/**
* @param $str
* @return string|null
*/
private static function canonicalize($str)
{
try {
return @ESAPI::encoder()->canonicalize($str);
} catch (\Exception $ex) {
return null;
}
}
/**
* Styles filter
* @param string $attr
* @return string
*/
private function cleanStyles($attr)
{
$returnStyle = [];
$stylesSet = explode(';', $attr);
foreach ($stylesSet as $value) {
$styleElements = explode(':', $value, 2);
if (sizeof($styleElements) != 2) {
continue;
}
$styleElements[0] = trim($styleElements[0]);
$styleElements[1] = trim($styleElements[1]);
// проверяем элемент
if (array_key_exists($styleElements[0], $this->allowedStyles)) {
// проверяем значение
if ($this->allowedStyles[$styleElements[0]] === true) {
$returnStyle[] = $styleElements[0] . ': ' . ESAPI::encoder()->encodeForCSS($styleElements[1]);
} elseif (is_array($this->allowedStyles[$styleElements[0]]) and in_array($styleElements[1], $this->allowedStyles[$styleElements[0]])) {
$returnStyle[] = $styleElements[0] . ':' . $styleElements[1];
}
}
}
return implode(';', $returnStyle);
}
