Skip to content
This repository has been archived by the owner on Nov 25, 2023. It is now read-only.

Latest commit

 

History

History
71 lines (48 loc) · 2.49 KB

README.md

File metadata and controls

71 lines (48 loc) · 2.49 KB

Sanitizer Plugin for Kirby

Handle untrusted user input, e.g. in comments or any other user-submitted form with confidence. The Sanitizer plugin escaped all unsafe HTML tags, corrects illegally nested HTML tags and syntax errors, while keeping a small, well-formed subset of all the HTML tags in existance. Optionally, Markdown can also be enabled.

Installation

Download

Download and copy this repository to /site/plugins/kirby-sanitizer.

Git submodule

git submodule add https://github.com/avoskitchen/kirby-sanitizer.git site/plugins/kirby-sanitizer

Composer

composer require avoskitchen/kirby-sanitizer

Setup

Use the provided helper function sanitize(string $html, array $options = []) in your templates or anywhere else, where you need for sanitize untrusted HTML input. You can also use the corresponding field method $field->sanitize(array $options = []).

Options

Key Default value Description
dir null Sets the text direction of the input HTML. If null, the current locale setting of Kirby is used.
markdown false Parse Markdown commands before sanitization.
smartypants null If not specified, Kirby’s default setting is used.
allowlinks true Allow links in output HTML.
autolinks true Automatically convert all URLs to links. If allowlinks is set to false, this option has no effect.
headingClass  {{ tag }}-sanitized Class to apply to replaced headlines. Available playeholders: {{ tag }} = The full tag name of the replaced (<h[1-6]>) element / {{ level }} = The level ([1-6]) of the replaced element.

You can set global defaults, by prepending any of the options above with the plugin namespace (avoskitchen.sanitizer):

# site/config/config.php

return [
  'avoskitchen.sanitizer.allowlinks' => false,
];

Development

I created this plugin for my own purposes. I will try my best if you report a bug, but if you need any new features, please be aware that I don’t really have time to develop them for your needs. But you are welcome to support the development of this plugin by contributing code. I’m happy to help you with that, if I can.

License

LPGL

Credits

Third-party Libraries