|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
htmLawed 1.2.5, 24 September 2019 |
|
5
|
|
|
Copyright Santosh Patnaik |
|
6
|
|
|
Dual licensed with LGPL 3 and GPL 2+ |
|
7
|
|
|
A PHP Labware internal utility - www.bioinformatics.org/phplabware/internal_utilities/htmLawed |
|
8
|
|
|
|
|
9
|
|
|
See htmLawed_README.txt/htm |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
function htmLawed($t, $C = 1, $S = array()) { |
|
13
|
1731 |
|
$C = is_array($C) ? $C : array(); |
|
14
|
1731 |
|
if (!empty($C['valid_xhtml'])) { |
|
15
|
559 |
|
$C['elements'] = empty($C['elements']) ? '*-acronym-big-center-dir-font-isindex-s-strike-tt' : $C['elements']; |
|
16
|
559 |
|
$C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 2; |
|
17
|
559 |
|
$C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 2; |
|
18
|
|
|
} |
|
19
|
|
|
// config eles |
|
20
|
1731 |
|
$e = array('a' => 1, 'abbr' => 1, 'acronym' => 1, 'address' => 1, 'applet' => 1, 'area' => 1, 'article' => 1, 'aside' => 1, 'audio' => 1, 'b' => 1, 'bdi' => 1, 'bdo' => 1, 'big' => 1, 'blockquote' => 1, 'br' => 1, 'button' => 1, 'canvas' => 1, 'caption' => 1, 'center' => 1, 'cite' => 1, 'code' => 1, 'col' => 1, 'colgroup' => 1, 'command' => 1, 'data' => 1, 'datalist' => 1, 'dd' => 1, 'del' => 1, 'details' => 1, 'dfn' => 1, 'dir' => 1, 'div' => 1, 'dl' => 1, 'dt' => 1, 'em' => 1, 'embed' => 1, 'fieldset' => 1, 'figcaption' => 1, 'figure' => 1, 'font' => 1, 'footer' => 1, 'form' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'header' => 1, 'hgroup' => 1, 'hr' => 1, 'i' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'ins' => 1, 'isindex' => 1, 'kbd' => 1, 'keygen' => 1, 'label' => 1, 'legend' => 1, 'li' => 1, 'link' => 1, 'main' => 1, 'map' => 1, 'mark' => 1, 'menu' => 1, 'meta' => 1, 'meter' => 1, 'nav' => 1, 'noscript' => 1, 'object' => 1, 'ol' => 1, 'optgroup' => 1, 'option' => 1, 'output' => 1, 'p' => 1, 'param' => 1, 'pre' => 1, 'progress' => 1, 'q' => 1, 'rb' => 1, 'rbc' => 1, 'rp' => 1, 'rt' => 1, 'rtc' => 1, 'ruby' => 1, 's' => 1, 'samp' => 1, 'script' => 1, 'section' => 1, 'select' => 1, 'small' => 1, 'source' => 1, 'span' => 1, 'strike' => 1, 'strong' => 1, 'style' => 1, 'sub' => 1, 'summary' => 1, 'sup' => 1, 'table' => 1, 'tbody' => 1, 'td' => 1, 'textarea' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'time' => 1, 'tr' => 1, 'track' => 1, 'tt' => 1, 'u' => 1, 'ul' => 1, 'var' => 1, 'video' => 1, 'wbr' => 1); // 118 incl. deprecated & some Ruby |
|
21
|
|
|
|
|
22
|
1731 |
|
if (!empty($C['safe'])) { |
|
23
|
559 |
|
unset($e['applet'], $e['audio'], $e['canvas'], $e['embed'], $e['iframe'], $e['object'], $e['script'], $e['video']); |
|
24
|
|
|
} |
|
25
|
1731 |
|
$x = !empty($C['elements']) ? str_replace(array("\n", "\r", "\t", ' '), '', $C['elements']) : '*'; |
|
26
|
1731 |
|
if ($x == '-*') { |
|
27
|
|
|
$e = array(); |
|
28
|
1731 |
|
} elseif (strpos($x, '*') === false) { |
|
29
|
|
|
$e = array_flip(explode(',', $x)); |
|
30
|
|
|
} else { |
|
31
|
1731 |
|
if (isset($x[1])) { |
|
32
|
1163 |
|
preg_match_all('`(?:^|-|\+)[^\-+]+?(?=-|\+|$)`', $x, $m, PREG_SET_ORDER); |
|
33
|
1163 |
|
for ($i = count($m); --$i >= 0;) { |
|
34
|
1163 |
|
$m[$i] = $m[$i][0]; |
|
35
|
|
|
} |
|
36
|
1163 |
|
foreach ($m as $v) { |
|
|
|
|
|
|
37
|
1163 |
|
if ($v[0] == '+') { |
|
38
|
|
|
$e[substr($v, 1)] = 1; |
|
39
|
|
|
} |
|
40
|
1163 |
|
if ($v[0] == '-' && isset($e[($v = substr($v, 1))]) && !in_array('+'.$v, $m)) { |
|
41
|
1163 |
|
unset($e[$v]); |
|
42
|
|
|
} |
|
43
|
|
|
} |
|
44
|
|
|
} |
|
45
|
|
|
} |
|
46
|
1731 |
|
$C['elements'] = &$e; |
|
47
|
|
|
// config attrs |
|
48
|
1731 |
|
$x = !empty($C['deny_attribute']) ? strtolower(str_replace(array("\n", "\r", "\t", ' '), '', $C['deny_attribute'])) : ''; |
|
49
|
1731 |
|
$x = array_flip((isset($x[0]) && $x[0] == '*') ? str_replace('/', 'data-', explode('-', str_replace('data-', '/', $x))) : explode(',', $x.(!empty($C['safe']) ? ',on*' : ''))); |
|
50
|
1731 |
|
$C['deny_attribute'] = $x; |
|
51
|
|
|
// config URLs |
|
52
|
1731 |
|
$x = (isset($C['schemes'][2]) && strpos($C['schemes'], ':')) ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, tel, telnet'.(empty($C['safe']) ? ', app, javascript; *: data, javascript, ' : '; *:').'file, http, https'; |
|
53
|
1731 |
|
$C['schemes'] = array(); |
|
54
|
1731 |
|
foreach (explode(';', trim(str_replace(array(' ', "\t", "\r", "\n"), '', $x), ';')) as $v) { |
|
55
|
1731 |
|
$x = $x2 = null; |
|
56
|
1731 |
|
list($x, $x2) = explode(':', $v, 2); |
|
57
|
1731 |
|
if ($x2) { |
|
58
|
1731 |
|
$C['schemes'][$x] = array_flip(explode(',', $x2)); |
|
59
|
|
|
} |
|
60
|
|
|
} |
|
61
|
1731 |
|
if (!isset($C['schemes']['*'])) { |
|
62
|
|
|
$C['schemes']['*'] = array('file' => 1, 'http' => 1, 'https' => 1); |
|
63
|
|
|
if (empty($C['safe'])) { |
|
64
|
|
|
$C['schemes']['*'] += array('data' => 1, 'javascript' => 1); |
|
65
|
|
|
} |
|
66
|
|
|
} |
|
67
|
1731 |
|
if (!empty($C['safe']) && empty($C['schemes']['style'])) { |
|
68
|
559 |
|
$C['schemes']['style'] = array('!' => 1); |
|
69
|
|
|
} |
|
70
|
1731 |
|
$C['abs_url'] = isset($C['abs_url']) ? $C['abs_url'] : 0; |
|
71
|
1731 |
|
if (!isset($C['base_url']) or !preg_match('`^[a-zA-Z\d.+\-]+://[^/]+/(.+?/)?$`', $C['base_url'])) { |
|
72
|
1731 |
|
$C['base_url'] = $C['abs_url'] = 0; |
|
73
|
|
|
} |
|
74
|
|
|
// config rest |
|
75
|
1731 |
|
$C['and_mark'] = empty($C['and_mark']) ? 0 : 1; |
|
76
|
1731 |
|
$C['anti_link_spam'] = (isset($C['anti_link_spam']) && is_array($C['anti_link_spam']) && count($C['anti_link_spam']) == 2 && (empty($C['anti_link_spam'][0]) or hl_regex($C['anti_link_spam'][0])) && (empty($C['anti_link_spam'][1]) or hl_regex($C['anti_link_spam'][1]))) ? $C['anti_link_spam'] : 0; |
|
77
|
1731 |
|
$C['anti_mail_spam'] = isset($C['anti_mail_spam']) ? $C['anti_mail_spam'] : 0; |
|
78
|
1731 |
|
$C['balance'] = isset($C['balance']) ? (bool)$C['balance'] : 1; |
|
79
|
1731 |
|
$C['cdata'] = isset($C['cdata']) ? $C['cdata'] : (empty($C['safe']) ? 3 : 0); |
|
80
|
1731 |
|
$C['clean_ms_char'] = empty($C['clean_ms_char']) ? 0 : $C['clean_ms_char']; |
|
81
|
1731 |
|
$C['comment'] = isset($C['comment']) ? $C['comment'] : (empty($C['safe']) ? 3 : 0); |
|
82
|
1731 |
|
$C['css_expression'] = empty($C['css_expression']) ? 0 : 1; |
|
83
|
1731 |
|
$C['direct_list_nest'] = empty($C['direct_list_nest']) ? 0 : 1; |
|
84
|
1731 |
|
$C['hexdec_entity'] = isset($C['hexdec_entity']) ? $C['hexdec_entity'] : 1; |
|
85
|
1731 |
|
$C['hook'] = (!empty($C['hook']) && function_exists($C['hook'])) ? $C['hook'] : 0; |
|
86
|
1731 |
|
$C['hook_tag'] = (!empty($C['hook_tag']) && function_exists($C['hook_tag'])) ? $C['hook_tag'] : 0; |
|
87
|
1731 |
|
$C['keep_bad'] = isset($C['keep_bad']) ? $C['keep_bad'] : 6; |
|
88
|
1731 |
|
$C['lc_std_val'] = isset($C['lc_std_val']) ? (bool)$C['lc_std_val'] : 1; |
|
89
|
1731 |
|
$C['make_tag_strict'] = isset($C['make_tag_strict']) ? $C['make_tag_strict'] : 1; |
|
90
|
1731 |
|
$C['named_entity'] = isset($C['named_entity']) ? (bool)$C['named_entity'] : 1; |
|
91
|
1731 |
|
$C['no_deprecated_attr'] = isset($C['no_deprecated_attr']) ? $C['no_deprecated_attr'] : 1; |
|
92
|
1731 |
|
$C['parent'] = isset($C['parent'][0]) ? strtolower($C['parent']) : 'body'; |
|
93
|
1731 |
|
$C['show_setting'] = !empty($C['show_setting']) ? $C['show_setting'] : 0; |
|
94
|
1731 |
|
$C['style_pass'] = empty($C['style_pass']) ? 0 : 1; |
|
95
|
1731 |
|
$C['tidy'] = empty($C['tidy']) ? 0 : $C['tidy']; |
|
96
|
1731 |
|
$C['unique_ids'] = isset($C['unique_ids']) && (!preg_match('`\W`', $C['unique_ids'])) ? $C['unique_ids'] : 1; |
|
97
|
1731 |
|
$C['xml:lang'] = isset($C['xml:lang']) ? $C['xml:lang'] : 0; |
|
98
|
|
|
|
|
99
|
1731 |
|
if (isset($GLOBALS['C'])) { |
|
100
|
1730 |
|
$reC = $GLOBALS['C']; |
|
101
|
|
|
} |
|
102
|
1731 |
|
$GLOBALS['C'] = $C; |
|
103
|
1731 |
|
$S = is_array($S) ? $S : hl_spec($S); |
|
104
|
1731 |
|
if (isset($GLOBALS['S'])) { |
|
105
|
1730 |
|
$reS = $GLOBALS['S']; |
|
106
|
|
|
} |
|
107
|
1731 |
|
$GLOBALS['S'] = $S; |
|
108
|
|
|
|
|
109
|
1731 |
|
$t = preg_replace('`[\x00-\x08\x0b-\x0c\x0e-\x1f]`', '', $t); |
|
110
|
1731 |
|
if ($C['clean_ms_char']) { |
|
111
|
|
|
$x = array("\x7f" => '', "\x80" => '€', "\x81" => '', "\x83" => 'ƒ', "\x85" => '…', "\x86" => '†', "\x87" => '‡', "\x88" => 'ˆ', "\x89" => '‰', "\x8a" => 'Š', "\x8b" => '‹', "\x8c" => 'Œ', "\x8d" => '', "\x8e" => 'Ž', "\x8f" => '', "\x90" => '', "\x95" => '•', "\x96" => '–', "\x97" => '—', "\x98" => '˜', "\x99" => '™', "\x9a" => 'š', "\x9b" => '›', "\x9c" => 'œ', "\x9d" => '', "\x9e" => 'ž', "\x9f" => 'Ÿ'); |
|
112
|
|
|
$x = $x + ($C['clean_ms_char'] == 1 ? array("\x82" => '‚', "\x84" => '„', "\x91" => '‘', "\x92" => '’', "\x93" => '“', "\x94" => '”') : array("\x82" => '\'', "\x84" => '"', "\x91" => '\'', "\x92" => '\'', "\x93" => '"', "\x94" => '"')); |
|
113
|
|
|
$t = strtr($t, $x); |
|
114
|
|
|
} |
|
115
|
1731 |
|
if ($C['cdata'] or $C['comment']) { |
|
116
|
1172 |
|
$t = preg_replace_callback('`<!(?:(?:--.*?--)|(?:\[CDATA\[.*?\]\]))>`sm', 'hl_cmtcd', $t); |
|
117
|
|
|
} |
|
118
|
1731 |
|
$t = preg_replace_callback('`&([a-zA-Z][a-zA-Z0-9]{1,30}|#(?:[0-9]{1,8}|[Xx][0-9A-Fa-f]{1,7}));`', 'hl_ent', str_replace('&', '&', $t)); |
|
119
|
1731 |
|
if ($C['unique_ids'] && !isset($GLOBALS['hl_Ids'])) { |
|
120
|
1 |
|
$GLOBALS['hl_Ids'] = array(); |
|
121
|
|
|
} |
|
122
|
1731 |
|
if ($C['hook']) { |
|
