Docs Goabase

HTML_Sanitizer
in package

Sanitize HTML body content

Remove dangerous tags and attributes that can lead to security issues like XSS or HTTP response splitting

Table of Contents

$_additionalTags  : mixed
$_allowDOMEvents  : bool
$_allowedTags  : mixed
$_allowJavascriptInUrls  : mixed
$_allowObjects  : mixed
$_allowScript  : mixed
$_allowStyle  : mixed
__construct()  : mixed
Constructor
_removeDOMEventsCallback()  : string
Callback for PCRE
_removeStyleCallback()  : string
Callback for PCRE
_sanitizeSrcCallback()  : string
Callback for PCRE
_sanitizeURLCallback()  : string
Callback for PCRE
allowAllJavascript()  : mixed
Helper to allow all javascript related tags and attributes
allowDOMEvents()  : mixed
Allow DOM event on DOM elements
allowJavascriptInUrls()  : mixed
Allow the use of javascript: in urls
allowObjects()  : mixed
Allow object, embed, applet and param tags in html
allowScript()  : mixed
Allow script tags
allowStyle()  : mixed
Allow style tags and attributes
filterHTTPResponseSplitting()  : string
Filter URLs to avoid HTTP response splitting attacks
removeDOMEvents()  : string
Remove DOM events attributes from html tags
removeJavascriptURL()  : string
Remove potential javascript in urls
removeStyle()  : string
Remove style attributes from html tags
resetAll()  : mixed
(re)set all options to default value
sanitize()  : string
Sanitize HTML remove dangerous tags and attributes clean urls
sanitizeURL()  : string
Remove potential flaws in urls
removeEvilAttributes()  : string
Remove dangerous attributes from html tags
removeEvilTags()  : string
Remove dangerous HTML tags
sanitizeHref()  : string
Remove potential flaws in href attributes
sanitizeSrc()  : string
Remove potential flaws in href attributes

Properties

Methods

__construct()

Constructor

public __construct() : mixed
Return values
mixed

_removeDOMEventsCallback()

Callback for PCRE

public _removeDOMEventsCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
removeDOMEvents
Return values
string

_removeStyleCallback()

Callback for PCRE

public _removeStyleCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
removeStyle
Return values
string

_sanitizeSrcCallback()

Callback for PCRE

public _sanitizeSrcCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
sanitizeURL
Return values
string

_sanitizeURLCallback()

Callback for PCRE

public _sanitizeURLCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
sanitizeURL
Return values
string

allowAllJavascript()

Helper to allow all javascript related tags and attributes

public allowAllJavascript() : mixed
Tags
access

public

Return values
mixed

allowDOMEvents()

Allow DOM event on DOM elements

public allowDOMEvents() : mixed
Tags
access

public

Return values
mixed

allowJavascriptInUrls()

Allow the use of javascript: in urls

public allowJavascriptInUrls() : mixed
Tags
access

public

Return values
mixed

allowObjects()

Allow object, embed, applet and param tags in html

public allowObjects() : mixed
Tags
access

public

Return values
mixed

allowScript()

Allow script tags

public allowScript() : mixed
Tags
access

public

Return values
mixed

allowStyle()

Allow style tags and attributes

public allowStyle() : mixed
Tags
access

public

Return values
mixed

filterHTTPResponseSplitting()

Filter URLs to avoid HTTP response splitting attacks

public filterHTTPResponseSplitting(string $url) : string
Parameters
$url : string

url

Tags
access

public

Return values
string

filtered url

removeDOMEvents()

Remove DOM events attributes from html tags

public removeDOMEvents(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeJavascriptURL()

Remove potential javascript in urls

public removeJavascriptURL(string $str) : string
Parameters
$str : string

url

Tags
access

public

Return values
string

filtered url

removeStyle()

Remove style attributes from html tags

public removeStyle(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

resetAll()

(re)set all options to default value

public resetAll() : mixed
Return values
mixed

sanitize()

Sanitize HTML remove dangerous tags and attributes clean urls

public sanitize(string $html) : string
Parameters
$html : string

html code

Tags
access

public

Return values
string

sanitized html code

sanitizeURL()

Remove potential flaws in urls

public sanitizeURL(string $url) : string
Parameters
$url : string

url

Tags
access

private

Return values
string

filtered url

removeEvilAttributes()

Remove dangerous attributes from html tags

protected removeEvilAttributes(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeEvilTags()

Remove dangerous HTML tags

protected removeEvilTags(string $str) : string
Parameters
$str : string

html code

Tags
access

private

Return values
string

filtered url

sanitizeHref()

Remove potential flaws in href attributes

protected sanitizeHref(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

sanitizeSrc()

Remove potential flaws in href attributes

protected sanitizeSrc(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

Search results