Public Member Functions | |
| __construct () | |
| resetAll () | |
| addAdditionalTags ($tags) | |
| allowObjects () | |
| allowDOMEvents () | |
| allowScript () | |
| allowJavascriptInUrls () | |
| allowStyle () | |
| allowAllJavascript () | |
| allowAll () | |
| sanitize ($html) | |
Protected Member Functions | |
| filterHTTPResponseSplitting ($url) | |
| removeJavascriptURL ($str) | |
| sanitizeURL ($url) | |
| _sanitizeURLCallback ($matches) | |
| sanitizeHref ($str) | |
| _sanitizeSrcCallback ($matches) | |
| sanitizeSrc ($str) | |
| removeEvilAttributes ($str) | |
| removeDOMEvents ($str) | |
| _removeDOMEventsCallback ($matches) | |
| removeStyle ($str) | |
| _removeStyleCallback ($matches) | |
| removeEvilTags ($str) | |
| _stripTags ($str, $tagList) | |
Protected Attributes | |
| $_allowedTags | |
| $_allowJavascriptEvents | |
| $_allowJavascriptInUrls | |
| $_allowObjects | |
| $_allowScript | |
| $_allowStyle | |
| $_allowInlineStyle | |
| $_additionalTags | |
Sanitize HTML body content Remove dangerous tags and attributes that can lead to security issues like XSS or HTTP response splitting
Definition at line 18 of file htmlsanitizer.lib.php.
| __construct | ( | ) |
Constructor
Definition at line 33 of file htmlsanitizer.lib.php.
| _removeDOMEventsCallback | ( | $ | matches | ) | [protected] |
Callback for PCRE
| array | $matches |
Definition at line 275 of file htmlsanitizer.lib.php.
| _removeStyleCallback | ( | $ | matches | ) | [protected] |
Callback for PCRE
| array | $matches |
Definition at line 305 of file htmlsanitizer.lib.php.
| _sanitizeSrcCallback | ( | $ | matches | ) | [protected] |
Callback for PCRE
| array | $matches |
Definition at line 205 of file htmlsanitizer.lib.php.
| _sanitizeURLCallback | ( | $ | matches | ) | [protected] |
Callback for PCRE
| array | $matches |
Definition at line 180 of file htmlsanitizer.lib.php.
| _stripTags | ( | $ | str, | |
| $ | tagList | |||
| ) | [protected] |
Remove unwanted tags
| string | $str html | |
| string | $tagList allowed tag list |
Definition at line 349 of file htmlsanitizer.lib.php.
| addAdditionalTags | ( | $ | tags | ) |
Add additional tags to allowed tags
| string | $tags |
Definition at line 65 of file htmlsanitizer.lib.php.
| allowAll | ( | ) |
Allow all tags and attributes
Definition at line 123 of file htmlsanitizer.lib.php.
| allowAllJavascript | ( | ) |
Helper to allow all javascript related tags and attributes
Definition at line 113 of file htmlsanitizer.lib.php.
| allowDOMEvents | ( | ) |
Allow DOM event on DOM elements
Definition at line 81 of file htmlsanitizer.lib.php.
| allowJavascriptInUrls | ( | ) |
Allow the use of javascript: in urls
Definition at line 97 of file htmlsanitizer.lib.php.
| allowObjects | ( | ) |
Allow object, embed, applet and param tags in html
Definition at line 73 of file htmlsanitizer.lib.php.
| allowScript | ( | ) |
Allow script tags
Definition at line 89 of file htmlsanitizer.lib.php.
| allowStyle | ( | ) |
Allow style tags and attributes
Definition at line 105 of file htmlsanitizer.lib.php.
| filterHTTPResponseSplitting | ( | $ | url | ) | [protected] |
Filter URLs to avoid HTTP response splitting attacks
| string | $url |
Definition at line 135 of file htmlsanitizer.lib.php.
| removeDOMEvents | ( | $ | str | ) | [protected] |
Remove DOM events attributes from html tags
| string | $str html tag |
Definition at line 253 of file htmlsanitizer.lib.php.
| removeEvilAttributes | ( | $ | str | ) | [protected] |
Remove dangerous attributes from html tags
| string | $str html tag |
Definition at line 229 of file htmlsanitizer.lib.php.
| removeEvilTags | ( | $ | str | ) | [protected] |
Remove dangerous HTML tags private
| string | $str html code |
Definition at line 316 of file htmlsanitizer.lib.php.
| removeJavascriptURL | ( | $ | str | ) | [protected] |
Remove potential javascript in urls
| string | $url |
Definition at line 146 of file htmlsanitizer.lib.php.
| removeStyle | ( | $ | str | ) | [protected] |
Remove style attributes from html tags
| string | $str html tag |
Definition at line 285 of file htmlsanitizer.lib.php.
| resetAll | ( | ) |
(re)set all options to default value
Definition at line 41 of file htmlsanitizer.lib.php.
| sanitize | ( | $ | html | ) |
Sanitize HTML remove dangerous tags and attributes clean urls
| string | $html html code |
Definition at line 384 of file htmlsanitizer.lib.php.
| sanitizeHref | ( | $ | str | ) | [protected] |
Remove potential flaws in href attributes
| string | $str html tag |
Definition at line 190 of file htmlsanitizer.lib.php.
| sanitizeSrc | ( | $ | str | ) | [protected] |
Remove potential flaws in href attributes
| string | $str html tag |
Definition at line 215 of file htmlsanitizer.lib.php.
| sanitizeURL | ( | $ | url | ) | [protected] |
Remove potential flaws in urls
| string | $url |
Definition at line 162 of file htmlsanitizer.lib.php.
$_additionalTags [protected] |
Definition at line 28 of file htmlsanitizer.lib.php.
$_allowedTags [protected] |
Definition at line 21 of file htmlsanitizer.lib.php.
$_allowInlineStyle [protected] |
Definition at line 27 of file htmlsanitizer.lib.php.
$_allowJavascriptEvents [protected] |
Definition at line 22 of file htmlsanitizer.lib.php.
$_allowJavascriptInUrls [protected] |
Definition at line 23 of file htmlsanitizer.lib.php.
$_allowObjects [protected] |
Definition at line 24 of file htmlsanitizer.lib.php.
$_allowScript [protected] |
Definition at line 25 of file htmlsanitizer.lib.php.
$_allowStyle [protected] |
Definition at line 26 of file htmlsanitizer.lib.php.
1.6.3