mirror of
https://github.com/smogon/pokemon-showdown-client.git
synced 2026-03-23 02:25:43 -05:00
2105dc8e57
Closes #1567 The main reason I'm not simply merging Annika's PR is because this way makes it clearer that I'm taking responsibility for all this code, that it's mostly code I wrote, and also because it makes it easier to ensure that none of the files have been changed. (Not that I don't personally trust Annika, but I have something resembling an obligation to users not to expose them to risks based on personal trust.)
35 lines
1.2 KiB
PHP
35 lines
1.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Implements special behavior for class attribute (normally NMTOKENS)
|
|
*/
|
|
class HTMLPurifier_AttrDef_HTML_Class extends HTMLPurifier_AttrDef_HTML_Nmtokens
|
|
{
|
|
protected function split($string, $config, $context) {
|
|
// really, this twiddle should be lazy loaded
|
|
$name = $config->getDefinition('HTML')->doctype->name;
|
|
if ($name == "XHTML 1.1" || $name == "XHTML 2.0") {
|
|
return parent::split($string, $config, $context);
|
|
} else {
|
|
return preg_split('/\s+/', $string);
|
|
}
|
|
}
|
|
protected function filter($tokens, $config, $context) {
|
|
$allowed = $config->get('Attr.AllowedClasses');
|
|
$forbidden = $config->get('Attr.ForbiddenClasses');
|
|
$ret = array();
|
|
foreach ($tokens as $token) {
|
|
if (
|
|
($allowed === null || isset($allowed[$token])) &&
|
|
!isset($forbidden[$token]) &&
|
|
// We need this O(n) check because of PHP's array
|
|
// implementation that casts -0 to 0.
|
|
!in_array($token, $ret, true)
|
|
) {
|
|
$ret[] = $token;
|
|
}
|
|
}
|
|
return $ret;
|
|
}
|
|
}
|