123
|
|
|
$t = $C['hook']($t, $C, $S); |
|
124
|
|
|
} |
|
125
|
1731 |
|
if ($C['show_setting'] && preg_match('`^[a-z][a-z0-9_]*$`i', $C['show_setting'])) { |
|
126
|
|
|
$GLOBALS[$C['show_setting']] = array('config' => $C, 'spec' => $S, 'time' => microtime()); |
|
127
|
|
|
} |
|
128
|
|
|
// main |
|
129
|
1731 |
|
$t = preg_replace_callback('`<(?:(?:\s|$)|(?:[^>]*(?:>|$)))|>`m', 'hl_tag', $t); |
|
130
|
1731 |
|
$t = $C['balance'] ? hl_bal($t, $C['keep_bad'], $C['parent']) : $t; |
|
131
|
1731 |
|
$t = (($C['cdata'] or $C['comment']) && strpos($t, "\x01") !== false) ? str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05"), array('', '', '&', '<', '>'), $t) : $t; |
|
132
|
1731 |
|
$t = $C['tidy'] ? hl_tidy($t, $C['tidy'], $C['parent']) : $t; |
|
133
|
1731 |
|
unset($C, $e); |
|
134
|
1731 |
|
if (isset($reC)) { |
|
135
|
1730 |
|
$GLOBALS['C'] = $reC; |
|
136
|
|
|
} |
|
137
|
1731 |
|
if (isset($reS)) { |
|
138
|
1730 |
|
$GLOBALS['S'] = $reS; |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
1731 |
|
return $t; |
|
142
|
|
|
} |
|
143
|
|
|
|
|
144
|
|
|
function hl_attrval($a, $t, $p) { |
|
145
|
|
|
// check attr val against $S |
|
146
|
|
|
static $ma = array('accesskey', 'class', 'itemtype', 'rel'); |
|
147
|
|
|
$s = in_array($a, $ma) ? ' ' : ($a == 'srcset' ? ',' : ''); |
|
148
|
|
|
$r = array(); |
|
149
|
|
|
$t = !empty($s) ? explode($s, $t) : array($t); |
|
150
|
|
|
foreach ($t as $tk => $tv) { |
|
151
|
|
|
$o = 1; |
|
152
|
|
|
$tv = trim($tv); |
|
153
|
|
|
$l = strlen($tv); |
|
154
|
|
|
foreach ($p as $k => $v) { |
|
155
|
|
|
if (!$l) { |
|
156
|
|
|
continue; |
|
157
|
|
|
} |
|
158
|
|
|
switch ($k) { |
|
159
|
|
|
case 'maxlen': |
|
160
|
|
|
if ($l > $v) { |
|
161
|
|
|
$o = 0; |
|
162
|
|
|
} |
|
163
|
|
|
break; |
|
164
|
|
|
case 'minlen': |
|
165
|
|
|
if ($l < $v) { |
|
166
|
|
|
$o = 0; |
|
167
|
|
|
} |
|
168
|
|
|
break; |
|
169
|
|
|
case 'maxval': |
|
170
|
|
|
if ((float)($tv) > $v) { |
|
171
|
|
|
$o = 0; |
|
172
|
|
|
} |
|
173
|
|
|
break; |
|
174
|
|
|
case 'minval': |
|
175
|
|
|
if ((float)($tv) < $v) { |
|
176
|
|
|
$o = 0; |
|
177
|
|
|
} |
|
178
|
|
|
break; |
|
179
|
|
|
case 'match': |
|
180
|
|
|
if (!preg_match($v, $tv)) { |
|
181
|
|
|
$o = 0; |
|
182
|
|
|
} |
|
183
|
|
|
break; |
|
184
|
|
|
case 'nomatch': |
|
185
|
|
|
if (preg_match($v, $tv)) { |
|
186
|
|
|
$o = 0; |
|
187
|
|
|
} |
|
188
|
|
|
break; |
|
189
|
|
View Code Duplication |
case 'oneof': |
|
|
|
|
|
|
190
|
|
|
$m = 0; |
|
191
|
|
|
foreach (explode('|', $v) as $n) { |
|
192
|
|
|
if ($tv == $n) { |
|
193
|
|
|
$m = 1; |
|
194
|
|
|
break; |
|
195
|
|
|
} |
|
196
|
|
|
} |
|
197
|
|
|
$o = $m; |
|
198
|
|
|
break; |
|
199
|
|
View Code Duplication |
case 'noneof': |
|
|
|
|
|
|
200
|
|
|
$m = 1; |
|
201
|
|
|
foreach (explode('|', $v) as $n) { |
|
202
|
|
|
if ($tv == $n) { |
|
203
|
|
|
$m = 0; |
|
204
|
|
|
break; |
|
205
|
|
|
} |
|
206
|
|
|
} |
|
207
|
|
|
$o = $m; |
|
208
|
|
|
break; |
|
209
|
|
|
default: |
|
210
|
|
|
break; |
|
211
|
|
|
} |
|
212
|
|
|
if (!$o) { |
|
213
|
|
|
break; |
|
214
|
|
|
} |
|
215
|
|
|
} |
|
216
|
|
|
if ($o) { |
|
217
|
|
|
$r[] = $tv; |
|
218
|
|
|
} |
|
219
|
|
|
} |
|
220
|
|
|
if ($s == ',') { |
|
221
|
|
|
$s = ', '; |
|
222
|
|
|
} |
|
223
|
|
|
$r = implode($s, $r); |
|
224
|
|
|
|
|
225
|
|
|
return isset($r[0]) ? $r : (isset($p['default']) ? $p['default'] : 0); |
|
226
|
|
|
} |
|
227
|
|
|
|
|
228
|
|
|
function hl_bal($t, $do = 1, $in = 'div') { |
|
229
|
|
|
// balance tags |
|
230
|
|
|
// by content |
|
231
|
1731 |
|
$cB = array('form' => 1, 'map' => 1, 'noscript' => 1); // Block |
|
232
|
1731 |
|
$cE = array('area' => 1, 'br' => 1, 'col' => 1, 'command' => 1, 'embed' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'isindex' => 1, 'keygen' => 1, 'link' => 1, 'meta' => 1, 'param' => 1, 'source' => 1, 'track' => 1, 'wbr' => 1); // Empty |
|
233
|
1731 |
|
$cF = array('a' => 1, 'article' => 1, 'aside' => 1, 'audio' => 1, 'button' => 1, 'blockquote' => 1, 'canvas' => 1, 'del' => 1, 'details' => 1, 'div' => 1, 'dd' => 1, 'fieldset' => 1, 'figure' => 1, 'footer' => 1, 'header' => 1, 'iframe' => 1, 'ins' => 1, 'li' => 1, 'main' => 1, 'menu' => 1, 'nav' => 1, 'noscript' => 1, 'object' => 1, 'section' => 1, 'style' => 1, 'td' => 1, 'th' => 1, 'video' => 1); // Flow; later context-wise dynamic move of ins & del to $cI |
|
234
|
1731 |
|
$cI = array('abbr' => 1, 'acronym' => 1, 'address' => 1, 'b' => 1, 'bdi' => 1, 'bdo' => 1, 'big' => 1, 'caption' => 1, 'cite' => 1, 'code' => 1, 'data' => 1, 'datalist' => 1, 'dfn' => 1, 'dt' => 1, 'em' => 1, 'figcaption' => 1, 'font' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hgroup' => 1, 'i' => 1, 'kbd' => 1, 'label' => 1, 'legend' => 1, 'mark' => 1, 'meter' => 1, 'output' => 1, 'p' => 1, 'pre' => 1, 'progress' => 1, 'q' => 1, 'rb' => 1, 'rt' => 1, 's' => 1, 'samp' => 1, 'small' => 1, 'span' => 1, 'strike' => 1, 'strong' => 1, 'sub' => 1, 'summary' => 1, 'sup' => 1, 'time' => 1, 'tt' => 1, 'u' => 1, 'var' => 1); // Inline |
|
235
|
1731 |
|
$cN = array('a' => array('a' => 1, 'address' => 1, 'button' => 1, 'details' => 1, 'embed' => 1, 'keygen' => 1, 'label' => 1, 'select' => 1, 'textarea' => 1), 'address' => array('address' => 1, 'article' => 1, 'aside' => 1, 'header' => 1, 'keygen' => 1, 'footer' => 1, 'nav' => 1, 'section' => 1), 'button' => array('a' => 1, 'address' => 1, 'button' => 1, 'details' => 1, 'embed' => 1, 'fieldset' => 1, 'form' => 1, 'iframe' => 1, 'input' => 1, 'keygen' => 1, 'label' => 1, 'select' => 1, 'textarea' => 1), 'fieldset' => array('fieldset' => 1), 'footer' => array('header' => 1, 'footer' => 1), 'form' => array('form' => 1), 'header' => array('header' => 1, 'footer' => 1), 'label' => array('label' => 1), 'main' => array('main' => 1), 'meter' => array('meter' => 1), 'noscript' => array('script' => 1), 'pre' => array('big' => 1, 'font' => 1, 'img' => 1, 'object' => 1, 'script' => 1, 'small' => 1, 'sub' => 1, 'sup' => 1), 'progress' => array('progress' => 1), 'rb' => array('ruby' => 1), 'rt' => array('ruby' => 1), 'time' => array('time' => 1)); // Illegal |
|
236
|
1731 |
|
$cN2 = array_keys($cN); |
|
237
|
1731 |
|
$cS = array('colgroup' => array('col' => 1), 'datalist' => array('option' => 1), 'dir' => array('li' => 1), 'dl' => array('dd' => 1, 'dt' => 1), 'hgroup' => array('h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1), 'menu' => array('li' => 1), 'ol' => array('li' => 1), 'optgroup' => array('option' => 1), 'option' => array('#pcdata' => 1), 'rbc' => array('rb' => 1), 'rp' => array('#pcdata' => 1), 'rtc' => array('rt' => 1), 'ruby' => array('rb' => 1, 'rbc' => 1, 'rp' => 1, 'rt' => 1, 'rtc' => 1), 'select' => array('optgroup' => 1, 'option' => 1), 'script' => array('#pcdata' => 1), 'table' => array('caption' => 1, 'col' => 1, 'colgroup' => 1, 'tfoot' => 1, 'tbody' => 1, 'tr' => 1, 'thead' => 1), 'tbody' => array('tr' => 1), 'tfoot' => array('tr' => 1), 'textarea' => array('#pcdata' => 1), 'thead' => array('tr' => 1), 'tr' => array('td' => 1, 'th' => 1), 'ul' => array('li' => 1)); // Specific - immediate parent-child |
|
238
|
1731 |
|
if ($GLOBALS['C']['direct_list_nest']) { |
|
239
|
613 |
|
$cS['ol'] = $cS['ul'] = $cS['menu'] += array('menu' => 1, 'ol' => 1, 'ul' => 1); |
|
240
|
|
|
} |
|
241
|
1731 |
|
$cO = array('address' => array('p' => 1), 'applet' => array('param' => 1), 'audio' => array('source' => 1, 'track' => 1), 'blockquote' => array('script' => 1), 'details' => array('summary' => 1), 'fieldset' => array('legend' => 1, '#pcdata' => 1), 'figure' => array('figcaption' => 1), 'form' => array('script' => 1), 'map' => array('area' => 1), 'object' => array('param' => 1, 'embed' => 1), 'video' => array('source' => 1, 'track' => 1)); // Other |
|
242
|
1731 |
|
$cT = array('colgroup' => 1, 'dd' => 1, 'dt' => 1, 'li' => 1, 'option' => 1, 'p' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1); // Omitable closing |
|
243
|
|
|
// block/inline type; a/ins/del both type; #pcdata: text |
|
244
|
1731 |
|
$eB = array('a' => 1, 'address' => 1, 'article' => 1, 'aside' => 1, 'blockquote' => 1, 'center' => 1, 'del' => 1, 'details' => 1, 'dir' => 1, 'dl' => 1, 'div' => 1, 'fieldset' => 1, 'figure' => 1, 'footer' => 1, 'form' => 1, 'ins' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'header' => 1, 'hr' => 1, 'isindex' => 1, 'main' => 1, 'menu' => 1, 'nav' => 1, 'noscript' => 1, 'ol' => 1, 'p' => 1, 'pre' => 1, 'section' => 1, 'style' => 1, 'table' => 1, 'ul' => 1); |
|
245
|
1731 |
|
$eI = array('#pcdata' => 1, 'a' => 1, 'abbr' => 1, 'acronym' => 1, 'applet' => 1, 'audio' => 1, 'b' => 1, 'bdi' => 1, 'bdo' => 1, 'big' => 1, 'br' => 1, 'button' => 1, 'canvas' => 1, 'cite' => 1, 'code' => 1, 'command' => 1, 'data' => 1, 'datalist' => 1, 'del' => 1, 'dfn' => 1, 'em' => 1, 'embed' => 1, 'figcaption' => 1, 'font' => 1, 'i' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'ins' => 1, 'kbd' => 1, 'label' => 1, 'link' => 1, 'map' => 1, 'mark' => 1, 'meta' => 1, 'meter' => 1, 'object' => 1, 'output' => 1, 'progress' => 1, 'q' => 1, 'ruby' => 1, 's' => 1, 'samp' => 1, 'select' => 1, 'script' => 1, 'small' => 1, 'span' => 1, 'strike' => 1, 'strong' => 1, 'sub' => 1, 'summary' => 1, 'sup' => 1, 'textarea' => 1, 'time' => 1, 'tt' => 1, 'u' => 1, 'var' => 1, 'video' => 1, 'wbr' => 1); |
|
246
|
1731 |
|
