Currently I am using this code with HTMLPurifier to allow data-*
HTML tag attributes:
$def = $config->getHTMLDefinition(true);
$def->a
This coded can be improved, but I altered the AttrValidator.php I added the following function:
/*=======================================
==-- LLS start wildcard handling
==--
==-- data-* ^data-(((?![\s=]).)+)
=========================================*/
private function checkWildCardAttributes($deflist, $attr_key, $value, $config, $context) {
$result = false;
foreach ($deflist as $def_key => $def_value) {
if (strpos($def_key, '*') !== FALSE) {
// found a wildcard
// does wildcard match this attr
$re = implode('(((?![\s=]).)+)',explode("*",$def_key));
preg_match('#^'.$re.'#',$attr_key,$wcout);
if (count($wcout)>0) {
// the attribute matched against the wildcard definition
$result = $deflist[$attr_key]->validate(
$value,
$config,
$context
);
break;
}
}
}
return $result;
}
in the function validateToken find the following line:
// put the results into effect
Just before this line add this:
/*=======================================
==-- start wildcard handling
=========================================*/
if (!$result) {
// definitions
$result = $this->checkWildCardAttributes($defs, $attr_key, $value, $config, $context);
if (!$result) {
// global definitions
$result = $this->checkWildCardAttributes($d_defs, $attr_key, $value, $config, $context);
}
}
//=======================================
// put the results into effect
if ($result === false || $result === null) {
After this you can use * wildcards in your attribute definition. example:
// See: AttrValidator.php in the HTMLPurifier for the wildcard addition
$def->info_global_attr['data-*'] = new HTMLPurifier_AttrDef_Text;
Like i said, it can be improved... but it does the job :)
Have fun....
It's not a full solution, but I was able to globally white-list individual data-
attributes with the follow code, allowing them to be placed on any element without having to itemize each element type for each attribute.
$def = $config->getHTMLDefinition(true);
$def->info_global_attr['data-aaa-xxx'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-bbb-yyy'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-ccc-zzz'] = new HTMLPurifier_AttrDef_Text;
Nope, it's not possible without modifying the validate attributes strategy.