baddiservices/safehtml

Safe HTML package help to prevent XSS vulnerability via HTML content

v0.0.8 2022-05-20 13:35 UTC

This package is auto-updated.

Last update: 2024-10-20 19:07:21 UTC


README

Licence PHP Version Open issues Stars Downloads Twitter Follow

Safe HTML package help to prevent XSS vulnerability via HTML content.

Installation

Use Composer to install the package:

$ composer require baddiservices/safehtml

Examples

Validate the input is HTML or not

...

use BADDIServices\SafeHTML\SafeHTML;

class DemoController extends Controller
{
    /** @var SafeHTML **/
    private $safeHTML;

    public function __construct(SafeHTML $safeHTML)
    {
        $this->safeHTML = $safeHTML;
    }

    public function IndexAction(Request $request)
    {
        $htmlContent = $request->input("content");
        if ($this->validate($htmlContent)) {
            // TODO: is valid HTML continue the process
        }
    }
}

Prevent XSS from HTML

...

$sanitizedHTML = $safeHTML->sanitizeHTML($content);

Prevent XSS from text

...

$sanitizedText = $safeHTML->sanitize($text);

Prevent XSS from link

...

$sanitizedURL = $safeHTML->sanitizeURL($url);

Available methods

Blacklist file example

You can check the blacklist used by default

{
    "tags": {
        "not-allowed": [],
        "not-allowed-empty": []
    },
    "attributes": {
        "not-allowed": []
    }
}

Exceptions

Contribute

Contributions to the package are always welcome!

  • Report any bugs or issues you find.
  • Clone the code source and submit your pull request.