foreach ($restrictions['allowed'
] as $allowed_tag =>
$tag_attributes) { // By default, no attributes are allowed for a tag, but due to the
// globally allowed attributes, it is impossible for a tag to actually
// completely disallow attributes.
if ($tag_attributes === FALSE
) { $tag_attributes =
[];
} $allowed_attributes =
['exact' =>
[], 'prefix' =>
[]];
foreach (($global_allowed_attributes +
$tag_attributes) as $name =>
$values) { // A trailing * indicates wildcard, but it must have some prefix.
if (substr($name, -1
) === '*' &&
$name[0
] !== '*'
) { $allowed_attributes['prefix'
][str_replace('*', '',
$name)] =
$this->
prepareAttributeValues($values);
} else { $allowed_attributes['exact'
][$name] =
$this->
prepareAttributeValues($values);
} } krsort($allowed_attributes['prefix'
]);
// Find all matching elements that have any attributes and filter the
// attributes by name and value.
foreach ($xpath->
query('//' .
$allowed_tag . '[@*]'
) as $element) { $this->
filterElementAttributes($element,
$allowed_attributes);
}