Add drupal_css_class() to clean class names and rename form_clean_id

subscribing

Handle renaming of form_clean_id() in here as well?

subscribing

Some of the code in the patch is over my head, but based on the summary in #10, +1 ;)

This all looks good to me in terms of the final goal. I can definitely see myself using this set of functions in the future if it is implemented.

@JohnAlbin, do you think there would be any performance issues with preg_replace being hit so often? Having valid output is great but are we being overly cautious? The only time core uses preg_replace is for an attribute string AFAIK is in cleaning out the url to be converted to a body class. It never seemed to be an issue for form_clean_id(). Anything invalid was predictable and we filtered for that.

About the use of the $coding_standard parameter. Instead of using a binary switch, what if you could pass in a string or an array to be filtered.

example:

/**
 * ...
 * @param
 *   (optional) A string or an array of strings to filter out.
 *   It will be converted into hyphens.
 */
function drupal_clean_css_identifier($identifier, $filters = '_', $safe_prefix = 'css-') {
  ...

  // Drupal's coding standards use lowercase characters and dashes.
  if (!empty($filters) {
    $identifier = str_replace($filters, '-', drupal_strtolower($identifier));
  }

  ...

  return $identifier;
}

With that, you can have any string converted not just underscores. The default behavior would result in the same output. It's just more flexible.

This could possibly replace the need for preg_replace() by feeding the filter with expected "invalid" values as they are encountered.

What the id cleaner could look like:

function drupal_css_id($id, $filter = array(array('][', '_', ' '), $safe_prefix = 'id-') {
  $seen_ids = &drupal_static(__FUNCTION__, array());
  $id = drupal_clean_css_identifier($id, $filter, $safe_prefix);

  ...

  return $id;
}

Lastly, is $safe_prefix necessary? I've never encountered a situation where I had to be careful of an invalid prefix but maybe others have.

We badly and definitely need this.

However, some clean-up is necessary:

 function drupal_attributes($attributes = array()) {
   if (is_array($attributes)) {
     $t = '';
+    // Handle classes specially.
+    if (isset($attributes['class'])) {
+      // Clean the class names, but don't enforce Drupal coding standards since
+      // we may need to integrate with 3rd party APIs.
+      $classes = explode(' ', $attributes['class']);
+      if (!empty($classes)) {
+        foreach ($classes AS $i => $class) {
+          $classes[$i] = drupal_css_class($class, FALSE);
+        }
+        $t .= ' class="' . implode(' ', $classes) . '"';
+      }
+      unset($attributes['class']);
+    }
     foreach ($attributes as $key => $value) {
       $t .= " $key=" . '"' . check_plain($value) . '"';
     }

'class' is special-cased here, but $attributes can as well contain a CSS ID. We want to ensure both are sanitized.

Additionally, that isset() and following unset() is a bit clumsy. Please move that as checks for the two special values in $key into the foreach.

+ * @param $coding_standards
+ *   Enforce Drupal's coding standards on the identifier string.

That is a pretty nifty idea. The parameter/variable name might use a shorter name though. And a link to the handbook page where these are defined would be great (if existent).

+ * @param $safe_prefix
+ *   If the proposed identifier starts with an illegal sequence (a digit or a
+ *   dash followed by a digit), prepend a safe string to the identifier;
+ *   defaults to 'css-'.

Please remove this entire option. With or without it, developers and themers won't get the expected result, so there is no point in putting extra logic in there. We just want to strip anything invalid at the beginning in all cases.

+  $identifier = preg_replace('/[\x{0000}-\x{002C}\x{002E}-\x{002F}\x{003A}-\x{0040}\x{005B}-\x{005E}\x{0060}\x{007B}-\x{00A0}]/u', '', $identifier);

A negated, positive char list would seem more natural to me here, no? I.e.

+  $identifier = preg_replace('/[^\x{002D}\x{0030}-\x{0039}\x{0041}-\x{005A}\x{005F}\x{0061}-\x{007A}\x{00A1}-]/u', '', $identifier);

...

+    $identifier = str_replace('_', '-', drupal_strtolower($identifier));

Should use strtr() here.

+  // CSS identifiers can't start with a number or a dash and a number, so we
+  // prepend a safe string to prevent an invalid identifier.
+  $start = substr($identifier, 0, 1);
+  if ($start == '-') {
+    $start = substr($identifier, 1, 1);
+  }
+  if (is_numeric($start)) {
+    $identifier = $safe_prefix . $identifier;
+  }

That probably needs another preg_replace(), i.e.

  $identifier = preg_replace('^[\d-]', '', $identifier);

However, in general, I'm not completely sold on the idea that Drupal should all of this extra work due to sluggish developers. AFAIK, Drupal does not do this elsewhere. CSS IDs were the only special case, because those can't appear twice on a page - while a single developer is not able to control with other CSS IDs are on a page.

So. Bearing that, I would suggest to remove that extra validation for starting numbers/dashes.

The remaining clean-up of form_clean_id() looks just awesome!

I wonder whether we should move the code from #550572: CSS+JS regressions related to form-item-[name] into drupal_css_class() after that has been committed.

Extract:

  if (!empty($element['#name'])) {
    $class[] = 'form-item-' . strtr($element['#name'], array(' ' => '-', '_' => '-', '[' => '-', ']' => ''));

The not-so-obvious trick lies in ] being replaced with an empty string, and spaces, underscores, and [ being replaced with hyphens. That means:

book_parent[bid][title] becomes book-parent-bid-title

+++ includes/common.inc	27 Aug 2009 20:20:52 -0000
@@ -2817,6 +2817,79 @@ function drupal_clear_css_cache() {
+ * incorrectly concatenated with dashes. i.e. "one two" will become "one-two".

Comma before i.e.

