CSSDefinition.php 19 KB

  1. <?php
  2. /**
  3. * Defines allowed CSS attributes and what their values are.
  4. * @see HTMLPurifier_HTMLDefinition
  5. */
  6. class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
  7. {
  8. public $type = 'CSS';
  9. /**
  10. * Assoc array of attribute name to definition object.
  11. * @type HTMLPurifier_AttrDef[]
  12. */
  13. public $info = array();
  14. /**
  15. * Constructs the info array. The meat of this class.
  16. * @param HTMLPurifier_Config $config
  17. */
  18. protected function doSetup($config)
  19. {
  20. $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
  21. array('left', 'right', 'center', 'justify'),
  22. false
  23. );
  24. $border_style =
  25. $this->info['border-bottom-style'] =
  26. $this->info['border-right-style'] =
  27. $this->info['border-left-style'] =
  28. $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
  29. array(
  30. 'none',
  31. 'hidden',
  32. 'dotted',
  33. 'dashed',
  34. 'solid',
  35. 'double',
  36. 'groove',
  37. 'ridge',
  38. 'inset',
  39. 'outset'
  40. ),
  41. false
  42. );
  43. $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
  44. $this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
  45. array('none', 'left', 'right', 'both'),
  46. false
  47. );
  48. $this->info['float'] = new HTMLPurifier_AttrDef_Enum(
  49. array('none', 'left', 'right'),
  50. false
  51. );
  52. $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
  53. array('normal', 'italic', 'oblique'),
  54. false
  55. );
  56. $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
  57. array('normal', 'small-caps'),
  58. false
  59. );
  60. $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
  61. array(
  62. new HTMLPurifier_AttrDef_Enum(array('none')),
  63. new HTMLPurifier_AttrDef_CSS_URI()
  64. )
  65. );
  66. $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
  67. array('inside', 'outside'),
  68. false
  69. );
  70. $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
  71. array(
  72. 'disc',
  73. 'circle',
  74. 'square',
  75. 'decimal',
  76. 'lower-roman',
  77. 'upper-roman',
  78. 'lower-alpha',
  79. 'upper-alpha',
  80. 'none'
  81. ),
  82. false
  83. );
  84. $this->info['list-style-image'] = $uri_or_none;
  85. $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
  86. $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
  87. array('capitalize', 'uppercase', 'lowercase', 'none'),
  88. false
  89. );
  90. $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
  91. $this->info['background-image'] = $uri_or_none;
  92. $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
  93. array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
  94. );
  95. $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
  96. array('scroll', 'fixed')
  97. );
  98. $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
  99. $border_color =
  100. $this->info['border-top-color'] =
  101. $this->info['border-bottom-color'] =
  102. $this->info['border-left-color'] =
  103. $this->info['border-right-color'] =
  104. $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(
  105. array(
  106. new HTMLPurifier_AttrDef_Enum(array('transparent')),
  107. new HTMLPurifier_AttrDef_CSS_Color()
  108. )
  109. );
  110. $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
  111. $this->info['border-color'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_color);
  112. $border_width =
  113. $this->info['border-top-width'] =
  114. $this->info['border-bottom-width'] =
  115. $this->info['border-left-width'] =
  116. $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(
  117. array(
  118. new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
  119. new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
  120. )
  121. );
  122. $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
  123. $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
  124. array(
  125. new HTMLPurifier_AttrDef_Enum(array('normal')),
  126. new HTMLPurifier_AttrDef_CSS_Length()
  127. )
  128. );
  129. $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
  130. array(
  131. new HTMLPurifier_AttrDef_Enum(array('normal')),
  132. new HTMLPurifier_AttrDef_CSS_Length()
  133. )
  134. );
  135. $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
  136. array(
  137. new HTMLPurifier_AttrDef_Enum(
  138. array(
  139. 'xx-small',
  140. 'x-small',
  141. 'small',
  142. 'medium',
  143. 'large',
  144. 'x-large',
  145. 'xx-large',
  146. 'larger',
  147. 'smaller'
  148. )
  149. ),
  150. new HTMLPurifier_AttrDef_CSS_Percentage(),
  151. new HTMLPurifier_AttrDef_CSS_Length()
  152. )
  153. );
  154. $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(
  155. array(
  156. new HTMLPurifier_AttrDef_Enum(array('normal')),
  157. new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
  158. new HTMLPurifier_AttrDef_CSS_Length('0'),
  159. new HTMLPurifier_AttrDef_CSS_Percentage(true)
  160. )
  161. );
  162. $margin =
  163. $this->info['margin-top'] =
  164. $this->info['margin-bottom'] =
  165. $this->info['margin-left'] =
  166. $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
  167. array(
  168. new HTMLPurifier_AttrDef_CSS_Length(),
  169. new HTMLPurifier_AttrDef_CSS_Percentage(),
  170. new HTMLPurifier_AttrDef_Enum(array('auto'))
  171. )
  172. );
  173. $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
  174. // non-negative
  175. $padding =
  176. $this->info['padding-top'] =
  177. $this->info['padding-bottom'] =
  178. $this->info['padding-left'] =
  179. $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
  180. array(
  181. new HTMLPurifier_AttrDef_CSS_Length('0'),
  182. new HTMLPurifier_AttrDef_CSS_Percentage(true)
  183. )
  184. );
  185. $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
  186. $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(
  187. array(
  188. new HTMLPurifier_AttrDef_CSS_Length(),
  189. new HTMLPurifier_AttrDef_CSS_Percentage()
  190. )
  191. );
  192. $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(
  193. array(
  194. new HTMLPurifier_AttrDef_CSS_Length('0'),
  195. new HTMLPurifier_AttrDef_CSS_Percentage(true),
  196. new HTMLPurifier_AttrDef_Enum(array('auto', 'initial', 'inherit'))
  197. )
  198. );
  199. $trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite(
  200. array(
  201. new HTMLPurifier_AttrDef_CSS_Length('0'),
  202. new HTMLPurifier_AttrDef_CSS_Percentage(true),
  203. new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
  204. )
  205. );
  206. $trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite(
  207. array(
  208. new HTMLPurifier_AttrDef_CSS_Length('0'),
  209. new HTMLPurifier_AttrDef_CSS_Percentage(true),
  210. new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
  211. )
  212. );
  213. $max = $config->get('CSS.MaxImgLength');
  214. $this->info['width'] =
  215. $this->info['height'] =
  216. $max === null ?