$eN = array('a' => 1, 'address' => 1, 'article' => 1, 'aside' => 1, 'big' => 1, 'button' => 1, 'details' => 1, 'embed' => 1, 'fieldset' => 1, 'font' => 1, 'footer' => 1, 'form' => 1, 'header' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'keygen' => 1, 'label' => 1, 'meter' => 1, 'nav' => 1, 'object' => 1, 'progress' => 1, 'ruby' => 1, 'script' => 1, 'select' => 1, 'small' => 1, 'sub' => 1, 'sup' => 1, 'textarea' => 1, 'time' => 1); // Exclude from specific ele; $cN values |
|
247
|
1731 |
|
$eO = array('area' => 1, 'caption' => 1, 'col' => 1, 'colgroup' => 1, 'command' => 1, 'dd' => 1, 'dt' => 1, 'hgroup' => 1, 'keygen' => 1, 'legend' => 1, 'li' => 1, 'optgroup' => 1, 'option' => 1, 'param' => 1, 'rb' => 1, 'rbc' => 1, 'rp' => 1, 'rt' => 1, 'rtc' => 1, 'script' => 1, 'source' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'thead' => 1, 'th' => 1, 'tr' => 1, 'track' => 1); // Missing in $eB & $eI |
|
248
|
1731 |
|
$eF = $eB + $eI; |
|
249
|
|
|
|
|
250
|
|
|
// $in sets allowed child |
|
251
|
1731 |
|
$in = ((isset($eF[$in]) && $in != '#pcdata') or isset($eO[$in])) ? $in : 'div'; |
|
252
|
1731 |
|
if (isset($cE[$in])) { |
|
253
|
|
|
return !$do ? '' : str_replace(array('<', '>'), array('<', '>'), $t); |
|
254
|
|
|
} |
|
255
|
1731 |
|
if (isset($cS[$in])) { |
|
256
|
|
|
$inOk = $cS[$in]; |
|
257
|
1731 |
|
} elseif (isset($cI[$in])) { |
|
258
|
|
|
$inOk = $eI; |
|
259
|
|
|
$cI['del'] = 1; |
|
260
|
|
|
$cI['ins'] = 1; |
|
261
|
1731 |
|
} elseif (isset($cF[$in])) { |
|
262
|
1731 |
|
$inOk = $eF; |
|
263
|
1731 |
|
unset($cI['del'], $cI['ins']); |
|
264
|
|
|
} elseif (isset($cB[$in])) { |
|
265
|
|
|
$inOk = $eB; |
|
266
|
|
|
unset($cI['del'], $cI['ins']); |
|
267
|
|
|
} |
|
268
|
1731 |
|
if (isset($cO[$in])) { |
|
269
|
|
|
$inOk = $inOk + $cO[$in]; |
|
|
|
|
|
|
270
|
|
|
} |
|
271
|
1731 |
|
if (isset($cN[$in])) { |
|
272
|
|
|
$inOk = array_diff_assoc($inOk, $cN[$in]); |
|
273
|
|
|
} |
|
274
|
|
|
|
|
275
|
1731 |
|
$t = explode('<', $t); |
|
276
|
1731 |
|
$ok = $q = array(); // $q seq list of open non-empty ele |
|
277
|
1731 |
|
ob_start(); |
|
278
|
|
|
|
|
279
|
1731 |
|
for ($i = -1, $ci = count($t); ++$i < $ci;) { |
|
280
|
|
|
// allowed $ok in parent $p |
|
281
|
1731 |
View Code Duplication |
if ($ql = count($q)) { |
|
|
|
|
|
|
282
|
298 |
|
$p = array_pop($q); |
|
283
|
298 |
|
$q[] = $p; |
|
284
|
298 |
|
if (isset($cS[$p])) { |
|
285
|
27 |
|
$ok = $cS[$p]; |
|
286
|
279 |
|
} elseif (isset($cI[$p])) { |
|
287
|
18 |
|
$ok = $eI; |
|
288
|
18 |
|
$cI['del'] = 1; |
|
289
|
18 |
|
$cI['ins'] = 1; |
|
290
|
265 |
|
} elseif (isset($cF[$p])) { |
|
291
|
265 |
|
$ok = $eF; |
|
292
|
265 |
|
unset($cI['del'], $cI['ins']); |
|
293
|
|
|
} elseif (isset($cB[$p])) { |
|
294
|
|
|
$ok = $eB; |
|
295
|
|
|
unset($cI['del'], $cI['ins']); |
|
296
|
|
|
} |
|
297
|
298 |
|
if (isset($cO[$p])) { |
|
298
|
2 |
|
$ok = $ok + $cO[$p]; |
|
299
|
|
|
} |
|
300
|
298 |
|
if (isset($cN[$p])) { |
|
301
|
298 |
|
$ok = array_diff_assoc($ok, $cN[$p]); |
|
302
|
|
|
} |
|
303
|
|
|
} else { |
|
304
|
1731 |
|
$ok = $inOk; |
|
305
|
1731 |
|
unset($cI['del'], $cI['ins']); |
|
306
|
|
|
} |
|
307
|
|
|
// bad tags, & ele content |
|
308
|
1731 |
View Code Duplication |
if (isset($e) && ($do == 1 or (isset($ok['#pcdata']) && ($do == 3 or $do == 5)))) { |
|
|
|
|
|
|
309
|
|
|
echo '<', $s, $e, $a, '>'; |
|
|
|
|
|
|
310
|
|
|
} |
|
311
|
1731 |
View Code Duplication |
if (isset($x[0])) { |
|
|
|
|
|
|
312
|
284 |
|
if (strlen(trim($x)) && (($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql))) { |
|
313
|
|
|
echo '<div>', $x, '</div>'; |
|
314
|
284 |
|
} elseif ($do < 3 or isset($ok['#pcdata'])) { |
|
315
|
284 |
|
echo $x; |
|
316
|
|
|
} elseif (strpos($x, "\x02\x04")) { |
|
317
|
|
|
foreach (preg_split('`(\x01\x02[^\x01\x02]+\x02\x01)`', $x, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY) as $v) { |
|
318
|
|
|
echo substr($v, 0, 2) == "\x01\x02" ? $v : ($do > 4 ? preg_replace('`\S`', '', $v) : ''); |
|
319
|
|
|
} |
|
320
|
|
|
} elseif ($do > 4) { |
|
321
|
|
|
echo preg_replace('`\S`', '', $x); |
|
322
|
|
|
} |
|
323
|
|
|
} |
|
324
|
|
|
// get markup |
|
325
|
1731 |
|
if (!preg_match('`^(/?)([a-z1-6]+)([^>]*)>(.*)`sm', $t[$i], $r)) { |
|
326
|
1731 |
|
$x = $t[$i]; |
|
327
|
1731 |
|
continue; |
|
328
|
|
|
} |
|
329
|
946 |
|
$s = null; |
|
330
|
946 |
|
$e = null; |
|
331
|
946 |
|
$a = null; |
|
332
|
946 |
|
$x = null; |
|
333
|
946 |
|
list($all, $s, $e, $a, $x) = $r; |
|
|
|
|
|
|
334
|
|
|
// close tag |
|
335
|
946 |
|
if ($s) { |
|
336
|
298 |
|
if (isset($cE[$e]) or !in_array($e, $q)) { |
|
337
|
23 |
|
continue; |
|
338
|
|
|
} // Empty/unopen |
|
339
|
287 |
|
if ($p == $e) { |
|
|
|
|
|
|
340
|
286 |
|
array_pop($q); |
|
341
|
286 |
|
echo '</', $e, '>'; |
|
342
|
286 |
|
unset($e); |
|
343
|
286 |
|
continue; |
|
344
|
|
|
} // Last open |
|
345
|
1 |
|
$add = ''; // Nesting - close open tags that need to be |
|
346
|
1 |
|
for ($j = -1, $cj = count($q); ++$j < $cj;) { |
|
347
|
1 |
|
if (($d = array_pop($q)) == $e) { |
|
348
|
1 |
|
break; |
|
349
|
|
|
} else { |
|
350
|
1 |
|
$add .= "</{$d}>"; |
|
351
|
|
|
} |
|
352
|
|
|
} |
|
353
|
1 |
|
echo $add, '</', $e, '>'; |
|
354
|
1 |
|
unset($e); |
|
355
|
1 |
|
continue; |
|
356
|
|
|
} |
|
357
|
|
|
// open tag |
|
358
|
|
|
// $cB ele needs $eB ele as child |
|
359
|
946 |
|
if (isset($cB[$e]) && strlen(trim($x))) { |
|
360
|
|
|
$t[$i] = "{$e}{$a}>"; |
|
361
|
|
|
array_splice($t, $i + 1, 0, 'div>'.$x); |
|
362
|
|
|
unset($e, $x); |
|
363
|
|
|
++$ci; |
|
364
|
|
|
--$i; |
|
365
|
|
|
continue; |
|
366
|
|
|
} |
|
367
|
946 |
|
if ((($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql)) && !isset($eB[$e]) && !isset($ok[$e])) { |
|
368
|
|
|
array_splice($t, $i, 0, 'div>'); |
|
369
|
|
|
unset($e, $x); |
|
370
|
|
|
++$ci; |
|
371
|
|
|
--$i; |
|
372
|
|
|
continue; |
|
373
|
|
|
} |
|
374
|
|
|
// if no open ele, $in = parent; mostly immediate parent-child relation should hold |
|
375
|
946 |
|
if (!$ql or !isset($eN[$e]) or !array_intersect($q, $cN2)) { |
|
376
|
946 |
|
if (!isset($ok[$e])) { |
|
377
|
20 |
|
if ($ql && isset($cT[$p])) { |
|
378
|
|
|
echo '</', array_pop($q), '>'; |
|
379
|
|
|
unset($e, $x); |
|
380
|
|
|
--$i; |
|
381
|
|
|
} |
|
382
|
20 |
|
continue; |
|
383
|
|
|
} |
|
384
|
937 |
|
if ($e !== 'span' || !empty($a)) { |
|
385
|
927 |
|
if (!isset($cE[$e])) { |
|
386
|
359 |
|
$q[] = $e; |
|
387
|
|
|
} |
|
388
|
927 |
|
echo '<', $e, $a, '>'; |
|
389
|
|
|
} |
|
390
|
937 |
|
unset($e); |
|
391
|
937 |
|
continue; |
|
392
|
|
|
} |
|
393
|
|
|
// specific parent-child |
|
394
|
|
|
if (isset($cS[$p][$e])) { |
|
395
|
|
|
if (!isset($cE[$e])) { |
|
396
|
|
|
$q[] = $e; |
|
397
|
|
|
} |
|
398
|
|
|
echo '<', $e, $a, '>'; |
|
399
|
|
|
unset($e); |
|
400
|
|
|
continue; |
|
401
|
|
|
} |
|
402
|
|
|
// nesting |
|
403
|
|
|
$add = ''; |
|
404
|
|
|
$q2 = array(); |
|
405
|
|
|
for ($k = -1, $kc = count($q); ++$k < $kc;) { |
|
406
|
|
|
$d = $q[$k]; |
|
407
|
|
|
$ok2 = array(); |
|
|
|
|
|
|
408
|
|
|
if (isset($cS[$d])) { |
|
409
|
|
|
$q2[] = $d; |
|
410
|
|
|
continue; |
|
411
|
|
|
} |
|
412
|
|
|
$ok2 = isset($cI[$d]) ? $eI : $eF; |
|
413
|
|
|
if (isset($cO[$d])) { |
|
414
|
|
|
$ok2 = $ok2 + $cO[$d]; |
|
415
|
|
|
} |
|
416
|
|
|
if (isset($cN[$d])) { |
|
417
|
|
|
$ok2 = array_diff_assoc($ok2, $cN[$d]); |
|
418
|
|
|
} |
|
419
|
|
|
if (!isset($ok2[$e])) { |
|
420
|
|
|
if (!$k && !isset($inOk[$e])) { |
|
421
|
|
|
continue 2; |
|
422
|
|
|
} |
|
423
|
|
|
$add = "</{$d}>"; |
|
424
|
|
|
for (; ++$k < $kc;) { |
|
425
|
|
|
$add = "</{$q[$k]}>{$add}"; |
|
426
|
|
|
} |
|
427
|
|
|
break; |
|
428
|
|
|
} else { |
|
429
|
|
|
$q2[] = $d; |
|
430
|
|
|
} |
|
431
|
|
|
} |
|
432
|
|
|
$q = $q2; |
|
433
|
|
|
if (!isset($cE[$e])) { |
|
434
|
|
|
$q[] = $e; |
|
435
|
|
|
} |
|
436
|
|
|
echo $add, '<', $e, $a, '>'; |
|
437
|
|
|
unset($e); |
|
438
|
|
|
continue; |
|
439
|
|
|
} |
|
440
|
|
|
|
|
441
|
|
|
// end |
|
442
|
1731 |
View Code Duplication |
if ($ql = count($q)) { |
|
|
|
|
|
|
443
|
111 |
|
$p = array_pop($q); |
|
444
|
111 |
|
$q[] = $p; |
|
445
|
111 |
|
if (isset($cS[$p])) { |
|
446
|
28 |
|
$ok = $cS[$p]; |
|
447
|
84 |
|
} elseif (isset($cI[$p])) { |
|
448
|
2 |
|
$ok = $eI; |
|
449
|
2 |
|
$cI['del'] = 1; |
|
450
|
2 |
|
$cI['ins'] = 1; |
|
451
|
82 |
|
} elseif (isset($cF[$p])) { |
|
452
|
82 |
|
$ok = $eF; |
|
453
|
82 |
|
unset($cI['del'], $cI['ins']); |
|
454
|
|
|
} elseif (isset($cB[$p])) { |
|
455
|
|
|
$ok = $eB; |
|
456
|
|
|
unset($cI['del'], $cI['ins']); |
|
457
|
|
|
} |
|
458
|
111 |
|
if (isset($cO[$p])) { |
|
459
|
|
|
$ok = $ok + $cO[$p]; |
|
460
|
|
|
} |
|
461
|
111 |
|
if (isset($cN[$p])) { |
|
462
|
111 |
|
$ok = array_diff_assoc($ok, $cN[$p]); |
|
463
|
|
|
} |
|
464
|
|
|
} else { |
|
465
|
1657 |
|
$ok = $inOk; |
|
466
|
1657 |
|
unset($cI['del'], $cI['ins']); |
|
467
|
|
|
} |
|
468
|
1731 |
View Code Duplication |
if (isset($e) && ($do == 1 or (isset($ok['#pcdata']) && ($do == 3 or $do == 5)))) { |
|
|
|
|
|
|
469
|
|
|
echo '<', $s, $e, $a, '>'; |
|
470
|
|
|
} |
|
471
|
1731 |
View Code Duplication |
if (isset($x[0])) { |
|
|
|
|
|
|
472
|
499 |
|
if (strlen(trim($x)) && (($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql))) { |
|
473
|
|
|
echo '<div>', $x, '</div>'; |
|
474
|
499 |
|
} elseif ($do < 3 or isset($ok['#pcdata'])) { |
|
475
|
499 |
|
echo $x; |
|
476
|
|
|
} elseif (strpos($x, "\x02\x04")) { |
|
477
|
|
|
