SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Hybrid View

  1. #1
    SitePoint Addict
    Join Date
    Jan 2007
    Posts
    323
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    regex instead of explode?

    Hi,

    I am using a script which does this:
    $attrSubSet = explode('=', trim($attribute), 2);

    Its basically taking something like:
    target="_blank"

    Or any attribute you might find in HTML and splitting it into two for further processing.

    The issue is if we have something like this:
    href="http://www.domain.com?id=3"

    Where there is more equal signs in the attribute value which should be ignored since they are not seperating the actual attribute.

    Is there anyway to ignore equal signs inside quotes or single quotes with regex?

  2. #2
    SitePoint Addict
    Join Date
    Jan 2007
    Posts
    323
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    More info... this is from the GPL input filter available on the net. It uses this function to filter attributes.
    Code:
    	function filterAttr($attrSet) {	
    		$newSet = array();
    		for ($i = 0; $i <count($attrSet); $i++) {
    			if (!$attrSet[$i]) continue;
    			$attrSubSet = explode('=', trim($attrSet[$i]));
    			list($attrSubSet[0]) = explode(' ', $attrSubSet[0]);
    			if ((!eregi("^[a-z]*$",$attrSubSet[0])) || (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on')))) 
    				continue;
    			if ($attrSubSet[1]) {
    				$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
    				$attrSubSet[1] = preg_replace('/\s+/', '', $attrSubSet[1]);
    				$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
    				if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'"))
    					$attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2));
    				$attrSubSet[1] = stripslashes($attrSubSet[1]);
    			}
    			if (	((strpos(strtolower($attrSubSet[1]), 'expression') !== false) &&	(strtolower($attrSubSet[0]) == 'style')) ||
    					(strpos(strtolower($attrSubSet[1]), 'javascript:') !== false) ||
    					(strpos(strtolower($attrSubSet[1]), 'behaviour:') !== false) ||
    					(strpos(strtolower($attrSubSet[1]), 'vbscript:') !== false) ||
    					(strpos(strtolower($attrSubSet[1]), 'mocha:') !== false) ||
    					(strpos(strtolower($attrSubSet[1]), 'livescript:') !== false) 
    			) continue;
    			$attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
    			if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod)) {
    				if ($attrSubSet[1]) $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
    				else if ($attrSubSet[1] == "0") $newSet[] = $attrSubSet[0] . '="0"';
    				else $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"';
    			}	
    		}
    		return $newSet;
    	}


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •