function RemoveEvilAttribs($Matches)
{
if (HTML_ALLOW_COMMENTS && substr($Matches[1], 0, 3) == '!--') {
return $Matches[0];
}
if ($Matches[1][0] == '/') {
$Open = 0;
$Matches[1] = substr($Matches[1], 1);
} else {
$Open = 1;
}
$Node = preg_split('/(?>[^A-Za-z\\d]+)/', $Matches[1], 2);
if (empty($Node)) {
return '';
}
$Node = strtolower($Node[0]);
if (empty($Node)) {
return '';
}
// check if allowed
if (HTML_USE_WHITELIST && !isset($GLOBALS['Html_AllowedTags'][$Node])) {
return '';
}
$Free = in_array($Node, $this->Freestanding);
if (in_array($Node, $GLOBALS['Html_DisallowedTags'])) {
return '';
}
if ($Open) {
$c = preg_match_all('/(?<=[\\s"\'`\\/])((?>[\\w\\-]+))(?>[^A-Za-z\\d\'"=]*)=(?>\\s*)(((["\'`])(.*?)\\4)|((?>[^\\s]+)))(?>\\s*)/si', $Matches[1], $Attribs, PREG_SET_ORDER);
$Inside = '';
for ($i = 0; $i < $c; $i++) {
$Inside .= HtmlFormatter::HandleAttribute($Node, $Attribs[$i]);
}
$sReturn = $Node . ' ' . $Inside;
if ($Free) {
$sReturn .= '/';
}
} else {
if ($Free) {
return '';
}
$sReturn = '/' . $Node;
}
if (HTML_POLICE_TAGS && !$Free) {
$t = $this->ItWillBeClosed($Node);
if (!$t && in_array($Node, $this->FreestandingLoose)) {
$sReturn = '';
} else {
// set default array value if not already set
if (!isset($this->TagArray['normal'][$Node])) {
$this->TagArray['normal'][$Node] = 0;
}
// check if we're one too many open tags
if (!$Open) {
//we seem to have an orphaned closing tag
if (!$this->TagArray['normal'][$Node]) {
if ($t) {
$sReturn = '';
} else {
if (!isset($this->TagArray['extraclosing'][$Node])) {
$this->TagArray['extraclosing'][$Node] = 0;
}
$this->TagArray['extraclosing'][$Node]++;
}
} else {
$this->TagArray['normal'][$Node]--;
}
} else {
$this->TagArray['normal'][$Node]++;
}
}
}
if ($sReturn) {
return '<' . $sReturn . '>';
} else {
return '';
}
}
