Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aaronpk/p3k-html-sanitizer

Last synced: 19 days ago
JSON representation

Host: GitHub
URL: https://github.com/aaronpk/p3k-html-sanitizer
Owner: aaronpk
License: mit
Created: 2019-11-29T18:25:07.000Z (almost 5 years ago)
Default Branch: main
Last Pushed: 2022-11-19T16:04:37.000Z (almost 2 years ago)
Last Synced: 2024-10-11T15:10:53.693Z (about 1 month ago)
Language: PHP
Size: 13.7 KB
Stars: 6
Watchers: 4
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

        # p3k-html-sanitizer

An HTML sanitizer with good defaults usable for displaying untrusted HTML in applications.

Allows only a basic set of formatting tags, removing all `` tags. Removes all attributes of allowed tags except leaves in Microformats 2 classes.

## Installation

```

composer require p3k/html-sanitizer

```

## Usage

```

$output = p3k\HTML::sanitize($input);

```

### Options

There are a minimal number of options you can pass to the sanitize function:

```

$options = [

  'baseURL' => 'https://example.com/'

];

$output = p3k\HTML::sanitize($input, $options);

```

* `baseURL` - (default `false`)

* `allowImg` - (`true`/`false`, default `true`) - whether to allow `img` tags in the output

* `allowMf2` - (`true`/`false`, default `true`) - whether to allow Microformats 2 classes on elements

* `allowTables` - (`true`/`false`, default `false`) - whether to allow table elements (`table`, `thead`, `tbody`, `tr`, `td`)

## Allowed Tags

The following HTML tags are the only tags allowed in the input. Everything else will be removed.

* `a`

* `abbr`

* `b`

* `br`

* `code`

* `del`

* `em`

* `i`

* `q`

* `strike`

* `strong`

* `time`

* `blockquote`

* `pre`

* `p`

* `h1`

* `h2`

* `h3`

* `h4`

* `h5`

* `h6`

* `ul`

* `li`

* `ol`

* `span`

* `hr`

* `img` - only if `$options['allowImg']` is `true`

* `table`, `thead`, `tbody`, `tfoot`, `tr`, `th`, `td` - only if `$options['allowTables']` is `true`

All attributes other than those below will be removed.

* `<a>` - `href`

* `<img>` - `src width height alt`

* `<time>` - `datetime`

If `$options['allowMf2']` is `true`, class attributes will be removed, except for Microformats 2 class values.

For example:

`<h2 class="p-name name">Hello</h2>`

will become

`<h2 class="p-name">Hello</h2>`