baddiservices / safehtml
Safe HTML package help to prevent XSS vulnerability via HTML content
v0.0.8
2022-05-20 13:35 UTC
Requires
- php: >=7.4
- ext-dom: *
- ext-libxml: *
- ext-mbstring: *
Requires (Dev)
- phpunit/phpunit: ^9.5
README
Safe HTML package help to prevent XSS vulnerability via HTML content.
Installation
Use Composer to install the package:
$ composer require baddiservices/safehtml
Examples
Validate the input is HTML or not
... use BADDIServices\SafeHTML\SafeHTML; class DemoController extends Controller { /** @var SafeHTML **/ private $safeHTML; public function __construct(SafeHTML $safeHTML) { $this->safeHTML = $safeHTML; } public function IndexAction(Request $request) { $htmlContent = $request->input("content"); if ($this->validate($htmlContent)) { // TODO: is valid HTML continue the process } } }
Prevent XSS from HTML
... $sanitizedHTML = $safeHTML->sanitizeHTML($content);
Prevent XSS from text
... $sanitizedText = $safeHTML->sanitize($text);
Prevent XSS from link
... $sanitizedURL = $safeHTML->sanitizeURL($url);
Available methods
Method | Description |
---|---|
validate($value) |
Verify text is HTML |
sanitize($value) |
Sanitize text to prevent HTML tags |
sanitizeAll($values) |
Sanitize array of texts to prevent HTML tags |
sanitizeHTML($value) |
Sanitize HTML to prevent XSS vulnerability |
encodeEntities($value) |
Encode special characters to HTML entities |
decodeEntities($value) |
Decode HTML entities to their corresponding characters |
setBlackListPath($blackListPath) |
Set a custom path of the blacklist json file |
getEncoding() |
Get characters encoding |
setEncoding($encodage) |
Set characters encoding |
Blacklist file example
You can check the blacklist used by default
{ "tags": { "not-allowed": [], "not-allowed-empty": [] }, "attributes": { "not-allowed": [] } }
Exceptions
Name | Code | Description |
---|---|---|
BlackListNotLoadedException | 11 | Failed to load blacklist file |
Contribute
Contributions to the package are always welcome!
- Report any bugs or issues you find.
- Clone the code source and submit your pull request.