CurrentToken');
|
|
|
|
return $tokens;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|