Skip to content
This repository has been archived by the owner on Nov 25, 2023. It is now read-only.
/ kirby-sanitizer Public archive

Sanitize and filter untrusted HTML input in Kirby 3

License

LGPL-2.1 license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

avoskitchen/kirby-sanitizer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
lib
lib
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
helpers.php
helpers.php
 
 
index.php
index.php
 
 

Repository files navigation

Sanitizer Plugin for Kirby

Handle untrusted user input, e.g. in comments or any other user-submitted form with confidence. The Sanitizer plugin escaped all unsafe HTML tags, corrects illegally nested HTML tags and syntax errors, while keeping a small, well-formed subset of all the HTML tags in existance. Optionally, Markdown can also be enabled.

Installation

Download

Download and copy this repository to /site/plugins/kirby-sanitizer.

Git submodule

git submodule add https://github.com/avoskitchen/kirby-sanitizer.git site/plugins/kirby-sanitizer

Composer

composer require avoskitchen/kirby-sanitizer

Setup

Use the provided helper function sanitize(string $html, array $options = []) in your templates or anywhere else, where you need for sanitize untrusted HTML input. You can also use the corresponding field method $field->sanitize(array $options = []).

Options

Key Default value Description
dir null Sets the text direction of the input HTML. If null, the current locale setting of Kirby is used.
markdown false Parse Markdown commands before sanitization.
smartypants null If not specified, Kirby’s default setting is used.
allowlinks true Allow links in output HTML.
autolinks true Automatically convert all URLs to links. If allowlinks is set to false, this option has no effect.
headingClass  {{ tag }}-sanitized Class to apply to replaced headlines. Available playeholders: {{ tag }} = The full tag name of the replaced (<h[1-6]>) element / {{ level }} = The level ([1-6]) of the replaced element.

You can set global defaults, by prepending any of the options above with the plugin namespace (avoskitchen.sanitizer):

# site/config/config.php

return [
  'avoskitchen.sanitizer.allowlinks' => false,
];

Development

I created this plugin for my own purposes. I will try my best if you report a bug, but if you need any new features, please be aware that I don’t really have time to develop them for your needs. But you are welcome to support the development of this plugin by contributing code. I’m happy to help you with that, if I can.

License

LPGL

Credits

Third-party Libraries

About

Sanitize and filter untrusted HTML input in Kirby 3

Topics

kirby-cms kirby-plugin kirby3-plugin

Resources

Readme

License

LGPL-2.1 license
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages