ircmaxell/stauros

A fast XSS cleaner for PHP

Stauros

, _(*1)

A fast XSS sanitation library for PHP., _(*2)

IMPORTANT

THIS IS AN EXPERIMENTAL LIBRARY, USE AT YOUR OWN RISK

How to use it

With the default settings, simply call Stauros->scanHTML():, _(*3)

$stauros = new Stauros;
$clean = $stauros->scanHTML($dirty);

Easy as that, _(*4)

Working with streams

Stauros supports streaming content as well. You can use a stream as input, getting a string as output:, _(*5)

$clean = $stauros->scanHTMLStreamToString($stream);

Or you can use it as a stream to stream process:, _(*6)

$stauros->scanHTMLStreamToStream($input, $output);

Advanced Usage

The configuration class (Stauros\HTML\Config) allows you to specify html tag whitelists, as well as attribute whitelist and implement an attribute callback for further customization., _(*7)