private function strip_attributes_recursive($node, $bad_attributes, $bad_protocols)
{
if ($node->nodeType !== XML_ELEMENT_NODE) {
return;
}
$node_name = $node->nodeName;
// Some nodes may contain valid content but are themselves invalid.
// Remove the node but preserve the children.
if ('font' === $node_name) {
$this->replace_node_with_children($node, $bad_attributes, $bad_protocols);
return;
} elseif ('a' === $node_name && false === $this->validate_a_node($node)) {
$this->replace_node_with_children($node, $bad_attributes, $bad_protocols);
return;
}
if ($node->hasAttributes()) {
$length = $node->attributes->length;
for ($i = $length - 1; $i >= 0; $i--) {
$attribute = $node->attributes->item($i);
$attribute_name = strtolower($attribute->name);
if (in_array($attribute_name, $bad_attributes)) {
$node->removeAttribute($attribute_name);
continue;
}
// on* attributes (like onclick) are a special case
if (0 === stripos($attribute_name, 'on') && $attribute_name != 'on') {
$node->removeAttribute($attribute_name);
continue;
} elseif ('a' === $node_name) {
$this->sanitize_a_attribute($node, $attribute);
}
}
}
$length = $node->childNodes->length;
for ($i = $length - 1; $i >= 0; $i--) {
$child_node = $node->childNodes->item($i);
$this->strip_attributes_recursive($child_node, $bad_attributes, $bad_protocols);
}
}
