1<?php
2/**
3 * Figure element component for the adhoctags plugin
4 *
5 * Defines  <figure> ... </figure> syntax
6 * More info: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figure
7 *
8 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
9 * @author     Anika Henke <anika@selfthinker.org>
10 * @author     Sascha Leib <sascha.leib(at)kolmio.com>
11 */
12
13class syntax_plugin_adhoctags_iframe extends syntax_plugin_adhoctags_abstractblock {
14
15	protected $tag	= 'iframe';
16
17	/* allow link attributes: */
18	function allowAttribute(&$name, &$value) {
19
20		switch ($name) {
21			case 'allow':
22				return true;
23
24			case 'height':
25			case 'width':
26				return (preg_match('/^\d+$/', trim($value)));
27				break;
28
29			case 'src':
30			if ($this->getConf('iFrameExtSrc') == 0) {
31				$decodedVal = trim(urldecode($value));
32				if (substr($decodedVal, 5) == "http:"
33				 || substr($decodedVal, 6) == "https:"
34				 || substr($decodedVal, 2) == "//") {
35					return false;
36				} else {
37					return (preg_match("/^[\w\d\-\._~\/\?#\[\]@\!$&'()*+,;=%]+$/", trim($value)));; /* any URL without colon! */
38				}
39			} else {
40				return (preg_match("/^[\w\d\-\._~:\/\?#\[\]@\!$&'()*+,;=%]+$/", trim($value)));; /* allow any URL! */
41			}
42			break;
43
44			case 'sandbox':
45				return (preg_match('/^[\w\-]+$/', trim($value)));
46				break;
47
48			case 'name':
49				return (preg_match('/^[\w\d_\-]+$/', trim($value)));
50				break;
51
52			case 'loading':
53				return in_array($value, array('eager','lazy'));
54				break;
55
56			case 'referrerpolicy':
57				return in_array($value, array('no-referrer','no-referrer-when-downgrade','origin','origin-when-cross-origin','same-origin','strict-origin','strict-origin-when-cross-origin','unsafe-url'));
58				break;
59
60			case 'sandbox':
61				return (preg_match('/^[\w\-]+$/', trim($value)));
62				break;
63
64			default:
65				return false;
66		}
67	}
68}