foreach (preg_split('`(\x01\x02[^\x01\x02]+\x02\x01)`', $x, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY) as $v) { |
|
478
|
|
|
echo substr($v, 0, 2) == "\x01\x02" ? $v : ($do > 4 ? preg_replace('`\S`', '', $v) : ''); |
|
479
|
|
|
} |
|
480
|
|
|
} elseif ($do > 4) { |
|
481
|
|
|
echo preg_replace('`\S`', '', $x); |
|
482
|
|
|
} |
|
483
|
|
|
} |
|
484
|
1731 |
|
while (!empty($q) && ($e = array_pop($q))) { |
|
485
|
111 |
|
echo '</', $e, '>'; |
|
486
|
|
|
} |
|
487
|
1731 |
|
$o = ob_get_contents(); |
|
488
|
1731 |
|
ob_end_clean(); |
|
489
|
|
|
|
|
490
|
1731 |
|
return $o; |
|
491
|
|
|
} |
|
492
|
|
|
|
|
493
|
|
|
function hl_cmtcd($t) { |
|
494
|
|
|
// comment/CDATA sec handler |
|
495
|
29 |
|
$t = $t[0]; |
|
496
|
29 |
|
global $C; |
|
497
|
29 |
|
if (!($v = $C[$n = $t[3] == '-' ? 'comment' : 'cdata'])) { |
|
498
|
|
|
return $t; |
|
499
|
|
|
} |
|
500
|
29 |
|
if ($v == 1) { |
|
501
|
29 |
|
return ''; |
|
502
|
|
|
} |
|
503
|
|
|
if ($n == 'comment' && $v < 4) { |
|
504
|
|
|
if (substr(($t = preg_replace('`--+`', '-', substr($t, 4, -3))), -1) != ' ') { |
|
505
|
|
|
$t .= ' '; |
|
506
|
|
|
} |
|
507
|
|
|
} else { |
|
508
|
|
|
$t = substr($t, 1, -1); |
|
509
|
|
|
} |
|
510
|
|
|
$t = $v == 2 ? str_replace(array('&', '<', '>'), array('&', '<', '>'), $t) : $t; |
|
511
|
|
|
|
|
512
|
|
|
return str_replace(array('&', '<', '>'), array("\x03", "\x04", "\x05"), ($n == 'comment' ? "\x01\x02\x04!--$t--\x05\x02\x01" : "\x01\x01\x04$t\x05\x01\x01")); |
|
513
|
|
|
} |
|
514
|
|
|
|
|
515
|
|
|
function hl_ent($t) { |
|
516
|
|
|
// entitity handler |
|
517
|
249 |
|
global $C; |
|
518
|
249 |
|
$t = $t[1]; |
|
519
|
249 |
|
static $U = array('quot' => 1, 'amp' => 1, 'lt' => 1, 'gt' => 1); |
|
520
|
249 |
|
static $N = array('fnof' => '402', 'Alpha' => '913', 'Beta' => '914', 'Gamma' => '915', 'Delta' => '916', 'Epsilon' => '917', 'Zeta' => '918', 'Eta' => '919', 'Theta' => '920', 'Iota' => '921', 'Kappa' => '922', 'Lambda' => '923', 'Mu' => '924', 'Nu' => '925', 'Xi' => '926', 'Omicron' => '927', 'Pi' => '928', 'Rho' => '929', 'Sigma' => '931', 'Tau' => '932', 'Upsilon' => '933', 'Phi' => '934', 'Chi' => '935', 'Psi' => '936', 'Omega' => '937', 'alpha' => '945', 'beta' => '946', 'gamma' => '947', 'delta' => '948', 'epsilon' => '949', 'zeta' => '950', 'eta' => '951', 'theta' => '952', 'iota' => '953', 'kappa' => '954', 'lambda' => '955', 'mu' => '956', 'nu' => '957', 'xi' => '958', 'omicron' => '959', 'pi' => '960', 'rho' => '961', 'sigmaf' => '962', 'sigma' => '963', 'tau' => '964', 'upsilon' => '965', 'phi' => '966', 'chi' => '967', 'psi' => '968', 'omega' => '969', 'thetasym' => '977', 'upsih' => '978', 'piv' => '982', 'bull' => '8226', 'hellip' => '8230', 'prime' => '8242', 'Prime' => '8243', 'oline' => '8254', 'frasl' => '8260', 'weierp' => '8472', 'image' => '8465', 'real' => '8476', 'trade' => '8482', 'alefsym' => '8501', 'larr' => '8592', 'uarr' => '8593', 'rarr' => '8594', 'darr' => '8595', 'harr' => '8596', 'crarr' => '8629', 'lArr' => '8656', 'uArr' => '8657', 'rArr' => '8658', 'dArr' => '8659', 'hArr' => '8660', 'forall' => '8704', 'part' => '8706', 'exist' => '8707', 'empty' => '8709', 'nabla' => '8711', 'isin' => '8712', 'notin' => '8713', 'ni' => '8715', 'prod' => '8719', 'sum' => '8721', 'minus' => '8722', 'lowast' => '8727', 'radic' => '8730', 'prop' => '8733', 'infin' => '8734', 'ang' => '8736', 'and' => '8743', 'or' => '8744', 'cap' => '8745', 'cup' => '8746', 'int' => '8747', 'there4' => '8756', 'sim' => '8764', 'cong' => '8773', 'asymp' => '8776', 'ne' => '8800', 'equiv' => '8801', 'le' => '8804', 'ge' => '8805', 'sub' => '8834', 'sup' => '8835', 'nsub' => '8836', 'sube' => '8838', 'supe' => '8839', 'oplus' => '8853', 'otimes' => '8855', 'perp' => '8869', 'sdot' => '8901', 'lceil' => '8968', 'rceil' => '8969', 'lfloor' => '8970', 'rfloor' => '8971', 'lang' => '9001', 'rang' => '9002', 'loz' => '9674', 'spades' => '9824', 'clubs' => '9827', 'hearts' => '9829', 'diams' => '9830', 'apos' => '39', 'OElig' => '338', 'oelig' => '339', 'Scaron' => '352', 'scaron' => '353', 'Yuml' => '376', 'circ' => '710', 'tilde' => '732', 'ensp' => '8194', 'emsp' => '8195', 'thinsp' => '8201', 'zwnj' => '8204', 'zwj' => '8205', 'lrm' => '8206', 'rlm' => '8207', 'ndash' => '8211', 'mdash' => '8212', 'lsquo' => '8216', 'rsquo' => '8217', 'sbquo' => '8218', 'ldquo' => '8220', 'rdquo' => '8221', 'bdquo' => '8222', 'dagger' => '8224', 'Dagger' => '8225', 'permil' => '8240', 'lsaquo' => '8249', 'rsaquo' => '8250', 'euro' => '8364', 'nbsp' => '160', 'iexcl' => '161', 'cent' => '162', 'pound' => '163', 'curren' => '164', 'yen' => '165', 'brvbar' => '166', 'sect' => '167', 'uml' => '168', 'copy' => '169', 'ordf' => '170', 'laquo' => '171', 'not' => '172', 'shy' => '173', 'reg' => '174', 'macr' => '175', 'deg' => '176', 'plusmn' => '177', 'sup2' => '178', 'sup3' => '179', 'acute' => '180', 'micro' => '181', 'para' => '182', 'middot' => '183', 'cedil' => '184', 'sup1' => '185', 'ordm' => '186', 'raquo' => '187', 'frac14' => '188', 'frac12' => '189', 'frac34' => '190', 'iquest' => '191', 'Agrave' => '192', 'Aacute' => '193', 'Acirc' => '194', 'Atilde' => '195', 'Auml' => '196', 'Aring' => '197', 'AElig' => '198', 'Ccedil' => '199', 'Egrave' => '200', 'Eacute' => '201', 'Ecirc' => '202', 'Euml' => '203', 'Igrave' => '204', 'Iacute' => '205', 'Icirc' => '206', 'Iuml' => '207', 'ETH' => '208', 'Ntilde' => '209', 'Ograve' => '210', 'Oacute' => '211', 'Ocirc' => '212', 'Otilde' => '213', 'Ouml' => '214', 'times' => '215', 'Oslash' => '216', 'Ugrave' => '217', 'Uacute' => '218', 'Ucirc' => '219', 'Uuml' => '220', 'Yacute' => '221', 'THORN' => '222', 'szlig' => '223', 'agrave' => '224', 'aacute' => '225', 'acirc' => '226', 'atilde' => '227', 'auml' => '228', 'aring' => '229', 'aelig' => '230', 'ccedil' => '231', 'egrave' => '232', 'eacute' => '233', 'ecirc' => '234', 'euml' => '235', 'igrave' => '236', 'iacute' => '237', 'icirc' => '238', 'iuml' => '239', 'eth' => '240', 'ntilde' => '241', 'ograve' => '242', 'oacute' => '243', 'ocirc' => '244', 'otilde' => '245', 'ouml' => '246', 'divide' => '247', 'oslash' => '248', 'ugrave' => '249', 'uacute' => '250', 'ucirc' => '251', 'uuml' => '252', 'yacute' => '253', 'thorn' => '254', 'yuml' => '255'); |
|
521
|
249 |
|
if ($t[0] != '#') { |
|
522
|
147 |
|
return ($C['and_mark'] ? "\x06" : '&').(isset($U[$t]) ? $t : (isset($N[$t]) ? (!$C['named_entity'] ? '#'.($C['hexdec_entity'] > 1 ? 'x'.dechex($N[$t]) : $N[$t]) : $t) : 'amp;'.$t)).';'; |
|
523
|
|
|
} |
|
524
|
114 |
|
if (($n = ctype_digit($t = substr($t, 1)) ? intval($t) : hexdec(substr($t, 1))) < 9 or ($n > 13 && $n < 32) or $n == 11 or $n == 12 or ($n > 126 && $n < 160 && $n != 133) or ($n > 55295 && ($n < 57344 or ($n > 64975 && $n < 64992) or $n == 65534 or $n == 65535 or $n > 1114111))) { |
|
525
|
37 |
|
return ($C['and_mark'] ? "\x06" : '&')."amp;#{$t};"; |
|
526
|
|
|
} |
|
527
|
|
|
|
|
528
|
78 |
|
return ($C['and_mark'] ? "\x06" : '&').'#'.(((ctype_digit($t) && $C['hexdec_entity'] < 2) or !$C['hexdec_entity']) ? $n : 'x'.dechex($n)).';'; |
|
529
|
|
|
} |
|
530
|
|
|
|
|
531
|
|
|
function hl_prot($p, $c = null) { |
|
532
|
|
|
// check URL scheme |
|
533
|
566 |
|
global $C; |
|
534
|
566 |
|
$b = $a = ''; |
|
535
|
566 |
|
if ($c == null) { |
|
536
|
17 |
|
$c = 'style'; |
|
537
|
17 |
|
$b = $p[1]; |
|
538
|
17 |
|
$a = $p[3]; |
|
539
|
17 |
|
$p = trim($p[2]); |
|
540
|
|
|
} |
|
541
|
566 |
|
$c = isset($C['schemes'][$c]) ? $C['schemes'][$c] : $C['schemes']['*']; |
|
542
|
566 |
|
static $d = 'denied:'; |
|
543
|
566 |
|
if (isset($c['!']) && substr($p, 0, 7) != $d) { |
|
544
|
12 |
|
$p = "$d$p"; |
|
545
|
|
|
} |
|
546
|
566 |
|
if (isset($c['*']) or !strcspn($p, '#?;') or (substr($p, 0, 7) == $d)) { |
|
547
|
127 |
|
return "{$b}{$p}{$a}"; |
|
548
|
|
|
} // All ok, frag, query, param |
|
549
|
545 |
|
if (preg_match('`^([^:?[@!$()*,=/\'\]]+?)(:|&#(58|x3a);|%3a|\\\\0{0,4}3a).`i', $p, $m) && !isset($c[strtolower($m[1])])) { // Denied prot |
|
550
|
324 |
|
return "{$b}{$d}{$p}{$a}"; |
|
551
|
|
|
} |
|
552
|
223 |
|
if ($C['abs_url']) { |
|
553
|
|
|
if ($C['abs_url'] == -1 && strpos($p, $C['base_url']) === 0) { // Make url rel |
|
554
|
|
|
$p = substr($p, strlen($C['base_url'])); |
|
555
|
|
|
} elseif (empty($m[1])) { // Make URL abs |
|
556
|
|
|
if (substr($p, 0, 2) == '//') { |
|
557
|
|
|
$p = substr($C['base_url'], 0, strpos($C['base_url'], ':') + 1).$p; |
|
558
|
|
|
} elseif ($p[0] == '/') { |
|
559
|
|
|
$p = preg_replace('`(^.+?://[^/]+)(.*)`', '$1', $C['base_url']).$p; |
|
560
|
|
|
} elseif (strcspn($p, './')) { |
|
561
|
|
|
$p = $C['base_url'].$p; |
|
562
|
|
|
} else { |
|
563
|
|
|
preg_match('`^([a-zA-Z\d\-+.]+://[^/]+)(.*)`', $C['base_url'], $m); |
|
564
|
|
|
$p = preg_replace('`(?<=/)\./`', '', $m[2].$p); |
|
565
|
|
|
while (preg_match('`(?<=/)([^/]{3,}|[^/.]+?|\.[^/.]|[^/.]\.)/\.\./`', $p)) { |
|
566
|
|
|
$p = preg_replace('`(?<=/)([^/]{3,}|[^/.]+?|\.[^/.]|[^/.]\.)/\.\./`', '', $p); |
|
567
|
|
|
} |
|
568
|
|
|
$p = $m[1].$p; |
|
569
|
|
|
} |
|
570
|
|
|
} |
|
571
|
|
|
} |
|
572
|
|
|
|
|
573
|
223 |
|
return "{$b}{$p}{$a}"; |
|
574
|
|
|
} |
|
575
|
|
|
|
|
576
|
|
|
function hl_regex($p) { |
|
577
|
|
|
// check regex |
|
578
|
1154 |
|
if (empty($p)) { |
|
579
|
|
|
return 0; |
|
580
|
|
|
} |
|
581
|
1154 |
|
if ($v = function_exists('error_clear_last') && function_exists('error_get_last')) { |
|
|
|
|
|
|
582
|
1154 |
|
