Wallogit.com
2017 © Pedro Peláez
PHP XSS sanitizer tool for HTML
, (*1)
PHP XSS sanitizer tool for HTML, (*2)
Use HTML Purifier., (*3)
This library was created to try to solve the problem of XSS sanitization without using a permissive list, since the HTML which is being sanitized may contain non-standard or unusual syntax (e.g. HTML for emails)., (*4)
This library is also intended for a limited use case whereby it is assumed that the sanitized HTML is only going to be displayed in a limited set of supported browsers (e.g. no need to strip 'vbscript:' code)., (*5)
Via Composer, (*6)
``` bash $ composer require phlib/xss-sanitizer, (*7)
## Usage Create a sanitizer and sanitize some input: ```php $sanitizer = new \Phlib\XssSanitizer\Sanitizer(); $sanitized = $sanitizer->sanitize($htmlInput);
Optionally, extra tags and/or attributes can be specified to be removed, in addition to the defaults:, (*8)
$removeBlocks = ['xss']; $removeAttributes = ['onwebkittransitionend']; $sanitizer = new \Phlib\XssSanitizer\Sanitizer($removeBlocks, $removeAttributes); $sanitized = $sanitizer->sanitize($htmlInput);
This library is intended to prevent XSS vulnerabilities when the resulting HTML is rendered by any of the following browsers:, (*9)
This package is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version., (*10)
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details., (*11)
You should have received a copy of the GNU Lesser General Public License along with this program. If not, see http://www.gnu.org/licenses/., (*12)
PHP XSS sanitizer tool for HTML
LGPL-3.0
PHP XSS sanitizer tool for HTML
PHP XSS sanitizer tool for HTML