Docs Goabase

HTMLSanitizer
in package

Read onlyYes
FinalYes

Sanitize HTML body content

Remove dangerous tags and attributes that can lead to security issues like XSS or HTTP response splitting

Table of Contents

Properties

$allowDOMEvents  : bool
$additionalTags  : string
$allowedTags  : string
$allowJSInUrls  : bool
$allowObjects  : bool
$allowScript  : bool
$allowStyle  : bool

Methods

__construct()  : mixed
Constructor
filterHTTPResponseSplitting()  : string
Filter URLs to avoid HTTP response splitting attacks
removeDOMEventsCallback()  : string
Callback for PCRE
removeJavascriptURL()  : string
Remove potential javascript in urls
removeStyleCallback()  : string
Callback for PCRE
resetAll()  : void
(re)set all options to default value
sanitize()  : string
Sanitize HTML remove dangerous tags and attributes clean urls
sanitizeSrcCallback()  : string
Callback for PCRE
sanitizeURL()  : string
Remove potential flaws in urls
sanitizeURLCallback()  : string
Callback for PCRE
removeEvilAttributes()  : string
Remove dangerous attributes from html tags
removeEvilTags()  : string
Remove dangerous HTML tags
sanitizeHref()  : string
Remove potential flaws in href attributes
sanitizeSrc()  : string
Remove potential flaws in href attributes
removeDOMEvents()  : string
Remove DOM events attributes from html tags
removeStyle()  : string
Remove style attributes from html tags

Properties

Methods

filterHTTPResponseSplitting()

Filter URLs to avoid HTTP response splitting attacks

public filterHTTPResponseSplitting(string $url) : string
Parameters
$url : string

url

Tags
access

public

Return values
string

filtered url

removeDOMEventsCallback()

Callback for PCRE

public removeDOMEventsCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
removeDOMEvents
Return values
string

removeJavascriptURL()

Remove potential javascript in urls

public removeJavascriptURL(string $str) : string
Parameters
$str : string

url

Tags
access

public

Return values
string

filtered url

removeStyleCallback()

Callback for PCRE

public removeStyleCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
removeStyle
Return values
string

resetAll()

(re)set all options to default value

public resetAll() : void

sanitize()

Sanitize HTML remove dangerous tags and attributes clean urls

public sanitize(string $html) : string
Parameters
$html : string

html code

Tags
access

public

Return values
string

sanitized html code

sanitizeSrcCallback()

Callback for PCRE

public sanitizeSrcCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
sanitizeURL
Return values
string

sanitizeURL()

Remove potential flaws in urls

public sanitizeURL(string $url) : string
Parameters
$url : string

url

Tags
access

private

Return values
string

filtered url

sanitizeURLCallback()

Callback for PCRE

public sanitizeURLCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>
Tags
access

private

see
sanitizeURL
Return values
string

removeEvilAttributes()

Remove dangerous attributes from html tags

protected removeEvilAttributes(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeEvilTags()

Remove dangerous HTML tags

protected removeEvilTags(string $str) : string
Parameters
$str : string

html code

Tags
access

private

Return values
string

filtered url

sanitizeHref()

Remove potential flaws in href attributes

protected sanitizeHref(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

sanitizeSrc()

Remove potential flaws in href attributes

protected sanitizeSrc(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeDOMEvents()

Remove DOM events attributes from html tags

private removeDOMEvents(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag

removeStyle()

Remove style attributes from html tags

private removeStyle(string $str) : string
Parameters
$str : string

html tag

Tags
access

private

Return values
string

filtered html tag


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results