error_clear_last(); |
|
583
|
|
View Code Duplication |
} else { |
|
|
|
|
|
|
584
|
|
|
if ($t = ini_get('track_errors')) { |
|
585
|
|
|
$o = isset($php_errormsg) ? $php_errormsg : null; |
|
586
|
|
|
} else { |
|
587
|
|
|
ini_set('track_errors', 1); |
|
588
|
|
|
} |
|
589
|
|
|
unset($php_errormsg); |
|
590
|
|
|
} |
|
591
|
1154 |
|
if (($d = ini_get('display_errors'))) { |
|
592
|
1154 |
|
ini_set('display_errors', 0); |
|
593
|
|
|
} |
|
594
|
1154 |
|
preg_match($p, ''); |
|
595
|
1154 |
|
if ($v) { |
|
596
|
1154 |
|
$r = error_get_last() == null ? 1 : 0; |
|
597
|
|
View Code Duplication |
} else { |
|
|
|
|
|
|
598
|
|
|
$r = isset($php_errormsg) ? 0 : 1; |
|
599
|
|
|
if ($t) { |
|
|
|
|
|
|
600
|
|
|
$php_errormsg = isset($o) ? $o : null; |
|
|
|
|
|
|
601
|
|
|
} else { |
|
602
|
|
|
ini_set('track_errors', 0); |
|
603
|
|
|
} |
|
604
|
|
|
} |
|
605
|
1154 |
|
if ($d) { |
|
606
|
1154 |
|
ini_set('display_errors', 1); |
|
607
|
|
|
} |
|
608
|
|
|
|
|
609
|
1154 |
|
return $r; |
|
610
|
|
|
} |
|
611
|
|
|
|
|
612
|
|
|
function hl_spec($t) { |
|
613
|
|
|
// final $spec |
|
614
|
559 |
|
$s = array(); |
|
615
|
559 |
|
if (!function_exists('hl_aux1')) { |
|
616
|
|
|
function hl_aux1($m) { |
|
617
|
|
|
return substr(str_replace(array(';', '|', '~', ' ', ',', '/', '(', ')', '`"'), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08", '"'), $m[0]), 1, -1); |
|
618
|
|
|
} |
|
619
|
|
|
} |
|
620
|
559 |
|
$t = str_replace(array("\t", "\r", "\n", ' '), '', preg_replace_callback('/"(?>(`.|[^"])*)"/sm', 'hl_aux1', trim($t))); |
|
621
|
559 |
|
for ($i = count(($t = explode(';', $t))); --$i >= 0;) { |
|
622
|
559 |
|
$w = $t[$i]; |
|
623
|
559 |
|
if (empty($w) or ($e = strpos($w, '=')) === false or !strlen(($a = substr($w, $e + 1)))) { |
|
624
|
559 |
|
continue; |
|
625
|
|
|
} |
|
626
|
|
|
$y = $n = array(); |
|
627
|
|
|
foreach (explode(',', $a) as $v) { |
|
628
|
|
|
if (!preg_match('`^([a-z:\-\*]+)(?:\((.*?)\))?`i', $v, $m)) { |
|
629
|
|
|
continue; |
|
630
|
|
|
} |
|
631
|
|
|
if (($x = strtolower($m[1])) == '-*') { |
|
632
|
|
|
$n['*'] = 1; |
|
633
|
|
|
continue; |
|
634
|
|
|
} |
|
635
|
|
|
if ($x[0] == '-') { |
|
636
|
|
|
$n[substr($x, 1)] = 1; |
|
637
|
|
|
continue; |
|
638
|
|
|
} |
|
639
|
|
|
if (!isset($m[2])) { |
|
640
|
|
|
$y[$x] = 1; |
|
641
|
|
|
continue; |
|
642
|
|
|
} |
|
643
|
|
|
foreach (explode('/', $m[2]) as $m) { |
|
644
|
|
|
if (empty($m) or ($p = strpos($m, '=')) == 0 or $p < 5) { |
|
645
|
|
|
$y[$x] = 1; |
|
646
|
|
|
continue; |
|
647
|
|
|
} |
|
648
|
|
|
$y[$x][strtolower(substr($m, 0, $p))] = str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07", "\x08"), array(';', '|', '~', ' ', ',', '/', '(', ')'), substr($m, $p + 1)); |
|
649
|
|
|
} |
|
650
|
|
View Code Duplication |
if (isset($y[$x]['match']) && !hl_regex($y[$x]['match'])) { |
|
|
|
|
|
|
651
|
|
|
unset($y[$x]['match']); |
|
652
|
|
|
} |
|
653
|
|
View Code Duplication |
if (isset($y[$x]['nomatch']) && !hl_regex($y[$x]['nomatch'])) { |
|
|
|
|
|
|
654
|
|
|
unset($y[$x]['nomatch']); |
|
655
|
|
|
} |
|
656
|
|
|
} |
|
657
|
|
|
if (!count($y) && !count($n)) { |
|
658
|
|
|
continue; |
|
659
|
|
|
} |
|
660
|
|
|
foreach (explode(',', substr($w, 0, $e)) as $v) { |
|
661
|
|
|
if (!strlen(($v = strtolower($v)))) { |
|
662
|
|
|
continue; |
|
663
|
|
|
} |
|
664
|
|
|
if (count($y)) { |
|
665
|
|
|
if (!isset($s[$v])) { |
|
666
|
|
|
$s[$v] = $y; |
|
667
|
|
|
} else { |
|
668
|
|
|
$s[$v] = array_merge($s[$v], $y); |
|
669
|
|
|
} |
|
670
|
|
|
} |
|
671
|
|
|
if (count($n)) { |
|
672
|
|
|
if (!isset($s[$v]['n'])) { |
|
673
|
|
|
$s[$v]['n'] = $n; |
|
674
|
|
|
} else { |
|
675
|
|
|
$s[$v]['n'] = array_merge($s[$v]['n'], $n); |
|
676
|
|
|
} |
|
677
|
|
|
} |
|
678
|
|
|
} |
|
679
|
|
|
} |
|
680
|
|
|
|
|
681
|
559 |
|
return $s; |
|
682
|
|
|
} |
|
683
|
|
|
|
|
684
|
|
|
function hl_tag($t) { |
|
685
|
|
|
// tag/attribute handler |
|
686
|
1637 |
|
global $C; |
|
687
|
1637 |
|
$t = $t[0]; |
|
688
|
|
|
// invalid < > |
|
689
|
1637 |
|
if ($t == '< ') { |
|
690
|
|
|
return '< '; |
|
691
|
|
|
} |
|
692
|
1637 |
|
if ($t == '>') { |
|
693
|
200 |
|
return '>'; |
|
694
|
|
|
} |
|
695
|
1637 |
|
if (!preg_match('`^<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>$`m', $t, $m)) { |
|
696
|
91 |
|
return str_replace(array('<', '>'), array('<', '>'), $t); |
|
697
|
1583 |
|
} elseif (!isset($C['elements'][($e = strtolower($m[2]))])) { |
|
698
|
721 |
|
return ($C['keep_bad'] % 2) ? str_replace(array('<', '>'), array('<', '>'), $t) : ''; |
|
699
|
|
|
} |
|
700
|
|
|
// attr string |
|
701
|
946 |
|
$a = str_replace(array("\n", "\r", "\t"), ' ', trim($m[3])); |
|
702
|
|
|
// tag transform |
|
703
|
946 |
|
static $eD = array('acronym' => 1, 'applet' => 1, 'big' => 1, 'center' => 1, 'dir' => 1, 'font' => 1, 'isindex' => 1, 's' => 1, 'strike' => 1, 'tt' => 1); // Deprecated |
|
704
|
946 |
|
if ($C['make_tag_strict'] && isset($eD[$e])) { |
|
705
|
1 |
|
$trt = hl_tag2($e, $a, $C['make_tag_strict']); |
|
706
|
1 |
|
if (!$e) { |
|
707
|
|
|
return ($C['keep_bad'] % 2) ? str_replace(array('<', '>'), array('<', '>'), $t) : ''; |
|
708
|
|
|
} |
|
709
|
|
|
} |
|
710
|
|
|
// close tag |
|
711
|
946 |
|
static $eE = array('area' => 1, 'br' => 1, 'col' => 1, 'command' => 1, 'embed' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'isindex' => 1, 'keygen' => 1, 'link' => 1, 'meta' => 1, 'param' => 1, 'source' => 1, 'track' => 1, 'wbr' => 1); // Empty ele |
|
712
|
946 |
|
if (!empty($m[1])) { |
|
713
|
311 |
|
return !isset($eE[$e]) ? (empty($C['hook_tag']) ? "</$e>" : $C['hook_tag']($e)) : (($C['keep_bad']) % 2 ? str_replace(array('<', '>'), array('<', '>'), $t) : ''); |
|
714
|
|
|
} |
|
715
|
|
|
|
|
716
|
|
|
// open tag & attr |
|
717
|
946 |
|
static $aN = array('abbr' => array('td' => 1, 'th' => 1), 'accept' => array('form' => 1, 'input' => 1), 'accept-charset' => array('form' => 1), 'action' => array('form' => 1), 'align' => array('applet' => 1, 'caption' => 1, 'col' => 1, 'colgroup' => 1, 'div' => 1, 'embed' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'object' => 1, 'p' => 1, 'table' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'allowfullscreen' => array('iframe' => 1), 'alt' => array('applet' => 1, 'area' => 1, 'img' => 1, 'input' => 1), 'archive' => array('applet' => 1, 'object' => 1), 'async' => array('script' => 1), 'autocomplete' => array('form' => 1, 'input' => 1), 'autofocus' => array('button' => 1, 'input' => 1, 'keygen' => 1, 'select' => 1, 'textarea' => 1), 'autoplay' => array('audio' => 1, 'video' => 1), 'axis' => array('td' => 1, 'th' => 1), 'bgcolor' => array('embed' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1), 'border' => array('img' => 1, 'object' => 1, 'table' => 1), 'bordercolor' => array('table' => 1, 'td' => 1, 'tr' => 1), 'cellpadding' => array('table' => 1), 'cellspacing' => array('table' => 1), 'challenge' => array('keygen' => 1), 'char' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'charoff' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'charset' => array('a' => 1, 'script' => 1), 'checked' => array('command' => 1, 'input' => 1), 'cite' => array('blockquote' => 1, 'del' => 1, 'ins' => 1, 'q' => 1), 'classid' => array('object' => 1), 'clear' => array('br' => 1), 'code' => array('applet' => 1), 'codebase' => array('applet' => 1, 'object' => 1), 'codetype' => array('object' => 1), 'color' => array('font' => 1), 'cols' => array('textarea' => 1), 'colspan' => array('td' => 1, 'th' => 1), 'compact' => array('dir' => 1, 'dl' => 1, 'menu' => 1, 'ol' => 1, 'ul' => 1), 'content' => array('meta' => 1), 'controls' => array('audio' => 1, 'video' => 1), 'coords' => array('a' => 1, 'area' => 1), 'crossorigin' => array('img' => 1), 'data' => array('object' => 1), 'datetime' => array('del' => 1, 'ins' => 1, 'time' => 1), 'declare' => array('object' => 1), 'default' => array('track' => 1), 'defer' => array('script' => 1), 'dirname' => array('input' => 1, 'textarea' => 1), 'disabled' => array('button' => 1, 'command' => 1, 'fieldset' => 1, 'input' => 1, 'keygen' => 1, 'optgroup' => 1, 'option' => 1, 'select' => 1, 'textarea' => 1), 'download' => array('a' => 1), 'enctype' => array('form' => 1), 'face' => array('font' => 1), 'flashvars' => array('embed' => 1), 'for' => array('label' => 1, 'output' => 1), 'form' => array('button' => 1, 'fieldset' => 1, 'input' => 1, 'keygen' => 1, 'label' => 1, 'object' => 1, 'output' => 1, 'select' => 1, 'textarea' => 1), 'formaction' => array('button' => 1, 'input' => 1), 'formenctype' => array('button' => 1, 'input' => 1), 'formmethod' => array('button' => 1, 'input' => 1), 'formnovalidate' => array('button' => 1, 'input' => 1), 'formtarget' => array('button' => 1, 'input' => 1), 'frame' => array('table' => 1), 'frameborder' => array('iframe' => 1), 'headers' => array('td' => 1, 'th' => 1), 'height' => array('applet' => 1, 'canvas' => 1, 'embed' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'td' => 1, 'th' => 1, 'video' => 1), 'high' => array('meter' => 1), 'href' => array('a' => 1, 'area' => 1, 'link' => 1), 'hreflang' => array('a' => 1, 'area' => 1, 'link' => 1), 'hspace' => array('applet' => 1, 'embed' => 1, 'img' => 1, 'object' => 1), 'icon' => array('command' => 1), 'ismap' => array('img' => 1, 'input' => 1), 'keyparams' => array('keygen' => 1), 'keytype' => array('keygen' => 1), 'kind' => array('track' => 1), 