baddiservices / safehtml
Safe HTML package help to prevent XSS vulnerability via HTML content
v0.0.8
2022-05-20 13:35 UTC
Requires
- php: >=7.4
- ext-dom: *
- ext-libxml: *
- ext-mbstring: *
Requires (Dev)
- phpunit/phpunit: ^9.5
README
Safe HTML package help to prevent XSS vulnerability via HTML content.
Installation
Use Composer to install the package:
$ composer require baddiservices/safehtml
Examples
Validate the input is HTML or not
... use BADDIServices\SafeHTML\SafeHTML; class DemoController extends Controller { /** @var SafeHTML **/ private $safeHTML; public function __construct(SafeHTML $safeHTML) { $this->safeHTML = $safeHTML; } public function IndexAction(Request $request) { $htmlContent = $request->input("content"); if ($this->validate($htmlContent)) { // TODO: is valid HTML continue the process } } }
Prevent XSS from HTML
... $sanitizedHTML = $safeHTML->sanitizeHTML($content);
Prevent XSS from text
... $sanitizedText = $safeHTML->sanitize($text);
Prevent XSS from link
... $sanitizedURL = $safeHTML->sanitizeURL($url);
Available methods
Blacklist file example
You can check the blacklist used by default
{ "tags": { "not-allowed": [], "not-allowed-empty": [] }, "attributes": { "not-allowed": [] } }
Exceptions
Contribute
Contributions to the package are always welcome!
- Report any bugs or issues you find.
- Clone the code source and submit your pull request.