function HandleAttribute($Node, $Matches)
{
if (isset($Matches[6])) {
$Value = $Matches[6];
} else {
$Value = $Matches[5];
}
$Quot = $Matches[4];
$Name = strtolower($Matches[1]);
// if whitelist
if (HTML_USE_WHITELIST) {
if (is_array($GLOBALS['Html_AllowedTags'][$Node])) {
if (!in_array($Name, $GLOBALS['Html_AllowedTags'][$Node])) {
return '';
}
} else {
if (!$GLOBALS['Html_AllowedTags'][$Node]) {
return '';
}
}
}
// url of some kind
if (in_array($Name, array('href', 'src', 'background', 'url', 'dynsrc', 'lowsrc')) && !empty($Value)) {
$Value = HtmlFormatter::ParseProtocol(HtmlFormatter::DecodeEntities($Value), $Name == 'href');
} else {
if ($Name == 'style') {
//styling
if (HTML_ALLOW_INLINE_STYLING) {
$Value = HtmlFormatter::ParseCSS($Value);
} else {
return '';
}
} else {
if (substr($Name, 0, 2) == 'on') {
//event
return '';
}
}
}
$Value = str_replace('&{', '&{', $Value);
if (empty($Quot)) {
$Quot = '"';
}
return $Name . '=' . $Quot . HtmlFormatter::EscapeQuotes($Value) . $Quot . ' ';
}