'label' => array('command' => 1, 'menu' => 1, 'option' => 1, 'optgroup' => 1, 'track' => 1), 'language' => array('script' => 1), 'list' => array('input' => 1), 'longdesc' => array('img' => 1, 'iframe' => 1), 'loop' => array('audio' => 1, 'video' => 1), 'low' => array('meter' => 1), 'marginheight' => array('iframe' => 1), 'marginwidth' => array('iframe' => 1), 'max' => array('input' => 1, 'meter' => 1, 'progress' => 1), 'maxlength' => array('input' => 1, 'textarea' => 1), 'media' => array('a' => 1, 'area' => 1, 'link' => 1, 'source' => 1, 'style' => 1), 'mediagroup' => array('audio' => 1, 'video' => 1), 'method' => array('form' => 1), 'min' => array('input' => 1, 'meter' => 1), 'model' => array('embed' => 1), 'multiple' => array('input' => 1, 'select' => 1), 'muted' => array('audio' => 1, 'video' => 1), 'name' => array('a' => 1, 'applet' => 1, 'button' => 1, 'embed' => 1, 'fieldset' => 1, 'form' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'keygen' => 1, 'map' => 1, 'object' => 1, 'output' => 1, 'param' => 1, 'select' => 1, 'textarea' => 1), 'nohref' => array('area' => 1), 'noshade' => array('hr' => 1), 'novalidate' => array('form' => 1), 'nowrap' => array('td' => 1, 'th' => 1), 'object' => array('applet' => 1), 'open' => array('details' => 1), 'optimum' => array('meter' => 1), 'pattern' => array('input' => 1), 'ping' => array('a' => 1, 'area' => 1), 'placeholder' => array('input' => 1, 'textarea' => 1), 'pluginspage' => array('embed' => 1), 'pluginurl' => array('embed' => 1), 'poster' => array('video' => 1), 'pqg' => array('keygen' => 1), 'preload' => array('audio' => 1, 'video' => 1), 'prompt' => array('isindex' => 1), 'pubdate' => array('time' => 1), 'radiogroup' => array('command' => 1), 'readonly' => array('input' => 1, 'textarea' => 1), 'rel' => array('a' => 1, 'area' => 1, 'link' => 1), 'required' => array('input' => 1, 'select' => 1, 'textarea' => 1), 'rev' => array('a' => 1), 'reversed' => array('ol' => 1), 'rows' => array('textarea' => 1), 'rowspan' => array('td' => 1, 'th' => 1), 'rules' => array('table' => 1), 'sandbox' => array('iframe' => 1), 'scope' => array('td' => 1, 'th' => 1), 'scoped' => array('style' => 1), 'scrolling' => array('iframe' => 1), 'seamless' => array('iframe' => 1), 'selected' => array('option' => 1), 'shape' => array('a' => 1, 'area' => 1), 'size' => array('font' => 1, 'hr' => 1, 'input' => 1, 'select' => 1), 'sizes' => array('link' => 1), 'span' => array('col' => 1, 'colgroup' => 1), 'src' => array('audio' => 1, 'embed' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'script' => 1, 'source' => 1, 'track' => 1, 'video' => 1), 'srcdoc' => array('iframe' => 1), 'srclang' => array('track' => 1), 'srcset' => array('img' => 1), 'standby' => array('object' => 1), 'start' => array('ol' => 1), 'step' => array('input' => 1), 'summary' => array('table' => 1), 'target' => array('a' => 1, 'area' => 1, 'form' => 1), 'type' => array('a' => 1, 'area' => 1, 'button' => 1, 'command' => 1, 'embed' => 1, 'input' => 1, 'li' => 1, 'link' => 1, 'menu' => 1, 'object' => 1, 'ol' => 1, 'param' => 1, 'script' => 1, 'source' => 1, 'style' => 1, 'ul' => 1), 'typemustmatch' => array('object' => 1), 'usemap' => array('img' => 1, 'input' => 1, 'object' => 1), 'valign' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'value' => array('button' => 1, 'data' => 1, 'input' => 1, 'li' => 1, 'meter' => 1, 'option' => 1, 'param' => 1, 'progress' => 1), 'valuetype' => array('param' => 1), 'vspace' => array('applet' => 1, 'embed' => 1, 'img' => 1, 'object' => 1), 'width' => array('applet' => 1, 'canvas' => 1, 'col' => 1, 'colgroup' => 1, 'embed' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'pre' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'video' => 1), 'wmode' => array('embed' => 1), 'wrap' => array('textarea' => 1)); // Ele-specific |
|
718
|
946 |
|
static $aNA = array('aria-activedescendant' => 1, 'aria-atomic' => 1, 'aria-autocomplete' => 1, 'aria-busy' => 1, 'aria-checked' => 1, 'aria-controls' => 1, 'aria-describedby' => 1, 'aria-disabled' => 1, 'aria-dropeffect' => 1, 'aria-expanded' => 1, 'aria-flowto' => 1, 'aria-grabbed' => 1, 'aria-haspopup' => 1, 'aria-hidden' => 1, 'aria-invalid' => 1, 'aria-label' => 1, 'aria-labelledby' => 1, 'aria-level' => 1, 'aria-live' => 1, 'aria-multiline' => 1, 'aria-multiselectable' => 1, 'aria-orientation' => 1, 'aria-owns' => 1, 'aria-posinset' => 1, 'aria-pressed' => 1, 'aria-readonly' => 1, 'aria-relevant' => 1, 'aria-required' => 1, 'aria-selected' => 1, 'aria-setsize' => 1, 'aria-sort' => 1, 'aria-valuemax' => 1, 'aria-valuemin' => 1, 'aria-valuenow' => 1, 'aria-valuetext' => 1); // ARIA |
|
719
|
946 |
|
static $aNE = array('allowfullscreen' => 1, 'checkbox' => 1, 'checked' => 1, 'command' => 1, 'compact' => 1, 'declare' => 1, 'defer' => 1, 'default' => 1, 'disabled' => 1, 'hidden' => 1, 'inert' => 1, 'ismap' => 1, 'itemscope' => 1, 'multiple' => 1, 'nohref' => 1, 'noresize' => 1, 'noshade' => 1, 'nowrap' => 1, 'open' => 1, 'radio' => 1, 'readonly' => 1, 'required' => 1, 'reversed' => 1, 'selected' => 1); // Empty |
|
720
|
946 |
|
static $aNO = array('onabort' => 1, 'onblur' => 1, 'oncanplay' => 1, 'oncanplaythrough' => 1, 'onchange' => 1, 'onclick' => 1, 'oncontextmenu' => 1, 'oncopy' => 1, 'oncuechange' => 1, 'oncut' => 1, 'ondblclick' => 1, 'ondrag' => 1, 'ondragend' => 1, 'ondragenter' => 1, 'ondragleave' => 1, 'ondragover' => 1, 'ondragstart' => 1, 'ondrop' => 1, 'ondurationchange' => 1, 'onemptied' => 1, 'onended' => 1, 'onerror' => 1, 'onfocus' => 1, 'onformchange' => 1, 'onforminput' => 1, 'oninput' => 1, 'oninvalid' => 1, 'onkeydown' => 1, 'onkeypress' => 1, 'onkeyup' => 1, 'onload' => 1, 'onloadeddata' => 1, 'onloadedmetadata' => 1, 'onloadstart' => 1, 'onlostpointercapture' => 1, 'onmousedown' => 1, 'onmousemove' => 1, 'onmouseout' => 1, 'onmouseover' => 1, 'onmouseup' => 1, 'onmousewheel' => 1, 'onpaste' => 1, 'onpause' => 1, 'onplay' => 1, 'onplaying' => 1, 'onpointercancel' => 1, 'ongotpointercapture' => 1, 'onpointerdown' => 1, 'onpointerenter' => 1, 'onpointerleave' => 1, 'onpointermove' => 1, 'onpointerout' => 1, 'onpointerover' => 1, 'onpointerup' => 1, 'onprogress' => 1, 'onratechange' => 1, 'onreadystatechange' => 1, 'onreset' => 1, 'onsearch' => 1, 'onscroll' => 1, 'onseeked' => 1, 'onseeking' => 1, 'onselect' => 1, 'onshow' => 1, 'onstalled' => 1, 'onsubmit' => 1, 'onsuspend' => 1, 'ontimeupdate' => 1, 'ontoggle' => 1, 'ontouchcancel' => 1, 'ontouchend' => 1, 'ontouchmove' => 1, 'ontouchstart' => 1, 'onvolumechange' => 1, 'onwaiting' => 1, 'onwheel' => 1); // Event |
|
721
|
946 |
|
static $aNP = array('action' => 1, 'cite' => 1, 'classid' => 1, 'codebase' => 1, 'data' => 1, 'href' => 1, 'itemtype' => 1, 'longdesc' => 1, 'model' => 1, 'pluginspage' => 1, 'pluginurl' => 1, 'src' => 1, 'srcset' => 1, 'usemap' => 1); // Need scheme check; excludes style, on* |
|
722
|
946 |
|
static $aNU = array('accesskey' => 1, 'class' => 1, 'contenteditable' => 1, 'contextmenu' => 1, 'dir' => 1, 'draggable' => 1, 'dropzone' => 1, 'hidden' => 1, 'id' => 1, 'inert' => 1, 'itemid' => 1, 'itemprop' => 1, 'itemref' => 1, 'itemscope' => 1, 'itemtype' => 1, 'lang' => 1, 'role' => 1, 'spellcheck' => 1, 'style' => 1, 'tabindex' => 1, 'title' => 1, 'translate' => 1, 'xmlns' => 1, 'xml:base' => 1, 'xml:lang' => 1, 'xml:space' => 1); // Univ; excludes on*, aria* |
|
723
|
|
|
|
|
724
|
946 |
|
if ($C['lc_std_val']) { |
|
725
|
|
|
// predef attr vals for $eAL & $aNE ele |
|
726
|
946 |
|
static $aNL = array('all' => 1, 'auto' => 1, 'baseline' => 1, 'bottom' => 1, 'button' => 1, 'captions' => 1, 'center' => 1, 'chapters' => 1, 'char' => 1, 'checkbox' => 1, 'circle' => 1, 'col' => 1, 'colgroup' => 1, 'color' => 1, 'cols' => 1, 'data' => 1, 'date' => 1, 'datetime' => 1, 'datetime-local' => 1, 'default' => 1, 'descriptions' => 1, 'email' => 1, 'file' => 1, 'get' => 1, 'groups' => 1, 'hidden' => 1, 'image' => 1, 'justify' => 1, 'left' => 1, 'ltr' => 1, 'metadata' => 1, 'middle' => 1, 'month' => 1, 'none' => 1, 'number' => 1, 'object' => 1, 'password' => 1, 'poly' => 1, 'post' => 1, 'preserve' => 1, 'radio' => 1, 'range' => 1, 'rect' => 1, 'ref' => 1, 'reset' => 1, 'right' => 1, 'row' => 1, 'rowgroup' => 1, 'rows' => 1, 'rtl' => 1, 'search' => 1, 'submit' => 1, 'subtitles' => 1, 'tel' => 1, 'text' => 1, 'time' => 1, 'top' => 1, 'url' => 1, 'week' => 1); |
|
727
|
946 |
|
static $eAL = array('a' => 1, 'area' => 1, 'bdo' => 1, 'button' => 1, 'col' => 1, 'fieldset' => 1, 'form' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'ol' => 1, 'optgroup' => 1, 'option' => 1, 'param' => 1, 'script' => 1, 'select' => 1, 'table' => 1, 'td' => 1, 'textarea' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1, 'track' => 1, 'xml:space' => 1); |
|
728
|
946 |
|
$lcase = isset($eAL[$e]) ? 1 : 0; |
|
729
|
|
|
} |
|
730
|
|
|
|
|
731
|
946 |
|
$depTr = 0; |
|
732
|
946 |
|
if ($C['no_deprecated_attr']) { |
|
733
|
|
|
// depr attr:applicable ele |
|
734
|
946 |
|
static $aND = array('align' => array('caption' => 1, 'div' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'object' => 1, 'p' => 1, 'table' => 1), 'bgcolor' => array('table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1), 'border' => array('object' => 1), 'bordercolor' => array('table' => 1, 'td' => 1, 'tr' => 1), 'cellspacing' => array('table' => 1), 'clear' => array('br' => 1), 'compact' => array('dl' => 1, 'ol' => 1, 'ul' => 1), 'height' => array('td' => 1, 'th' => 1), 'hspace' => array('img' => 1, 'object' => 1), 'language' => array('script' => 1), 'name' => array('a' => 1, 'form' => 1, 'iframe' => 1, 'img' => 1, 'map' => 1), 'noshade' => array('hr' => 1), 'nowrap' => array('td' => 1, 'th' => 1), 'size' => array('hr' => 1), 'vspace' => array('img' => 1, 'object' => 1), 'width' => array('hr' => 1, 'pre' => 1, 'table' => 1, 'td' => 1, 'th' => 1)); |
