|
|
|
@ -214,8 +214,11 @@ class washtml
|
|
|
|
|
$key = strtolower($key);
|
|
|
|
|
$value = $node->getAttribute($key);
|
|
|
|
|
if (isset($this->_html_attribs[$key]) ||
|
|
|
|
|
($key == 'href' && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value)))
|
|
|
|
|
($key == 'href' && !preg_match('!^javascript!i', $value)
|
|
|
|
|
&& preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
|
|
|
|
|
) {
|
|
|
|
|
$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
|
|
|
|
|
}
|
|
|
|
|
else if ($key == 'style' && ($style = $this->wash_style($value))) {
|
|
|
|
|
$quot = strpos($style, '"') !== false ? "'" : '"';
|
|
|
|
|
$t .= ' style=' . $quot . $style . $quot;
|
|
|
|
@ -237,7 +240,8 @@ class washtml
|
|
|
|
|
else if (preg_match('/^data:.+/i', $value)) { // RFC2397
|
|
|
|
|
$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
$washed .= ($washed?' ':'') . $key;
|
|
|
|
|
}
|
|
|
|
|
return $t . ($washed && $this->config['show_washed']?' x-washed="'.$washed.'"':'');
|
|
|
|
|