Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mikemix/zf2htmlpurifier

HTML Purifier as ZF2 filter
https://github.com/mikemix/zf2htmlpurifier

Last synced: about 1 month ago
JSON representation

HTML Purifier as ZF2 filter

Awesome Lists containing this project

README 

        
# zf2htmlpurifier

[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/mikemix/zf2htmlpurifier/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/mikemix/zf2htmlpurifier/?branch=master) [![Code Coverage](https://scrutinizer-ci.com/g/mikemix/zf2htmlpurifier/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/mikemix/zf2htmlpurifier/?branch=master) [![Build Status](https://scrutinizer-ci.com/g/mikemix/zf2htmlpurifier/badges/build.png?b=master)](https://scrutinizer-ci.com/g/mikemix/zf2htmlpurifier/build-status/master)



HTML Purifier as ZF2 filter. Protect yourself from XSS attacks with two simple steps.



Install

-------



Install with [Composer](https://packagist.org/packages/mikemix/zf2htmlpurifier) ```"mikemix/zf2htmlpurifier": "~1.0"```



Use

---



Include in form field's filter chain ```zf2htmlpurifier\Filter\HTMLPurifierFilter```, for example:



```php

add([

            'name' => 'field',

        ]);

    }

    

    public function getInputFilterSpecification()

    {

        return array(

            // other elements

            'field' => array(

                'required' => true,

                'filters' => array(

                    array('name' => 'zf2htmlpurifier\Filter\HTMLPurifierFilter'),

                ),

            ),

        );

    }



    // or with modern php



    public function getInputFilterSpecification()

    {

        return [

            // other elements

            'field' => [

                'required' => true,

                'filters' => [

                    ['name' => zf2htmlpurifier\Filter\HTMLPurifierFilter::class],

                ],

            ],

        ];

    }

}



// in controller (ugly code example without Dependency Injection)



$fm = $this->getServiceLocator()->get('FormElementManager');



$form = $fm->get(MyApp\Form\ExampleForm::class);

$form->setData(['field' => 'link']);

$form->isValid();



// outputs: link

echo $form->getData('field');



```



Fine tuning HTMLPurifier

------------------------



You can pass options to configure the HTMLPurifier library.



```php



// the form



    public function getInputFilterSpecification()

    {

        return [

            // other elements

            'field' => [

                'required' => true,

                'filters' => [

                    ['name' => zf2htmlpurifier\Filter\HTMLPurifierFilter::class, 'options' => ['config' => [

                        'Cache.SerializerPath' => '/other/path',

                        'Some.Setting' => 'Setting value',

                    ]]],

                ],

            ],

        ];

    }



```



Standalone usage

----------------



It can be used as standalone class as well:



```php

$purifier = new \zf2htmlpurifier\Filter\HTMLPurifierFilter();



echo $purifier->filter('link');

```



TODO

----



   * Convert this to Module and allow defining default HTMLPurifier config via the configuration files