README

Safe HTML package help to prevent XSS vulnerability via HTML content.

Installation

Use Composer to install the package:

$ composer require baddiservices/safehtml

Examples

Validate the input is HTML or not

...

use BADDIServices\SafeHTML\SafeHTML;

class DemoController extends Controller
{
    /** @var SafeHTML **/
    private $safeHTML;

    public function __construct(SafeHTML $safeHTML)
    {
        $this->safeHTML = $safeHTML;
    }

    public function IndexAction(Request $request)
    {
        $htmlContent = $request->input("content");
        if ($this->validate($htmlContent)) {
            // TODO: is valid HTML continue the process
        }
    }
}

Prevent XSS from HTML

...

$sanitizedHTML = $safeHTML->sanitizeHTML($content);

Prevent XSS from text

...

$sanitizedText = $safeHTML->sanitize($text);

Prevent XSS from link

...

$sanitizedURL = $safeHTML->sanitizeURL($url);

Available methods

Method	Description
`validate($value)`	Verify text is HTML
`sanitize($value)`	Sanitize text to prevent HTML tags
`sanitizeAll($values)`	Sanitize array of texts to prevent HTML tags
`sanitizeHTML($value)`	Sanitize HTML to prevent XSS vulnerability
`encodeEntities($value)`	Encode special characters to HTML entities
`decodeEntities($value)`	Decode HTML entities to their corresponding characters
`setBlackListPath($blackListPath)`	Set a custom path of the blacklist json file
`getEncoding()`	Get characters encoding
`setEncoding($encodage)`	Set characters encoding

Blacklist file example

You can check the blacklist used by default

{
    "tags": {
        "not-allowed": [],
        "not-allowed-empty": []
    },
    "attributes": {
        "not-allowed": []
    }
}

Exceptions

Name	Code	Description
BlackListNotLoadedException	11	Failed to load blacklist file

Contribute

Contributions to the package are always welcome!

Report any bugs or issues you find.
Clone the code source and submit your pull request.

baddiservices / safehtml

Maintainers

Details