preg_match( '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
$x, $regs );
@list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
+ $badtag = false;
if ( isset( $htmlelements[$t = strtolower( $t )] ) ) {
if( is_callable( $processCallback ) ) {
call_user_func_array( $processCallback, array( &$params, $args ) );
}
+
+ if ( !Sanitizer::validateTag( $params, $t ) ) {
+ $badtag = true;
+ }
+
$newparams = Sanitizer::fixTagAttributes( $params, $t );
- $rest = str_replace( '>', '>', $rest );
- $text .= "<$slash$t$newparams$brace$rest";
- } else {
- $text .= '<' . str_replace( '>', '>', $x);
+ if ( !$badtag ) {
+ $rest = str_replace( '>', '>', $rest );
+ $text .= "<$slash$t$newparams$brace$rest";
+ continue;
+ }
}
+ $text .= '<' . str_replace( '>', '>', $x);
}
}
wfProfileOut( __METHOD__ );
<div itemscope>
<meta itemprop="hello" content="world">
<meta http-equiv="refresh" content="5">
+ <meta itemprop="hello" http-equiv="refresh" content="5">
<link itemprop="hello" href="{{SERVER}}">
<link rel="stylesheet" href="{{SERVER}}">
+ <link rel="stylesheet" itemprop="hello" href="{{SERVER}}">
</div>
!! result
<div itemscope="itemscope">
<p> <meta itemprop="hello" content="world" />
<meta http-equiv="refresh" content="5">
+ <meta itemprop="hello" content="5" />
</p>
<link itemprop="hello" href="http://Britney-Spears" />
<link rel="stylesheet" href="<a rel="nofollow" class="external free" href="http://Britney-Spears">http://Britney-Spears</a>">
+ <link itemprop="hello" href="http://Britney-Spears" />
</div>
!! end