|
735
|
946 |
|
static $eAD = array('a' => 1, 'br' => 1, 'caption' => 1, 'div' => 1, 'dl' => 1, 'form' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'map' => 1, 'object' => 1, 'ol' => 1, 'p' => 1, 'pre' => 1, 'script' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1, 'ul' => 1); |
|
736
|
946 |
|
$depTr = isset($eAD[$e]) ? 1 : 0; |
|
737
|
|
|
} |
|
738
|
|
|
|
|
739
|
|
|
// attr name-vals |
|
740
|
946 |
|
if (strpos($a, "\x01") !== false) { |
|
741
|
|
|
$a = preg_replace('`\x01[^\x01]*\x01`', '', $a); |
|
742
|
|
|
} // No comment/CDATA sec |
|
743
|
946 |
|
$mode = 0; |
|
744
|
946 |
|
$a = trim($a, ' /'); |
|
745
|
946 |
|
$aA = array(); |
|
746
|
946 |
|
while (strlen($a)) { |
|
747
|
909 |
|
$w = 0; |
|
748
|
|
|
switch ($mode) { |
|
749
|
909 |
|
case 0: // Name |
|
750
|
909 |
|
if (preg_match('`^[a-zA-Z][^\s=/]+`', $a, $m)) { |
|
751
|
891 |
|
$nm = strtolower($m[0]); |
|
752
|
891 |
|
$w = $mode = 1; |
|
753
|
891 |
|
$a = ltrim(substr_replace($a, '', 0, strlen($m[0]))); |
|
754
|
|
|
} |
|
755
|
909 |
|
break; |
|
756
|
891 |
|
case 1: |
|
757
|
891 |
|
if ($a[0] == '=') { // = |
|
758
|
891 |
|
$w = 1; |
|
759
|
891 |
|
$mode = 2; |
|
760
|
891 |
|
$a = ltrim($a, '= '); |
|
761
|
|
|
} else { // No val |
|
762
|
|
|
$w = 1; |
|
763
|
|
|
$mode = 0; |
|
764
|
|
|
$a = ltrim($a); |
|
765
|
|
|
$aA[$nm] = ''; |
|
|
|
|
|
|
766
|
|
|
} |
|
767
|
891 |
|
break; |
|
768
|
891 |
|
case 2: // Val |
|
769
|
891 |
|
if (preg_match('`^((?:"[^"]*")|(?:\'[^\']*\')|(?:\s*[^\s"\']+))(.*)`', $a, $m)) { |
|
770
|
891 |
|
$a = ltrim($m[2]); |
|
771
|
891 |
|
$m = $m[1]; |
|
772
|
891 |
|
$w = 1; |
|
773
|
891 |
|
$mode = 0; |
|
774
|
891 |
|
$aA[$nm] = trim(str_replace('<', '<', ($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m)); |
|
775
|
|
|
} |
|
776
|
891 |
|
break; |
|
777
|
|
|
} |
|
778
|
909 |
|
if ($w == 0) { // Parse errs, deal with space, " & ' |
|
779
|
173 |
|
$a = preg_replace('`^(?:"[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*`', '', $a); |
|
780
|
173 |
|
$mode = 0; |
|
781
|
|
|
} |
|
782
|
|
|
} |
|
783
|
946 |
|
if ($mode == 1) { |
|
784
|
1 |
|
$aA[$nm] = ''; |
|
785
|
|
|
} |
|
786
|
|
|
|
|
787
|
|
|
// clean attrs |
|
788
|
946 |
|
global $S; |
|
789
|
946 |
|
$rl = isset($S[$e]) ? $S[$e] : array(); |
|
790
|
946 |
|
$a = array(); |
|
791
|
946 |
|
$nfr = 0; |
|
792
|
946 |
|
$d = $C['deny_attribute']; |
|
793
|
946 |
|
foreach ($aA as $k => $v) { |
|
794
|
891 |
|
if (((isset($d['*']) ? isset($d[$k]) : !isset($d[$k])) && (isset($aN[$k][$e]) or isset($aNU[$k]) or (isset($aNO[$k]) && !isset($d['on*'])) or (isset($aNA[$k]) && !isset($d['aria*'])) or (!isset($d['data*']) && preg_match('`data-((?!xml)[^:]+$)`', $k))) && !isset($rl['n'][$k]) && !isset($rl['n']['*'])) or isset($rl[$k])) { |
|
795
|
699 |
|
if (isset($aNE[$k])) { |
|
796
|
3 |
|
$v = $k; |
|
797
|
699 |
|
} elseif (!empty($lcase) && (($e != 'button' or $e != 'input') or $k == 'type')) { // Rather loose but ?not cause issues |
|
798
|
574 |
|
$v = (isset($aNL[($v2 = strtolower($v))])) ? $v2 : $v; |
|
799
|
|
|
} |
|
800
|
699 |
|
if ($k == 'style' && !$C['style_pass']) { |
|
801
|
40 |
|
if (false !== strpos($v, '&#')) { |
|
802
|
3 |
|
static $sC = array(' ' => ' ', ' ' => ' ', 'E' => 'e', 'E' => 'e', 'e' => 'e', 'e' => 'e', 'X' => 'x', 'X' => 'x', 'x' => 'x', 'x' => 'x', 'P' => 'p', 'P' => 'p', 'p' => 'p', 'p' => 'p', 'S' => 's', 'S' => 's', 's' => 's', 's' => 's', 'I' => 'i', 'I' => 'i', 'i' => 'i', 'i' => 'i', 'O' => 'o', 'O' => 'o', 'o' => 'o', 'o' => 'o', 'N' => 'n', 'N' => 'n', 'n' => 'n', 'n' => 'n', 'U' => 'u', 'U' => 'u', 'u' => 'u', 'u' => 'u', 'R' => 'r', 'R' => 'r', 'r' => 'r', 'r' => 'r', 'L' => 'l', 'L' => 'l', 'l' => 'l', 'l' => 'l', '(' => '(', '(' => '(', ')' => ')', ')' => ')', ' ' => ':', ' ' => ':', '"' => '"', '"' => '"', ''' => "'", ''' => "'", '/' => '/', '/' => '/', '*' => '*', '*' => '*', '\' => '\\', '\' => '\\'); |
|
803
|
3 |
|
$v = strtr($v, $sC); |
|
804
|
|
|
} |
|
805
|
40 |
|
$v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+?)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v); |
|
806
|
40 |
|
$v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v; |
|
807
|
664 |
|
} elseif (isset($aNP[$k]) or isset($aNO[$k])) { |
|
808
|
550 |
|
$v = str_replace('', ' ', (strpos($v, '&') !== false ? str_replace(array('­', '­', '­'), ' ', $v) : $v)); // double-quoted char: soft-hyphen; appears here as "" or hyphen or something else depending on viewing software |
|
809
|
550 |
|
if ($k == 'srcset') { |
|
810
|
|
|
$v2 = ''; |
|
811
|
|
|
foreach (explode(',', $v) as $k1 => $v1) { |
|
812
|
|
|
$v1 = explode(' ', ltrim($v1), 2); |
|
813
|
|
|
$k1 = isset($v1[1]) ? trim($v1[1]) : ''; |
|
814
|
|
|
$v1 = trim($v1[0]); |
|
815
|
|
|
if (isset($v1[0])) { |
|
816
|
|
|
$v2 .= hl_prot($v1, $k).(empty($k1) ? '' : ' '.$k1).', '; |
|
817
|
|
|
} |
|
818
|
|
|
} |
|
819
|
|
|
$v = trim($v2, ', '); |
|
820
|
|
|
} |
|
821
|
550 |
|
if ($k == 'itemtype') { |
|
822
|
|
|
$v2 = ''; |
|
823
|
|
|
foreach (explode(' ', $v) as $v1) { |
|
824
|
|
|
if (isset($v1[0])) { |
|
825
|
|
|
$v2 .= hl_prot($v1, $k).' '; |
|
826
|
|
|
} |
|
827
|
|
|
} |
|
828
|
|
|
$v = trim($v2, ' '); |
|
829
|
|
|
} else { |
|
830
|
550 |
|
$v = hl_prot($v, $k); |
|
831
|
|
|
} |
|
832
|
550 |
|
if ($k == 'href') { // X-spam |
|
833
|
161 |
|
if ($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0) { |
|
834
|
|
|
$v = str_replace('@', htmlspecialchars($C['anti_mail_spam']), $v); |
|
835
|
161 |
|
} elseif ($C['anti_link_spam']) { |
|
836
|
101 |
|
$r1 = $C['anti_link_spam'][1]; |
|
837
|
101 |
|
if (!empty($r1) && preg_match($r1, $v)) { |
|
838
|
|
|
continue; |
|
839
|
|
|
} |
|
840
|
101 |
|
$r0 = $C['anti_link_spam'][0]; |
|
841
|
101 |
|
if (!empty($r0) && preg_match($r0, $v)) { |
|
842
|
101 |
|
if (isset($a['rel'])) { |
|
843
|
42 |
|
if (!preg_match('`\bnofollow\b`i', $a['rel'])) { |
|
844
|
42 |
|
$a['rel'] .= ' nofollow'; |
|
845
|
|
|
} |
|
846
|
89 |
|
} elseif (isset($aA['rel'])) { |
|
847
|
1 |
|
if (!preg_match('`\bnofollow\b`i', $aA['rel'])) { |
|
848
|
1 |
|
$nfr = 1; |
|
849
|
|
|
} |
|
850
|
|
|
} else { |
|
851
|
88 |
|
$a['rel'] = 'nofollow'; |
|
852
|
|
|
} |
|
853
|
|
|
} |
|
854
|
|
|
} |
|
855
|
|
|
} |
|
856
|
|
|
} |
|
857
|
699 |
|
if (isset($rl[$k]) && is_array($rl[$k]) && ($v = hl_attrval($k, $v, $rl[$k])) === 0) { |
|
858
|
|
|
continue; |
|
859
|
|
|
} |
|
860
|
699 |
|
$a[$k] = str_replace('"', '"', $v); |
|
861
|
|
|
} |
|
862
|
|
|
} |
|
863
|
946 |
|
if ($nfr) { |
|
864
|
|
|
$a['rel'] = isset($a['rel']) ? $a['rel'].' nofollow' : 'nofollow'; |
|
865
|
|
|
} |
|
866
|
|
|
|
|
867
|
|
|
// rqd attr |
|
868
|
946 |
|
static $eAR = array('area' => array('alt' => 'area'), 'bdo' => array('dir' => 'ltr'), 'command' => array('label' => ''), 'form' => array('action' => ''), 'img' => array('src' => '', 'alt' => 'image'), 'map' => array('name' => ''), 'optgroup' => array('label' => ''), 'param' => array('name' => ''), 'style' => array('scoped' => ''), 'textarea' => array('rows' => '10', 'cols' => '50')); |
|
869
|
946 |
|
if (isset($eAR[$e])) { |
|
870
|
497 |
|
foreach ($eAR[$e] as $k => $v) { |
|
871
|
497 |
|
if (!isset($a[$k])) { |
|
872
|
488 |
|
$a[$k] = isset($v[0]) ? $v : $k; |
|
873
|
|
|
} |
|
874
|
|
|
} |
|
875
|
|
|
} |
|
876
|
|
|
|
|
877
|
|
|
// depr attr |
|
878
|
946 |
|
if ($depTr) { |
|
879
|
790 |
|
$c = array(); |
|
880
|
790 |
|
foreach ($a as $k => $v) { |
|
881
|
650 |
|
if ($k == 'style' or !isset($aND[$k][$e])) { |
|
882
|
649 |
|
continue; |
|
883
|
|
|
} |
|
884
|
4 |
|
$v = str_replace(array('\\', ':', ';', '&#'), '', $v); |
|
885
|
4 |
|
if ($k == 'align') { |
|
886
|
1 |
|
unset($a['align']); |
|
887
|
1 |
|
if ($e == 'img' && ($v == 'left' or $v == 'right')) { |
|
888
|
|
|
$c[] = 'float: '.$v; |
|
889
|
1 |
|
} elseif (($e == 'div' or $e == 'table') && $v == 'center') { |
|
890
|
|
|
$c[] = 'margin: auto'; |
|
891
|
|
|
} else { |
|
892
|
1 |
|
$c[] = 'text-align: '.$v; |
|
893
|
|
|
} |
|
894
|
3 |
|
} elseif ($k == 'bgcolor') { |
|
895
|
|
|
unset($a['bgcolor']); |
|
896
|
|
|
$c[] = 'background-color: '.$v; |
|
897
|
3 |
|
} elseif ($k == 'border') { |
|
898
|
|
|
unset($a['border']); |
|
899
|
|
|
$c[] = "border: {$v}px"; |
|
900
|
3 |
|
} elseif ($k == 'bordercolor') { |
|
901
|
|
|
unset($a['bordercolor']); |
|
902
|
|
|
$c[] = 'border-color: '.$v; |
|
903
|
3 |
|
} elseif ($k == 'cellspacing') { |
|
904
|
|
|
unset($a['cellspacing']); |
|
905
|
|
|
$c[] = "border-spacing: {$v}px"; |
|
906
|
3 |
View Code Duplication |
} elseif ($k == 'clear') { |
|
|
|
|
|
|
907
|
|
|
unset($a['clear']); |
|
908
|
|
|
$c[] = 'clear: '.($v != 'all' ? $v : 'both'); |
|
909
|
3 |
|
} elseif ($k == 'compact') { |
|
910
|
|
|
unset($a['compact']); |
|
911
|
|
|
$c[] = 'font-size: 85%'; |
|
912
|
3 |
|
} elseif ($k == 'height' or $k == 'width') { |
|
913
|
|
|
unset($a[$k]); |
|
914
|
|
|
$c[] = $k.': '.($v[0] != '*' ? $v.(ctype_digit($v) ? 'px' : '') : 'auto'); |
|
915
|
3 |
|
} elseif ($k == 'hspace') { |