+++ includes/form.inc	27 Aug 2009 20:20:54 -0000
@@ -625,7 +625,7 @@ function drupal_prepare_form($form_id, &
-      '#id' => form_clean_id('edit-' . $form_id . '-form-token'),
+      '#id' => drupal_css_id('edit-' . $form_id . '-form-token'),
@@ -635,11 +635,11 @@ function drupal_prepare_form($form_id, &
-      '#id' => form_clean_id("edit-$form_id"),
+      '#id' => drupal_css_id("edit-$form_id"),
...
   if (!isset($form['#id'])) {
-    $form['#id'] = form_clean_id($form_id);
+    $form['#id'] = drupal_css_id($form_id);
   }
@@ -993,7 +993,7 @@ function form_builder($form_id, $element
   if (!isset($element['#id'])) {
-    $element['#id'] = form_clean_id('edit-' . implode('-', $element['#parents']));
+    $element['#id'] = drupal_css_id('edit-' . implode('-', $element['#parents']));
   }
@@ -1867,7 +1867,7 @@ function form_process_radios($element) {
-          '#id' => form_clean_id('edit-' . implode('-', $parents_for_id)),
+          '#id' => drupal_css_id('edit-' . implode('-', $parents_for_id)),
@@ -2183,7 +2183,7 @@ function form_process_tableselect($eleme
-            '#id' => form_clean_id('edit-' . implode('-', $parents_for_id)),
+            '#id' => drupal_css_id('edit-' . implode('-', $parents_for_id)),

We should consider to remove some of those auto-generated IDs. They cannot be used safely anyway. And since we have shiny new + clean form element CSS classes now, they are even more obsolete.

Different issue though. ;)

+++ modules/simpletest/tests/common.test	27 Aug 2009 20:21:01 -0000
@@ -455,6 +455,59 @@ class CascadingStylesheetsTestCase exten
+      'name' => t('CSS identifiers'),
+      'description' => t('Test the functions drupal_css_class() and drupal_css_id() for expected behavior'),
+      'group' => t('System')

We no longer wrap these in t(). Also, missing trailing comma after last element.

Beer-o-mania starts in 4 days! Don't drink and patch.

Thanks! Let's get this wonderful patch in! :)

tagging

HEAD is broken.

That bit about formatting stuff according to Drupal coding standards is cruft, IMO. Let's strip it out; this is the domain of Coder module. Core doesn't babysit broken code.

It would also be good to get some before/after benchmarks for that preg_replace().

Other than that, this looks great!

I confirm this is RTBC.

Straight re-roll.

+++ includes/theme.inc	19 Sep 2009 03:37:03 -0000
@@ -2113,18 +2113,17 @@ function template_preprocess_html(&$vari
   if ($node = menu_get_object()) {
-    $variables['classes_array'][] = 'node-type-' . form_clean_id($node->type);
+    $variables['classes_array'][] = drupal_css_class('node-type-' . $variables['node']->type);

Here was the problem.

yay, thanks! :)

Reverting status.

Tagging.

*bump*

Is it because of the missing benchmarks, maybe?

Attached. No noticeable difference.

Reviewed. Looks good and convenient. Committed to CVS HEAD. Thanks all!

Minor nitpick: It's technically not a "CSS" class or ID but rather a "HTML" class or ID, so drupal_css_class() and drupal_css_id() are kind of a misnomer. IDs and classes are not inherently tied to CSS but are HTML attributes (http://www.w3.org/TR/html4/struct/global.html#h-7.5.2).

@kkaefer: Your nitpick makes sense -- do we need to fix it or would the current function names be more grokable than drupal_html_class() and drupal_html_id()?

Patch changes drupal_css_* to drupal_html_*

Supporting that.

But why did we leave out drupal_clean_css_identifier() ?

Seems reasonable.

also rename drupal_clean_css_identifier().

Yup! Test bot likes it too.

Hm. I could go either way on this. I like "css" being in the name since that's a good clue to people about when to use those functions, but at the same time kkaefer's right that technically these are not inherent at all to CSS and can be used for other things as well.

I decided to go with accuracy/future-proofing and committed to HEAD.

Needs documentation (again). :)

Reasonable!

In summary:

• drupal_clean_html_identifier --> drupal_clean_css_identifier
• DrupalCSSIdentifierTestCase --> DrupalHTMLIdentifierTestCase
• Adds in a fix to respect the HTML ID specifications more

Haha. You guys are hilarious. :)

Cool, works for me. Committed to HEAD once more. Marking needs work for documentation.

.

Ummm... Looks like it needs documentation in the module update guide? changing tag scheme.

OK. I'm looking through the 3 patches above that were committed. What I think happened in this issue:

First patch http://drupal.org/files/issues/drupal.css-class.33.patch
a) form_clean_id() [D6 function] was removed and replaced by drupal_css_id()
b) drupal_css_class() was added.
c) drupal_clean_css_identifier() was added.

Second patch http://drupal.org/files/issues/b69d64b4_1.patch
a) drupal_clean_css_identifier -> drupal_clean_html_identifier [later reverted see below]
b) drupal_css_class -> drupal_html_class
c) drupal_css_id -> drupal_html_id

Third patch http://drupal.org/files/issues/464862-53-drupal-css-class.patch
a) drupal_clean_html_identifier -> drupal_clean_css_identifier

Net result:
a) form_clean_id() [D6 function] -> drupal_html_id()
b) drupal_css_class() was added.
c) drupal_clean_html_identifier() was added.

(a) needs to be documented in the Update Guide. Actually, it was documented, but they didn't get the later change, so I fixed it:
http://drupal.org/update/modules/6/7#form_clean_id

Currently using a govuk based theme, and it requires support for the exclamation mark within the class names.

Attaching a relevant patch here for reference purposes.