bnomei / kirby3-htmlpurifier
Static class method, Uniform-Guard and Field-Method to filter your "dirty" HTML inputs to "clean" HTML.
Installs: 463
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 2
Forks: 0
Open Issues: 0
Type:kirby-plugin
Requires
- php: >=7.3.0
- ezyang/htmlpurifier: ^4.12
- getkirby/composer-installer: ^1.1
Requires (Dev)
- getkirby/cms: ^3.2
- mzur/kirby-uniform: ^4.0
- php-coveralls/php-coveralls: ^2.1
- phpunit/phpunit: ^8.3
Suggests
- getkirby/kql: Use this plugin with KQL to make sure you html from fields is valid (like for Vue v-html).
- mzur/kirby-uniform: Use this plugin with Uniform to purify you html inputs.
This package is auto-updated.
Last update: 2024-11-24 18:14:13 UTC
README
Static class method, Uniform-Guard and Field-Method to filter your "dirty" HTML inputs to "clean" HTML.
strip_tags and PHP Input Filter are not good enough for you? Installing a plugin that has a dependency with lots of code does not bother you? You are willing to take the performance hit if you use it? Read on then...
Installation
- unzip master.zip as folder
site/plugins/kirby3-htmlpurifier
or git submodule add https://github.com/bnomei/kirby3-htmlpurifier.git site/plugins/kirby3-htmlpurifier
orcomposer require bnomei/kirby3-htmlpurifier
Usage PHP
$cleanHtml = \Bnomei\HtmlPurifier::purify($dirtyHtml);
Usage Uniform-Guard
Because of the plugin loading order the htmlPurifyGuard
will only be available with composer installations of this plugin.
$form = new \Uniform\Form; if (kirby()->request()->is('POST')) { $form->honeypotGuard() // needs to be called explicitly now ->htmlPurifyGuard(); // purified all data if ($form->success()) { // ... } }
Usage Field-Method
$dirtHtml = (string) $page->myfield(); $cleanHtml = (string) $page->myfield()->htmlPurify(); $cleanHtml = (string) $page->myfield()->kirbytext()->htmlPurify();
Usage with KQL for headless
If you want to make extra sure your html output to headless is valid html you can purify your fields. Be advised that this will come with a performance penalty since purification is no simple task.
⚠️ All proprietary elements (
<template>
, ...) and attributes (srcset
,sizes
,data-*
,x-*:
,@*:
, ...) will be removed!
KQL Query
{ "query": "page('photography')", "select": { "url": true, "title": true, "textWithPurifiedHtml": "page.text.kirbytext.htmlPurify" } }
Example: Vue
<div v-html="textWithPurifiedHtml"></div>
Settings
Dependecies
Disclaimer
This plugin is provided "as is" with no guarantee. Use it at your own risk and always test it yourself before using it in a production environment. If you find any issues, please create a new issue.
License
It is discouraged to use this plugin in any project that promotes racism, sexism, homophobia, animal abuse, violence or any other form of hate speech.