munichresearch/yii2_cached_purifier

Cache purified content to increase performance

dev-master 2018-03-14 20:10 UTC

This package is not auto-updated.

Last update: 2024-12-13 21:10:14 UTC


README

Yii2 component that caches the results of HTML Purifier in a cache that implements the yii\caching\CacheInterface. This will remove malicious code (XSS) from strings and make it standards compliant. More information available at the Yii2 Security best practices

Requirements

  • "yiisoft/yii2": ">2.0.0"
  • "ezyang/htmlpurifier": "~4.9.3"
  • "php": ">=5.2"

Install

Via Composer

$ composer require linuskohl/yii2_cached_purifier dev-master

or add

"linuskohl/yii2_cached_purifier": "dev-master"

to the require section of your composer.json file.

Configuration

To use this component, simply add the following code in your application configuration:

return [
    //....
    'components' => [
        'cache'  => [
            'class' => 'yii\redis\Cache',
            'redis' => [
                'hostname' => 'localhost',
                'port'     => 6379,
                'database' => 0,
            ]
        ],
        'cached_purifier' => [
            'class'          => '\munichresearch\yii2_cached_purifier\CachedPurifier',
            'cache'          => 'redis', // name of the cache component
            'cache_duration' => 0, // Duration to store the secured strings. Set it to 0 to disable expiration */
            'key_prefix'     => 'secured_strings::', // Prefix for the cache keys
            'key_hash'       => 'sha512' // Hash used to create key        
        ],
    ],
];

Usage

<?= \Yii::$app->cached_purifier->purify($insecure_string) ?>

License

The MIT License (MIT). Please see License File for more information.