You are here

Home » API reference » WYSIWYG Filter 6 » wysiwyg_filter.pages.inc

function _wysiwyg_filter_xss_split in WYSIWYG Filter 6

Same name and namespace in other branches
  1. 7 wysiwyg_filter.pages.inc \_wysiwyg_filter_xss_split()

Processes an HTML tag.

Parameters

$m: An array with various meaning depending on the value of $store. If $store is TRUE then the array contains the allowed tags. If $store is FALSE then the array has one element, the HTML tag to process.

$store: Whether to store $m.

Return value

If the element isn't allowed, an empty string. Otherwise, the cleaned up version of the HTML element.

1 call to _wysiwyg_filter_xss_split()
wysiwyg_filter_process in ./wysiwyg_filter.pages.inc
WYSIWYG Filter. Provides filtering of input into accepted HTML.
1 string reference to '_wysiwyg_filter_xss_split'
wysiwyg_filter_process in ./wysiwyg_filter.pages.inc
WYSIWYG Filter. Provides filtering of input into accepted HTML.

File

./wysiwyg_filter.pages.inc, line 78
User land code for the WYSIWYG Filter module.

Code

function _wysiwyg_filter_xss_split($m, $store = FALSE) {
  static $filter_options;
  if ($store) {
    _wysiwyg_filter_xss_attributes($filter_options = $m);
    return;
  }
  $string = $m[1];
  if (substr($string, 0, 1) != '<') {

    // We matched a lone ">" character
    return '&gt;';
  }
  else {
    if (strlen($string) == 1) {

      // We matched a lone "<" character
      return '&lt;';
    }
  }
  if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {

    // Seriously malformed
    return '';
  }
  $slash = trim($matches[1]);
  $elem = strtolower($matches[2]);
  $attrlist =& $matches[3];
  $comment =& $matches[4];
  if (!empty($comment)) {

    // Allow or disallow HTML comments.
    return !empty($filter_options['allow_comments']) ? $comment : '';
  }
  elseif (!isset($filter_options['valid_elements'][$elem])) {

    // Disallowed HTML element.
    return '';
  }
  if ($slash != '') {
    return "</{$elem}>";
  }

  // Is there a closing XHTML slash at the end of the attributes?
  // In PHP 5.1.0+ we could count the changes, currently we need a separate match
  $xhtml_slash = preg_match('%\\s?/\\s*$%', $attrlist) ? ' /' : '';
  $attrlist = preg_replace('%(\\s?)/\\s*$%', '\\1', $attrlist);

  // Clean up attributes
  if (($attr2 = _wysiwyg_filter_xss_attributes($attrlist, $elem)) === FALSE) {

    // Disallowed HTML element because it does not contain required attribute.
    return '';
  }
  $attr2 = implode(' ', $attr2);
  $attr2 = preg_replace('/[<>]/', '', $attr2);
  $attr2 = strlen($attr2) ? ' ' . $attr2 : '';
  return "<{$elem}{$attr2}{$xhtml_slash}>";
}