Docs Goabase

HTML_Sanitizer
in package

Sanitize HTML body content

Remove dangerous tags and attributes that can lead to security issues like XSS or HTTP response splitting

Table of Contents

Properties

$allowDOMEvents  : bool
$additionalTags  : string
$allowedTags  : string
$allowJavascriptInUrls  : bool
$allowObjects  : bool
$allowScript  : bool
$allowStyle  : bool

Methods

__construct()  : mixed
Constructor
allowAllJavascript()  : void
Helper to allow all javascript related tags and attributes
allowDOMEvents()  : void
Allow DOM event on DOM elements
allowJavascriptInUrls()  : void
Allow the use of javascript: in urls
allowObjects()  : void
Allow object, embed, applet and param tags in html
allowScript()  : void
Allow script tags
allowStyle()  : void
Allow style tags and attributes
filterHTTPResponseSplitting()  : string
Filter URLs to avoid HTTP response splitting attacks
removeDOMEvents()  : string
Remove DOM events attributes from html tags
removeDOMEventsCallback()  : string
Callback for PCRE
removeJavascriptURL()  : string
Remove potential javascript in urls
removeStyle()  : string
Remove style attributes from html tags
removeStyleCallback()  : string
Callback for PCRE
resetAll()  : void
(re)set all options to default value
sanitize()  : string
Sanitize HTML remove dangerous tags and attributes clean urls
sanitizeSrcCallback()  : string
Callback for PCRE
sanitizeURL()  : string
Remove potential flaws in urls
sanitizeURLCallback()  : string
Callback for PCRE
removeEvilAttributes()  : string
Remove dangerous attributes from html tags
removeEvilTags()  : string
Remove dangerous HTML tags
sanitizeHref()  : string
Remove potential flaws in href attributes
sanitizeSrc()  : string
Remove potential flaws in href attributes

Properties

Methods

allowAllJavascript()

Helper to allow all javascript related tags and attributes

public allowAllJavascript() : void
Tags
access

public

allowDOMEvents()

Allow DOM event on DOM elements

public allowDOMEvents() : void
Tags
access

public

allowJavascriptInUrls()

Allow the use of javascript: in urls

public allowJavascriptInUrls() : void
Tags
access

public

allowObjects()

Allow object, embed, applet and param tags in html

public allowObjects() : void
Tags
access

public

allowScript()

Allow script tags

public allowScript() : void
Tags
access

public

allowStyle()

Allow style tags and attributes

public allowStyle() : void
Tags
access

public

filterHTTPResponseSplitting()

Filter URLs to avoid HTTP response splitting attacks

public filterHTTPResponseSplitting(string $url) : string
Parameters
$url : string

url

Tags
access

public

Return values
string

filtered url

removeDOMEvents()

Remove DOM events attributes from html tags

public removeDOMEvents(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeDOMEventsCallback()

Callback for PCRE

public removeDOMEventsCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
removeDOMEvents
Return values
string

removeJavascriptURL()

Remove potential javascript in urls

public removeJavascriptURL(string $str) : string
Parameters
$str : string

url

Tags
access

public

Return values
string

filtered url

removeStyle()

Remove style attributes from html tags

public removeStyle(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeStyleCallback()

Callback for PCRE

public removeStyleCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
removeStyle
Return values
string

resetAll()

(re)set all options to default value

public resetAll() : void

sanitize()

Sanitize HTML remove dangerous tags and attributes clean urls

public sanitize(string $html) : string
Parameters
$html : string

html code

Tags
access

public

Return values
string

sanitized html code

sanitizeSrcCallback()

Callback for PCRE

public sanitizeSrcCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
sanitizeURL
Return values
string

sanitizeURL()

Remove potential flaws in urls

public sanitizeURL(string $url) : string
Parameters
$url : string

url

Tags
access

private

Return values
string

filtered url

sanitizeURLCallback()

Callback for PCRE

public sanitizeURLCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
sanitizeURL
Return values
string

removeEvilAttributes()

Remove dangerous attributes from html tags

protected removeEvilAttributes(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeEvilTags()

Remove dangerous HTML tags

protected removeEvilTags(string $str) : string
Parameters
$str : string

html code

Tags
access

private

Return values
string

filtered url

sanitizeHref()

Remove potential flaws in href attributes

protected sanitizeHref(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

sanitizeSrc()

Remove potential flaws in href attributes

protected sanitizeSrc(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results