|
|
|
@ -436,7 +436,7 @@ abstract class AbstractSanitizer { |
|
|
|
// only use the namespace if it's a string |
|
|
|
$ns = $el['namespace']; |
|
|
|
} else { |
|
|
|
// ignore any other value for the namespace |
|
|
|
// ignore any other value for the namespace (this is invalid) |
|
|
|
continue; |
|
|
|
} |
|
|
|
} |
|
|
|
@ -454,7 +454,71 @@ abstract class AbstractSanitizer { |
|
|
|
} |
|
|
|
// continue with attribute lists |
|
|
|
foreach (["allowAttributes", "dropAttributes"] as $opt) { |
|
|
|
// TODO |
|
|
|
if (isset($config[$opt]) && is_array($config[$opt])) { |
|
|
|
foreach ($config[$opt] as $attr) { |
|
|
|
if (is_array($attr) && strlen($attr['name'] ?? "" && isset($attr['elements']))) { |
|
|
|
$name = $attr['name']; |
|
|
|
if (!isset($attr['namespace'])) { |
|
|
|
// the null namespace is assumed |
|
|
|
$ns = self::NULL_NAMESPACE; |
|
|
|
} elseif (is_string($attr['namespace'])) { |
|
|
|
// only use the namespace if it's a string |
|
|
|
$ns = $attr['namespace']; |
|
|
|
} else { |
|
|
|
// ignore any other value for the namespace (this is invalid) |
|
|
|
continue; |
|
|
|
} |
|
|
|
// now check the list of elements |
|
|
|
if ($attr['elements'] === "*") { |
|
|
|
// the special string "*" means any element |
|
|
|
$list = "*"; |
|
|
|
} elseif (is_array($attr['elements'])) { |
|
|
|
// otherwise the element list is like the element lists handled above |
|
|
|
$list = []; |
|
|
|
foreach ($attr['elements'] as $el) { |
|
|
|
if (is_string($el) && strlen($el)) { |
|
|
|
// strings are assumed to be in the HTML namespace |
|
|
|
$eNs = self::HTML_NAMESPACE; |
|
|
|
$eName = $el; |
|
|
|
} elseif (is_array($el) && strlen($el['name'] ?? "")) { |
|
|
|
$eName = $el['name']; |
|
|
|
if (!array_key_exists("namespace", $el)) { |
|
|
|
// the namespace key being missing means the HTML namespace |
|
|
|
$eNs = self::HTML_NAMESPACE; |
|
|
|
} elseif (!isset($el['namespace'])) { |
|
|
|
// the null namespace is also possible (but will never match in HTML documents) |
|
|
|
$eNs = self::NULL_NAMESPACE; |
|
|
|
} elseif (is_string($el['namespace'])) { |
|
|
|
// only use the namespace if it's a string |
|
|
|
$eNs = $el['namespace']; |
|
|
|
} else { |
|
|
|
// ignore any other value for the namespace (this is invalid) |
|
|
|
continue; |
|
|
|
} |
|
|
|
} |
|
|
|
// create any structures which might be missing |
|
|
|
if (!isset($list[$eNs])) { |
|
|
|
$list[$eNs] = []; |
|
|
|
} |
|
|
|
// add the element |
|
|
|
$list[$eNs][$eName] = true; |
|
|
|
} |
|
|
|
} else { |
|
|
|
// ignore any other value for the elements list (this is invalid) |
|
|
|
continue; |
|
|
|
} |
|
|
|
// create any structures which might be missing |
|
|
|
if (!isset($out[$opt])) { |
|
|
|
$out[$opt] = []; |
|
|
|
} |
|
|
|
if (!isset($out[$opt][$ns])) { |
|
|
|
$out[$opt][$ns] = []; |
|
|
|
} |
|
|
|
// add the attribute |
|
|
|
$out[$opt][$ns][$name] = $list; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
// finally handle the boolean options |
|
|
|
foreach (["allowCustomElements", "allowUnknownMarkup", "allowComments", "allowProcessingInstructions", "nullNamespaceAsHtml"] as $opt) { |
|
|
|
|
