Add basic selector validation

Author: raxbg

lib/Sabberworm/CSS/Property/Selector.php

@@ -2,6 +2,8 @@
 
 namespace Sabberworm\CSS\Property;
 
+use Sabberworm\CSS\Parsing\UnexpectedTokenException;
+
 /**
  * Class representing a single CSS selector. Selectors have to be split by the comma prior to being passed into this class.
  */
@@ -38,7 +40,15 @@ class Selector {
 	private $sSelector;
 	private $iSpecificity;
 
+	public static function isValid($sSelector) {
+		return preg_match("/^[a-zA-Z0-9\x{00A0}-\x{FFFF}_\=\"\'\~\[\]\(\)\-\s\.:#\+\>]*$/u", $sSelector);
+	}
+
 	public function __construct($sSelector, $bCalculateSpecificity = false) {
+		if (!Selector::isValid($sSelector)) {
+			preg_match("/[^a-zA-Z0-9\x{00A0}-\x{FFFF}_\=\"\'\~\[\]\(\)\-\s\.:#\+\>]/u", $sSelector, $matches);
+			throw new UnexpectedTokenException("Selector did not match '/[^a-zA-Z0-9\x{00A0}-\x{FFFF}_\=\"\'\~\[\]\(\)\-\s\.:#\+\>]/u'. ({$matches[0]} found).", $sSelector, "custom");
+		}
 		$this->setSelector($sSelector);
 		if ($bCalculateSpecificity) {
 			$this->getSpecificity();

lib/Sabberworm/CSS/RuleSet/DeclarationBlock.php

@@ -4,6 +4,7 @@
 
 use Sabberworm\CSS\Parsing\ParserState;
 use Sabberworm\CSS\Parsing\OutputException;
+use Sabberworm\CSS\Parsing\UnexpectedTokenException;
 use Sabberworm\CSS\Property\Selector;
 use Sabberworm\CSS\Rule\Rule;
 use Sabberworm\CSS\Value\RuleValueList;
@@ -28,7 +29,15 @@ public function __construct($iLineNo = 0) {
 	public static function parse(ParserState $oParserState) {
 		$aComments = array();
 		$oResult = new DeclarationBlock($oParserState->currentLine());
-		$oResult->setSelector($oParserState->consumeUntil('{', false, true, $aComments));
+		try {
+			$oResult->setSelector($oParserState->consumeUntil('{', false, true, $aComments));
+		} catch (UnexpectedTokenException $e) {
+			if($oParserState->getSettings()->bLenientParsing) {
+				return NULL;
+			} else {
+				throw $e;
+			}
+		}
 		$oResult->setComments($aComments);
 		RuleSet::parseRuleSet($oParserState, $oResult);
 		return $oResult;