Name | Date | Size | #Lines | LOC | ||
---|---|---|---|---|---|---|
.. | 03-May-2022 | - | ||||
src/ | H | 03-May-2022 | - | 1,212 | 1,074 | |
CHANGELOG.md | H A D | 16-Oct-2019 | 2.8 KiB | 68 | 39 | |
LICENSE.md | H A D | 16-Oct-2019 | 7.4 KiB | 163 | 129 | |
README.md | H A D | 16-Oct-2019 | 3.4 KiB | 79 | 56 | |
composer.json | H A D | 16-Oct-2019 | 609 | 28 | 27 |
README.md
1htmLawed 2======== 3 4[![Build Status](https://img.shields.io/travis/vanilla/htmlawed.svg?style=flat)](https://travis-ci.org/vanilla/htmlawed) 5[![Coverage](https://img.shields.io/scrutinizer/coverage/g/vanilla/htmlawed.svg?style=flat)](https://scrutinizer-ci.com/g/vanilla/htmlawed/) 6[![Packagist Version](https://img.shields.io/packagist/v/vanilla/htmlawed.svg?style=flat)](https://packagist.org/packages/vanilla/htmlawed) 7![LGPL-3.0](https://img.shields.io/packagist/l/vanilla/htmlawed.svg?style=flat) 8 9A composer wrapper for the [htmLawed](http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/) library to purify & filter HTML. 10Tested with [PHPUnit](http://phpunit.de/) and [PhantomJS](http://phantomjs.org/). 11 12Why use htmLawed? 13----------------- 14 15If your website has any user-generated content then you need to worry about [cross-site scripting (XSS)](http://en.wikipedia.org/wiki/Cross-site_scripting). 16htmLawed will take a piece of potentially malicious html and remove the malicious code, leaving the rest of html behind. 17 18Beyond the base htmLawed library, this package makes htmLawed a composer package and wraps it in an object so that it can be autoloaded. 19 20Installation 21------------ 22 23*htmLawed requres PHP 5.4 or higher* 24 25htmLawed is [PSR-4](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md) compliant and can be installed using [composer](//getcomposer.org). Just add `vanilla/htmlawed` to your composer.json. 26 27```json 28"require": { 29 "vanilla/htmlawed": "~1.0" 30} 31``` 32 33Example 34------- 35 36```php 37echo Htmlawed::filter('<h1>Hello world!'); 38// Outputs: '<h1>Hello world!</h1>'. 39 40echo Htmlawed::filter('<i>nothing to see</i><script>alert("xss")</script>') 41// Outputs: '<i>nothing to see</i>alert("xss")' 42``` 43 44Configs and Specs 45----------------- 46 47The htmLawed filter takes two optional parameters: `$config` and `$spec`. This library provides sensible defaults to these parameters, but you can override them in `Htmlawed::filter()`. 48 49```php 50$xss = "<i>nothing to see <script>alert('xss')</script>"; 51 52// Pass an empty config and spec for no filtering of malicious code. 53echo Htmlawed::filter($xss, [], []); 54// Outputs: '<i>nothing to see <script type="text/javascript">alert("xss")</script></i>' 55 56// Pass safe=1 to turn on all the safe options. 57echo Htmlawed::filter($xss, ['safe' => 1]); 58// Outputs: '<i>nothing to see alert("xss")</i>' 59 60// We provide a convenience method that strips all tags that aren't supposed to be in rss feeds. 61echo Htmlawed::filterRSS('<html><body><h1>Hello world!</h1></body></html>'); 62// Outputs: '<h1>Hello world!</h1>' 63``` 64 65See the [htmLawed documentation](http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s2.2) for the full list of options. 66 67Differences in Vanilla's version of Htmlawed 68-------------------------------------------- 69 70We try and use the most recent version of htmLawed with as few changes as possible so that bug fixes and security 71releases can be merged from the main project. However, We've made a few changes in the source code. 72 73* Balance tags (hl_bal) before validating tags (hl_tag). We found some cases where an unbalanced script tag would not 74 get removed and this addresses that issue. 75* Don't add an extra `<div>` inside of `<blockquote>` tags. 76* Remove naked `<span>`. 77* Change indentation from 1 space to 4 spaces. 78 79*If the original author of htmLawed wants to make any of these changes upstream please get in contact with support@vanillaforums.com.*