Topic: Powerful tag-manipulating hook functions deployable in new version 1.1
htmLawed 1.1 introduces a new $config parameter, hook_tag. This permits one to use their own custom functions to check/manipulate tag content. When such a function is in use, htmlawed will pass it opening tag content for further processing.
From the documentation:
This is a powerful functionality that can be exploited for various objectives: consolidate-and-convert inline style attributes to class, convert embed elements to object, permit only one caption element in a table element, disallow embedding of certain types of media, inject HTML, use CSSTidy to sanitize style attribute values, etc.
As an example, the custom hook code below can be used to force a series of specifically ordered id attributes on all elements, and a specific param element inside all object elements:
function my_tag_function($element, $attribute_array){
static $id = 0;
// Remove any duplicate element
if($element == 'param' && isset($attribute_array['allowscriptaccess'])){
return '';
}$new_element = '';
// Force a serialized ID number
$attribute_array['id'] = 'my_'. $id;
++$id;// Inject param for allowscriptaccess
if($element == 'object'){
$new_element = '<param id='my_'. $id; allowscriptaccess="never" />';
++$id;
}$string = '';
foreach($attribute_array as $k=>$v){
$string .= " {$k}=\"{$v}\"";
}
static $empty_elements = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1);
return "<{$element}{$string}". (isset($empty_elements[$element]) ? ' /' : ''). '>'. $new_element;
}
This forum post explains using 'hook_tag' to filter CSS property declarations in 'style' attribute values.