Contents

Code Reference Classes Parsedown Parsedown::sanitiseElement()

Parsedown::sanitiseElement( $Element )

Description

Source

File: bp-help/vendors/parsedown/Parsedown.php

1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
protected function sanitiseElement(array $Element)
{
    static $goodAttribute = '/^[a-zA-Z0-9][a-zA-Z0-9-_]*+$/';
    static $safeUrlNameToAtt  = array(
        'a'   => 'href',
        'img' => 'src',
    );
 
    if ( ! isset($Element['name']))
    {
        unset($Element['attributes']);
        return $Element;
    }
 
    if (isset($safeUrlNameToAtt[$Element['name']]))
    {
        $Element = $this->filterUnsafeUrlInAttribute($Element, $safeUrlNameToAtt[$Element['name']]);
    }
 
    if ( ! empty($Element['attributes']))
    {
        foreach ($Element['attributes'] as $att => $val)
        {
            # filter out badly parsed attribute
            if ( ! preg_match($goodAttribute, $att))
            {
                unset($Element['attributes'][$att]);
            }
            # dump onevent attribute
            elseif (self::striAtStart($att, 'on'))
            {
                unset($Element['attributes'][$att]);
            }
        }
    }
 
    return $Element;
}

Expand full source code Collapse full source code

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.