baddiservices/safehtml

Safe HTML package help to prevent XSS vulnerability via HTML content

Maintainers

Details

github.com/5baddi/safe-html

Source

Issues

Installs: 72

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

v0.0.8 2022-05-20 13:35 UTC

Requires

Requires (Dev)

MIT 611528292f3fb5fdb75dff0fccbd8074757d0e30

  • 5baddi <project.woop@baddi.info>

This package is auto-updated.

Last update: 2024-10-20 19:07:21 UTC

README

Licence PHP Version Open issues Stars Downloads Twitter Follow

Safe HTML package help to prevent XSS vulnerability via HTML content.

Installation

Use Composer to install the package:

$ composer require baddiservices/safehtml

Examples

Validate the input is HTML or not

...

use BADDIServices\SafeHTML\SafeHTML;

class DemoController extends Controller
{
    /** @var SafeHTML **/
    private $safeHTML;

    public function __construct(SafeHTML $safeHTML)
    {
        $this->safeHTML = $safeHTML;
    }

    public function IndexAction(Request $request)
    {
        $htmlContent = $request->input("content");
        if ($this->validate($htmlContent)) {
            // TODO: is valid HTML continue the process
        }
    }
}

Prevent XSS from HTML

...

$sanitizedHTML = $safeHTML->sanitizeHTML($content);

Prevent XSS from text

...

$sanitizedText = $safeHTML->sanitize($text);

Prevent XSS from link

...

$sanitizedURL = $safeHTML->sanitizeURL($url);

Available methods

Blacklist file example

You can check the blacklist used by default

{
    "tags": {
        "not-allowed": [],
        "not-allowed-empty": []
    },
    "attributes": {
        "not-allowed": []
    }
}

Exceptions

Contribute

Contributions to the package are always welcome!

  • Report any bugs or issues you find.
  • Clone the code source and submit your pull request.