| | |
| | | $key = strtolower($key); |
| | | $value = $node->getAttribute($key); |
| | | if (isset($this->_html_attribs[$key]) || |
| | | ($key == 'href' && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))) |
| | | ($key == 'href' && !preg_match('!^javascript!i', $value) |
| | | && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value)) |
| | | ) { |
| | | $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; |
| | | } |
| | | else if ($key == 'style' && ($style = $this->wash_style($value))) { |
| | | $quot = strpos($style, '"') !== false ? "'" : '"'; |
| | | $t .= ' style=' . $quot . $style . $quot; |
| | |
| | | else if (preg_match('/^data:.+/i', $value)) { // RFC2397 |
| | | $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; |
| | | } |
| | | } else |
| | | } |
| | | else |
| | | $washed .= ($washed?' ':'') . $key; |
| | | } |
| | | return $t . ($washed && $this->config['show_washed']?' x-washed="'.$washed.'"':''); |