Skip to content
This repository has been archived by the owner on Nov 23, 2024. It is now read-only.
/ kirby3-htmlpurifier Public archive

Static class method, Uniform-Guard and Field-Method to filter your "dirty" HTML inputs to "clean" HTML.

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bnomei/kirby3-htmlpurifier

BranchesTags

Repository files navigation

Kirby HtmlPurifier

Release Downloads Build Status Coverage Status Maintainability Twitter

Static class method, Uniform-Guard and Field-Method to filter your "dirty" HTML inputs to "clean" HTML.

strip_tags and PHP Input Filter are not good enough for you? Installing a plugin that has a dependency with lots of code does not bother you? You are willing to take the performance hit if you use it? Read on then...

Installation

  • unzip master.zip as folder site/plugins/kirby3-htmlpurifier or
  • git submodule add https://github.com/bnomei/kirby3-htmlpurifier.git site/plugins/kirby3-htmlpurifier or
  • composer require bnomei/kirby3-htmlpurifier

Usage PHP

$cleanHtml = \Bnomei\HtmlPurifier::purify($dirtyHtml);

Usage Uniform-Guard

Because of the plugin loading order the htmlPurifyGuard will only be available with composer installations of this plugin.

$form = new \Uniform\Form;

if (kirby()->request()->is('POST')) {

    $form->honeypotGuard() // needs to be called explicitly now
        ->htmlPurifyGuard(); // purified all data

    if ($form->success()) {
        // ...
    }
}

Usage Field-Method

$dirtHtml = (string) $page->myfield();
$cleanHtml = (string) $page->myfield()->htmlPurify();
$cleanHtml = (string) $page->myfield()->kirbytext()->htmlPurify();

Usage with KQL for headless

If you want to make extra sure your html output to headless is valid html you can purify your fields. Be advised that this will come with a performance penalty since purification is no simple task.

⚠️ All proprietary elements (<template>, ...) and attributes (srcset, sizes, data-*, x-*:, @*:, ...) will be removed!

KQL Query

{
    "query": "page('photography')",
    "select": {
        "url": true,
        "title": true,
        "textWithPurifiedHtml": "page.text.kirbytext.htmlPurify"
    }
}

Example: Vue

<div v-html="textWithPurifiedHtml"></div>

Settings

bnomei.htmlpurifier. Default Description
config callback overwrite this to adjust the config of used HtmlPurifier dependency

Dependecies

Disclaimer

This plugin is provided "as is" with no guarantee. Use it at your own risk and always test it yourself before using it in a production environment. If you find any issues, please create a new issue.

License

MIT

It is discouraged to use this plugin in any project that promotes racism, sexism, homophobia, animal abuse, violence or any other form of hate speech.

About

Static class method, Uniform-Guard and Field-Method to filter your "dirty" HTML inputs to "clean" HTML.

Topics

html security input filter headless xss form submit safe uniform kses sanitize striptags kirby3 kirby3-cms kirby3-plugin kql htmlawed

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 4

upgraded dependencies Latest
Apr 20, 2023
+ 3 releases

Languages