  217. $trusted_wh :
  218. new HTMLPurifier_AttrDef_Switch(
  219. 'img',
  220. // For img tags:
  221. new HTMLPurifier_AttrDef_CSS_Composite(
  222. array(
  223. new HTMLPurifier_AttrDef_CSS_Length('0', $max),
  224. new HTMLPurifier_AttrDef_Enum(array('auto'))
  225. )
  226. ),
  227. // For everyone else:
  228. $trusted_wh
  229. );
  230. $this->info['min-width'] =
  231. $this->info['min-height'] =
  232. $max === null ?
  233. $trusted_min_wh :
  234. new HTMLPurifier_AttrDef_Switch(
  235. 'img',
  236. // For img tags:
  237. new HTMLPurifier_AttrDef_CSS_Composite(
  238. array(
  239. new HTMLPurifier_AttrDef_CSS_Length('0', $max),
  240. new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
  241. )
  242. ),
  243. // For everyone else:
  244. $trusted_min_wh
  245. );
  246. $this->info['max-width'] =
  247. $this->info['max-height'] =
  248. $max === null ?
  249. $trusted_max_wh :
  250. new HTMLPurifier_AttrDef_Switch(
  251. 'img',
  252. // For img tags:
  253. new HTMLPurifier_AttrDef_CSS_Composite(
  254. array(
  255. new HTMLPurifier_AttrDef_CSS_Length('0', $max),
  256. new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
  257. )
  258. ),
  259. // For everyone else:
  260. $trusted_max_wh
  261. );
  262. $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
  263. $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
  264. // this could use specialized code
  265. $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
  266. array(
  267. 'normal',
  268. 'bold',
  269. 'bolder',
  270. 'lighter',
  271. '100',
  272. '200',
  273. '300',
  274. '400',
  275. '500',
  276. '600',
  277. '700',
  278. '800',
  279. '900'
  280. ),
  281. false
  282. );
  283. // MUST be called after other font properties, as it references
  284. // a CSSDefinition object
  285. $this->info['font'] = new HTMLPurifier_AttrDef_CSS_Font($config);
  286. // same here
  287. $this->info['border'] =
  288. $this->info['border-bottom'] =
  289. $this->info['border-top'] =
  290. $this->info['border-left'] =
  291. $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
  292. $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(
  293. array('collapse', 'separate')
  294. );
  295. $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(
  296. array('top', 'bottom')
  297. );
  298. $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(
  299. array('auto', 'fixed')
  300. );
  301. $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(
  302. array(
  303. new HTMLPurifier_AttrDef_Enum(
  304. array(
  305. 'baseline',
  306. 'sub',
  307. 'super',
  308. 'top',
  309. 'text-top',
  310. 'middle',
  311. 'bottom',
  312. 'text-bottom'
  313. )
  314. ),
  315. new HTMLPurifier_AttrDef_CSS_Length(),
  316. new HTMLPurifier_AttrDef_CSS_Percentage()
  317. )
  318. );
  319. $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
  320. // These CSS properties don't work on many browsers, but we live
  321. // in THE FUTURE!
