function RemoveEvilAttribs($Matches) { if (HTML_ALLOW_COMMENTS && substr($Matches[1], 0, 3) == '!--') { return $Matches[0]; } if ($Matches[1][0] == '/') { $Open = 0; $Matches[1] = substr($Matches[1], 1); } else { $Open = 1; } $Node = preg_split('/(?>[^A-Za-z\\d]+)/', $Matches[1], 2); if (empty($Node)) { return ''; } $Node = strtolower($Node[0]); if (empty($Node)) { return ''; } // check if allowed if (HTML_USE_WHITELIST && !isset($GLOBALS['Html_AllowedTags'][$Node])) { return ''; } $Free = in_array($Node, $this->Freestanding); if (in_array($Node, $GLOBALS['Html_DisallowedTags'])) { return ''; } if ($Open) { $c = preg_match_all('/(?<=[\\s"\'`\\/])((?>[\\w\\-]+))(?>[^A-Za-z\\d\'"=]*)=(?>\\s*)(((["\'`])(.*?)\\4)|((?>[^\\s]+)))(?>\\s*)/si', $Matches[1], $Attribs, PREG_SET_ORDER); $Inside = ''; for ($i = 0; $i < $c; $i++) { $Inside .= HtmlFormatter::HandleAttribute($Node, $Attribs[$i]); } $sReturn = $Node . ' ' . $Inside; if ($Free) { $sReturn .= '/'; } } else { if ($Free) { return ''; } $sReturn = '/' . $Node; } if (HTML_POLICE_TAGS && !$Free) { $t = $this->ItWillBeClosed($Node); if (!$t && in_array($Node, $this->FreestandingLoose)) { $sReturn = ''; } else { // set default array value if not already set if (!isset($this->TagArray['normal'][$Node])) { $this->TagArray['normal'][$Node] = 0; } // check if we're one too many open tags if (!$Open) { //we seem to have an orphaned closing tag if (!$this->TagArray['normal'][$Node]) { if ($t) { $sReturn = ''; } else { if (!isset($this->TagArray['extraclosing'][$Node])) { $this->TagArray['extraclosing'][$Node] = 0; } $this->TagArray['extraclosing'][$Node]++; } } else { $this->TagArray['normal'][$Node]--; } } else { $this->TagArray['normal'][$Node]++; } } } if ($sReturn) { return '<' . $sReturn . '>'; } else { return ''; } }