private function _do($str)
{
$str = (string) $str;
$strInt = (int) $str;
$strFloat = (double) $str;
/** @noinspection TypeUnsafeComparisonInspection */
if (!$str || "{$strInt}" == $str || "{$strFloat}" == $str) {
return $str;
}
// removes all non-UTF-8 characters
// &&
// remove NULL characters (ignored by some browsers)
$str = UTF8::clean($str, true, true, false);
// decode the string
$str = $this->decode_string($str);
// and again... removes all non-UTF-8 characters
$str = UTF8::clean($str, true, true, false);
// remove all >= 4-Byte chars if needed
if ($this->_stripe_4byte_chars === true) {
$str = preg_replace('/[\\x{10000}-\\x{10FFFF}]/u', '', $str);
}
// remove strings that are never allowed
$str = $this->_do_never_allowed($str);
// make php tags safe for displaying
$str = $this->make_php_tags_safe($str);
// corrects words before the browser will do it
$str = $this->compact_exploded_javascript($str);
// remove disallowed javascript calls in links, images etc.
$str = $this->remove_disallowed_javascript($str);
// remove evil attributes such as style, onclick and xmlns
$str = $this->remove_evil_attributes($str);
// sanitize naughty HTML elements
$str = $this->sanitize_naughty_html($str);
// sanitize naughty JavaScript elements
$str = $this->sanitize_naughty_javascript($str);
// final clean up
// This adds a bit of extra precaution in case
// something got through the above filters.
$str = $this->_do_never_allowed($str);
$str = $this->_do_never_allowed_afterwards($str);
return $str;
}