  322. $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(
  323. array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line')
  324. );
  325. if ($config->get('CSS.Proprietary')) {
  326. $this->doSetupProprietary($config);
  327. }
  328. if ($config->get('CSS.AllowTricky')) {
  329. $this->doSetupTricky($config);
  330. }
  331. if ($config->get('CSS.Trusted')) {
  332. $this->doSetupTrusted($config);
  333. }
  334. $allow_important = $config->get('CSS.AllowImportant');
  335. // wrap all attr-defs with decorator that handles !important
  336. foreach ($this->info as $k => $v) {
  337. $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
  338. }
  339. $this->setupConfigStuff($config);
  340. }
  341. /**
  342. * @param HTMLPurifier_Config $config
  343. */
  344. protected function doSetupProprietary($config)
  345. {
  346. // Internet Explorer only scrollbar colors
  347. $this->info['scrollbar-arrow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
  348. $this->info['scrollbar-base-color'] = new HTMLPurifier_AttrDef_CSS_Color();
  349. $this->info['scrollbar-darkshadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
  350. $this->info['scrollbar-face-color'] = new HTMLPurifier_AttrDef_CSS_Color();
  351. $this->info['scrollbar-highlight-color'] = new HTMLPurifier_AttrDef_CSS_Color();
  352. $this->info['scrollbar-shadow-color'] = new HTMLPurifier_AttrDef_CSS_Color();
  353. // vendor specific prefixes of opacity
  354. $this->info['-moz-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
  355. $this->info['-khtml-opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
  356. // only opacity, for now
  357. $this->info['filter'] = new HTMLPurifier_AttrDef_CSS_Filter();
  358. // more CSS3
  359. $this->info['page-break-after'] =
  360. $this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum(
  361. array(
  362. 'auto',
  363. 'always',
  364. 'avoid',
  365. 'left',
  366. 'right'
  367. )
  368. );
  369. $this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto', 'avoid'));
  370. $border_radius = new HTMLPurifier_AttrDef_CSS_Composite(
  371. array(
  372. new HTMLPurifier_AttrDef_CSS_Percentage(true), // disallow negative
  373. new HTMLPurifier_AttrDef_CSS_Length('0') // disallow negative
  374. ));
  375. $this->info['border-top-left-radius'] =
  376. $this->info['border-top-right-radius'] =
  377. $this->info['border-bottom-right-radius'] =
  378. $this->info['border-bottom-left-radius'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_radius, 2);
  379. // TODO: support SLASH syntax
  380. $this->info['border-radius'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_radius, 4);
  381. }
  382. /**
  383. * @param HTMLPurifier_Config $config
  384. */
  385. protected function doSetupTricky($config)
  386. {
  387. $this->info['display'] = new HTMLPurifier_AttrDef_Enum(
  388. array(
  389. 'inline',
  390. 'block',
  391. 'list-item',
  392. 'run-in',
  393. 'compact',
  394. 'marker',
  395. 'table',
  396. 'inline-block',
  397. 'inline-table',
  398. 'table-row-group',
  399. 'table-header-group',
  400. 'table-footer-group',
  401. 'table-row',
  402. 'table-column-group',
  403. 'table-column',
  404. 'table-cell',
  405. 'table-caption',
  406. 'none'
  407. )
  408. );
  409. $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(
  410. array('visible', 'hidden', 'collapse')
  411. );
  412. $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
  413. $this->info['opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
  414. }
  415. /**
  416. * @param HTMLPurifier_Config $config
  417. */
  418. protected function doSetupTrusted($config)
  419. {
  420. $this->info['position'] = new HTMLPurifier_AttrDef_Enum(
  421. array('static', 'relative', 'absolute', 'fixed')
  422. );
  423. $this->info['top'] =
  424. $this->info['left'] =
  425. $this->info['right'] =
  426. $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(
  427. array(
  428. new HTMLPurifier_AttrDef_CSS_Length(),
  429. new HTMLPurifier_AttrDef_CSS_Percentage(),
  430. new HTMLPurifier_AttrDef_Enum(array('auto')),
  431. )
  432. );
  433. $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(
  434. array(
  435. new HTMLPurifier_AttrDef_Integer(),
  436. new HTMLPurifier_AttrDef_Enum(array('auto')),
  437. )
  438. );
  439. }
  440. /**
  441. * Performs extra config-based processing. Based off of
  442. * HTMLPurifier_HTMLDefinition.
  443. * @param HTMLPurifier_Config $config
  444. * @todo Refactor duplicate elements into common class (probably using
  445. * composition, not inheritance).
  446. */
  447. protected function setupConfigStuff($config)
  448. {
  449. // setup allowed elements
  450. $support = "(for information on implementing this, see the " .
  451. "support forums) ";
  452. $allowed_properties = $config->get('CSS.AllowedProperties');
  453. if ($allowed_properties !== null) {
  454. foreach ($this->info as $name => $d) {
  455. if (!isset($allowed_properties[$name])) {
  456. unset($this->info[$name]);
  457. }
  458. unset($allowed_properties[$name]);
  459. }
  460. // emit errors
  461. foreach ($allowed_properties as $name => $d) {
  462. // :TODO: Is this htmlspecialchars() call really necessary?
  463. $name = htmlspecialchars($name);
  464. trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
  465. }
  466. }
  467. $forbidden_properties = $config->get('CSS.ForbiddenProperties');
  468. if ($forbidden_properties !== null) {
  469. foreach ($this->info as $name => $d) {
  470. if (isset($forbidden_properties[$name])) {
  471. unset($this->info[$name]);
  472. }
  473. }
  474. }
  475. }
  476. }
  477. // vim: et sw=4 sts=4