private function esapeUrls(\DOMDocument $doc, \DOMXPath $xp)
{
$regex = '{' . preg_quote($this->options['tag_variable'][0]) . '((' . self::REGEX_STRING . '|[^"\']*)+)' . preg_quote($this->options['tag_variable'][1]) . '}siuU';
// special attr escaping
$res = $this->xpathQuery($xp, "(//xh:*/@href|//xh:*/@src)[contains(., '{$this->options['tag_variable'][0]}') and contains(., '{$this->options['tag_variable'][1]}')]", $doc, false);
foreach ($res as $node) {
// if the twig variable is at the beginning of attribute, we should skip it
if (preg_match('{^' . preg_quote($this->options['tag_variable'][0]) . '((' . self::REGEX_STRING . '|[^"\']*)+)' . preg_quote($this->options['tag_variable'][1]) . '}siuU', str_replace($this->placeholder, '', $node->value))) {
continue;
}
if (substr($node->value, 0, 11) == "javascript:" && $node->name == "href") {
$newValue = preg_replace($regex, "{$this->options['tag_variable'][0]} (\\1) | escape('js') {$this->options['tag_variable'][1]}", $node->value);
} else {
$newValue = preg_replace($regex, "{$this->options['tag_variable'][0]} (\\1) | escape('url') {$this->options['tag_variable'][1]}", $node->value);
}
$node->value = htmlspecialchars($newValue, ENT_COMPAT, 'UTF-8');
}
}