|
916
|
|
|
unset($a['hspace']); |
|
917
|
|
|
$c[] = "margin-left: {$v}px; margin-right: {$v}px"; |
|
918
|
3 |
|
} elseif ($k == 'language' && !isset($a['type'])) { |
|
919
|
|
|
unset($a['language']); |
|
920
|
|
|
$a['type'] = 'text/'.strtolower($v); |
|
921
|
3 |
|
} elseif ($k == 'name') { |
|
922
|
3 |
|
if ($C['no_deprecated_attr'] == 2 or ($e != 'a' && $e != 'map')) { |
|
923
|
|
|
unset($a['name']); |
|
924
|
|
|
} |
|
925
|
3 |
|
if (!isset($a['id']) && !preg_match('`\W`', $v)) { |
|
926
|
3 |
|
$a['id'] = $v; |
|
927
|
|
|
} |
|
928
|
|
|
} elseif ($k == 'noshade') { |
|
929
|
|
|
unset($a['noshade']); |
|
930
|
|
|
$c[] = 'border-style: none; border: 0; background-color: gray; color: gray'; |
|
931
|
|
|
} elseif ($k == 'nowrap') { |
|
932
|
|
|
unset($a['nowrap']); |
|
933
|
|
|
$c[] = 'white-space: nowrap'; |
|
934
|
|
View Code Duplication |
} elseif ($k == 'size') { |
|
|
|
|
|
|
935
|
|
|
unset($a['size']); |
|
936
|
|
|
$c[] = 'size: '.$v.'px'; |
|
937
|
|
|
} elseif ($k == 'vspace') { |
|
938
|
|
|
unset($a['vspace']); |
|
939
|
|
|
$c[] = "margin-top: {$v}px; margin-bottom: {$v}px"; |
|
940
|
|
|
} |
|
941
|
|
|
} |
|
942
|
790 |
|
if (count($c)) { |
|
943
|
1 |
|
$c = implode('; ', $c); |
|
944
|
1 |
|
$a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;').'; '.$c.';' : $c.';'; |
|
945
|
|
|
} |
|
946
|
|
|
} |
|
947
|
|
|
// unique ID |
|
948
|
946 |
|
if ($C['unique_ids'] && isset($a['id'])) { |
|
949
|
|
|
if (preg_match('`\s`', ($id = $a['id'])) or (isset($GLOBALS['hl_Ids'][$id]) && $C['unique_ids'] == 1)) { |
|
950
|
|
|
unset($a['id']); |
|
951
|
|
|
} else { |
|
952
|
|
|
while (isset($GLOBALS['hl_Ids'][$id])) { |
|
953
|
|
|
$id = $C['unique_ids'].$id; |
|
954
|
|
|
} |
|
955
|
|
|
$GLOBALS['hl_Ids'][($a['id'] = $id)] = 1; |
|
956
|
|
|
} |
|
957
|
|
|
} |
|
958
|
|
|
// xml:lang |
|
959
|
946 |
|
if ($C['xml:lang'] && isset($a['lang'])) { |
|
960
|
|
|
$a['xml:lang'] = isset($a['xml:lang']) ? $a['xml:lang'] : $a['lang']; |
|
961
|
|
|
if ($C['xml:lang'] == 2) { |
|
962
|
|
|
unset($a['lang']); |
|
963
|
|
|
} |
|
964
|
|
|
} |
|
965
|
|
|
// for transformed tag |
|
966
|
946 |
|
if (!empty($trt)) { |
|
967
|
1 |
|
$a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;').'; '.$trt : $trt; |
|
968
|
|
|
} |
|
969
|
|
|
// return with empty ele / |
|
970
|
946 |
|
if (empty($C['hook_tag'])) { |
|
971
|
946 |
|
$aA = ''; |
|
972
|
946 |
|
foreach ($a as $k => $v) { |
|
973
|
772 |
|
$aA .= " {$k}=\"{$v}\""; |
|
974
|
|
|
} |
|
975
|
|
|
|
|
976
|
946 |
|
return "<{$e}{$aA}".(isset($eE[$e]) ? ' /' : '').'>'; |
|
977
|
|
|
} else { |
|
978
|
|
|
return $C['hook_tag']($e, $a); |
|
979
|
|
|
} |
|
980
|
|
|
} |
|
981
|
|
|
|
|
982
|
|
|
function hl_tag2(&$e, &$a, $t = 1) { |
|
983
|
|
|
// transform tag |
|
984
|
1 |
|
if ($e == 'big') { |
|
985
|
|
|
$e = 'span'; |
|
986
|
|
|
|
|
987
|
|
|
return 'font-size: larger;'; |
|
988
|
|
|
} |
|
989
|
1 |
|
if ($e == 's' or $e == 'strike') { |
|
990
|
|
|
$e = 'span'; |
|
991
|
|
|
|
|
992
|
|
|
return 'text-decoration: line-through;'; |
|
993
|
|
|
} |
|
994
|
1 |
|
if ($e == 'tt') { |
|
995
|
|
|
$e = 'code'; |
|
996
|
|
|
|
|
997
|
|
|
return ''; |
|
998
|
|
|
} |
|
999
|
1 |
|
if ($e == 'center') { |
|
1000
|
|
|
$e = 'div'; |
|
1001
|
|
|
|
|
1002
|
|
|
return 'text-align: center;'; |
|
1003
|
|
|
} |
|
1004
|
1 |
|
static $fs = array('0' => 'xx-small', '1' => 'xx-small', '2' => 'small', '3' => 'medium', '4' => 'large', '5' => 'x-large', '6' => 'xx-large', '7' => '300%', '-1' => 'smaller', '-2' => '60%', '+1' => 'larger', '+2' => '150%', '+3' => '200%', '+4' => '300%'); |
|
1005
|
1 |
|
if ($e == 'font') { |
|
1006
|
1 |
|
$a2 = ''; |
|
1007
|
1 |
|
while (preg_match('`(^|\s)(color|size)\s*=\s*(\'|")?(.+?)(\\3|\s|$)`i', $a, $m)) { |
|
1008
|
1 |
|
$a = str_replace($m[0], ' ', $a); |
|
1009
|
1 |
|
$a2 .= strtolower($m[2]) == 'color' ? (' color: '.str_replace(array('"', ';', ':'), '\'', trim($m[4])).';') : (isset($fs[($m = trim($m[4]))]) ? (' font-size: '.$fs[$m].';') : ''); |
|
1010
|
|
|
} |
|
1011
|
1 |
|
while (preg_match('`(^|\s)face\s*=\s*(\'|")?([^=]+?)\\2`i', $a, $m) or preg_match('`(^|\s)face\s*=(\s*)(\S+)`i', $a, $m)) { |
|
1012
|
|
|
$a = str_replace($m[0], ' ', $a); |
|
1013
|
|
|
$a2 .= ' font-family: '.str_replace(array('"', ';', ':'), '\'', trim($m[3])).';'; |
|
1014
|
|
|
} |
|
1015
|
1 |
|
$e = 'span'; |
|
1016
|
|
|
|
|
1017
|
1 |
|
return ltrim(str_replace('<', '', $a2)); |
|
1018
|
|
|
} |
|
1019
|
|
|
if ($e == 'acronym') { |
|
1020
|
|
|
$e = 'abbr'; |
|
1021
|
|
|
|
|
1022
|
|
|
return ''; |
|
1023
|
|
|
} |
|
1024
|
|
|
if ($e == 'dir') { |
|
1025
|
|
|
$e = 'ul'; |
|
1026
|
|
|
|
|
1027
|
|
|
return ''; |
|
1028
|
|
|
} |
|
1029
|
|
|
if ($t == 2) { |
|
1030
|
|
|
$e = 0; |
|
1031
|
|
|
|
|
1032
|
|
|
return 0; |
|
1033
|
|
|
} |
|
1034
|
|
|
|
|
1035
|
|
|
return ''; |
|
1036
|
|
|
} |
|
1037
|
|
|
|
|
1038
|
|
|
function hl_tidy($t, $w, $p) { |
|
1039
|
|
|
// tidy/compact HTM |
|
1040
|
|
|
if (strpos(' pre,script,textarea', "$p,")) { |
|
1041
|
|
|
return $t; |
|
1042
|
|
|
} |
|
1043
|
|
|
if (!function_exists('hl_aux2')) { |
|
1044
|
|
|
function hl_aux2($m) { |
|
1045
|
|
|
return $m[1].str_replace(array('<', '>', "\n", "\r", "\t", ' '), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]).$m[4]; |
|
1046
|
|
|
} |
|
1047
|
|
|
} |
|
1048
|
|
|
$t = preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea)[^>]*?>)(.+?)(</\2>)`sm'), 'hl_aux2', $t)); |
|
1049
|
|
|
if (($w = strtolower($w)) == -1) { |
|
1050
|
|
|
return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t); |
|
1051
|
|
|
} |
|
1052
|
|
|
$s = strpos(" $w", 't') ? "\t" : ' '; |
|
1053
|
|
|
$s = preg_match('`\d`', $w, $m) ? str_repeat($s, $m[0]) : str_repeat($s, ($s == "\t" ? 1 : 2)); |
|
1054
|
|
|
$N = preg_match('`[ts]([1-9])`', $w, $m) ? $m[1] : 0; |
|
1055
|
|
|
$a = array('br' => 1); |
|
1056
|
|
|
$b = array('button' => 1, 'command' => 1, 'input' => 1, 'option' => 1, 'param' => 1, 'track' => 1); |
|
1057
|
|
|
$c = array('audio' => 1, 'canvas' => 1, 'caption' => 1, 'dd' => 1, 'dt' => 1, 'figcaption' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'isindex' => 1, 'label' => 1, 'legend' => 1, 'li' => 1, 'object' => 1, 'p' => 1, 'pre' => 1, 'style' => 1, 'summary' => 1, 'td' => 1, 'textarea' => 1, 'th' => 1, 'video' => 1); |
|
1058
|
|
|
$d = array('address' => 1, 'article' => 1, 'aside' => 1, 'blockquote' => 1, 'center' => 1, 'colgroup' => 1, 'datalist' => 1, 'details' => 1, 'dir' => 1, 'div' => 1, 'dl' => 1, 'fieldset' => 1, 'figure' => 1, 'footer' => 1, 'form' => 1, 'header' => 1, 'hgroup' => 1, 'hr' => 1, 'iframe' => 1, 'main' => 1, 'map' => 1, 'menu' => 1, 'nav' => 1, 'noscript' => 1, 'ol' => 1, 'optgroup' => 1, 'rbc' => 1, 'rtc' => 1, 'ruby' => 1, 'script' => 1, 'section' => 1, 'select' => 1, 'table' => 1, 'tbody' => 1, 'tfoot' => 1, 'thead' => 1, 'tr' => 1, 'ul' => 1); |
|
1059
|
|
|
$T = explode('<', $t); |
|
1060
|
|
|
$X = 1; |
|
1061
|
|
|
while ($X) { |
|
1062
|
|
|
$n = $N; |
|
1063
|
|
|
$t = $T; |
|
1064
|
|
|
ob_start(); |
|
1065
|
|
|
if (isset($d[$p])) { |
|
1066
|
|
|
echo str_repeat($s, ++$n); |
|
1067
|
|
|
} |
|
1068
|
|
|
echo ltrim(array_shift($t)); |
|
1069
|
|
|
for ($i = -1, $j = count($t); ++$i < $j;) { |
|
1070
|
|
|
$r = ''; |
|
1071
|
|
|
list($e, $r) = explode('>', $t[$i]); |
|
1072
|
|
|
$x = $e[0] == '/' ? 0 : (substr($e, -1) == '/' ? 1 : ($e[0] != '!' ? 2 : -1)); |
|
1073
|
|
|
$y = !$x ? ltrim($e, '/') : ($x > 0 ? substr($e, 0, strcspn($e, ' ')) : 0); |
|
1074
|
|
|
$e = "<$e>"; |
|
1075
|
|
|
if (isset($d[$y])) { |
|
1076
|
|
|
if (!$x) { |
|
1077
|
|
|
if ($n) { |
|
1078
|
|
|
echo "\n", str_repeat($s, --$n), "$e\n", str_repeat($s, $n); |
|
1079
|
|
|
} else { |
|
1080
|
|
|
++$N; |
|
1081
|
|
|
ob_end_clean(); |
|
1082
|
|
|
continue 2; |
|
1083
|
|
|
} |
|
1084
|
|
|
} else { |
|
1085
|
|
|
echo "\n", str_repeat($s, $n), "$e\n", str_repeat($s, ($x != 1 ? ++$n : $n)); |
|
1086
|
|
|
} |
|
1087
|
|
|
echo $r; |
|
1088
|
|
|
continue; |
|
1089
|
|
|
} |
|
1090
|
|
|
$f = "\n".str_repeat($s, $n); |
|
1091
|
|
|
if (isset($c[$y])) { |
|
1092
|
|
|
if (!$x) { |
|
1093
|
|
|
echo $e, $f, $r; |
|
1094
|
|
|
} else { |
|
1095
|
|
|
echo $f, $e, $r; |
|
1096
|
|
|
} |
|
1097
|
|
|
} elseif (isset($b[$y])) { |
|
1098
|
|
|
echo $f, $e, $r; |
|
1099
|
|
|
} elseif (isset($a[$y])) { |
|
1100
|
|
|
echo $e, $f, $r; |
|
1101
|
|
|
} elseif (!$y) { |
|
1102
|
|
|
echo $f, $e, $f, $r; |
|
1103
|
|
|
} else { |
|
1104
|
|
|
echo $e, $r; |
|
1105
|
|
|
} |
|
1106
|
|
|
} |
|
1107
|
|
|
$X = 0; |
|
1108
|
|
|
} |
|
1109
|
|
|
$t = str_replace(array("\n ", " \n"), "\n", preg_replace('`[\n]\s*?[\n]+`', "\n", ob_get_contents())); |
|
1110
|
|
|
ob_end_clean(); |
|
1111
|
|
|
if (($l = strpos(" $w", 'r') ? (strpos(" $w", 'n') ? "\r\n" : "\r") : 0)) { |
|
1112
|
|
|
$t = str_replace("\n", $l, $t); |
|
1113
|
|
|
} |
|
1114
|
|
|
|
|
1115
|
|
|
return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t); |
|
1116
|
|
|
} |
|
1117
|
|
|
|
|
1118
|
|
|
function hl_version() { |
|
1119
|
|
|
// version |
|
1120
|
|
|
return '1.2.5'; |
|
1121
|
|
|
} |
|
1122
|
|
|
|
vanilla /
htmlawed
Loading history...
There are different options of fixing this problem.
If you want to be on the safe side, you can add an additional type-check:
If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:
Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.