4 * Validates contents based on NMTOKENS attribute type.
5 * @note The only current use for this is the class attribute in HTML
6 * @note Could have some functionality factored out into Nmtoken class
7 * @warning We cannot assume this class will be used only for 'class'
8 * attributes. Not sure how to hook in magic behavior, then.
10 class HTMLPurifier_AttrDef_HTML_Nmtokens
extends HTMLPurifier_AttrDef
13 public function validate($string, $config, $context) {
15 $string = trim($string);
17 // early abort: '' and '0' (strings that convert to false) are invalid
18 if (!$string) return false;
21 // do the preg_match, capture all subpatterns for reformulation
23 // we don't support U+00A1 and up codepoints or
24 // escaping because I don't know how to do that with regexps
25 // and plus it would complicate optimization efforts (you never
28 $pattern = '/(?:(?<=\s)|\A)'. // look behind for space or string start
29 '((?:--|-?[A-Za-z_])[A-Za-z_\-0-9]*)'.
30 '(?:(?=\s)|\z)/'; // look ahead for space or string end
31 preg_match_all($pattern, $string, $matches);
33 if (empty($matches[1])) return false;
37 foreach ($matches[1] as $token) {
38 $new_string .= $token . ' ';
40 $new_string = rtrim($new_string);