luketowers/purifier
Laravel 5 HtmlPurifier Package
Maintainers
Requires
- php: >=5.5.9
- ezyang/htmlpurifier: 4.8.*
- illuminate/config: 5.1.*|5.2.*|5.3.*|5.4.*|5.5.*|5.6.*|5.7.*|5.8.*
- illuminate/filesystem: 5.1.*|5.2.*|5.3.*|5.4.*|5.5.*|5.6.*|5.7.*|5.8.*
- illuminate/support: 5.1.*|5.2.*|5.3.*|5.4.*|5.5.*|5.6.*|5.7.*|5.8.*
Requires (Dev)
- graham-campbell/testbench: ^5.0
- mockery/mockery: 0.9.*
- phpunit/phpunit: ^4.8|^5.0|^7.0
- scrutinizer/ocular: ^1.3
Suggests
- laravel/framework: To test the Laravel bindings
- laravel/lumen-framework: To test the Lumen bindings
Provides
None
Conflicts
None
Replaces
None
MIT 688c4187a59800cf581496965dfed52448111601
- Muharrem ERΔ°N <me.woop@mewebstudio.com>
- Luke Towers <laravel.purifier.woop@luketowers.cs>
securityhtmlpurifierxssPurifierlaravel5 HtmlPurifierlaravel5 Purifierlaravel5 Security
README
A simple Laravel 5 service provider for including the HTMLPurifier for Laravel 5.
This package can be installed via Composer by including the repository and requiring the luketowers/purifier package in your project's composer.json:
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/LukeTowers/Purifier"
}
],
"require": {
"laravel/framework": "~5.0",
"luketowers/purifier": "~3.0",
}
}
Update your packages with composer update or install with composer install.
Usage
To use the HTMLPurifier Service Provider, you must register the provider when bootstrapping your Laravel application. There are essentially two ways to do this.
Find the providers key in config/app.php and register the HTMLPurifier Service Provider.
'providers' => [ // ... LukeTowers\Purifier\PurifierServiceProvider::class, ]
Find the aliases key in app/config/app.php.
'aliases' => [ // ... 'Purifier' => LukeTowers\Purifier\Facades\Purifier::class, ]
Configuration
To use your own settings, publish config.
$ php artisan vendor:publish --provider="LukeTowers\Purifier\PurifierServiceProvider"
Config file config/purifier.php should like this
return [ 'encoding' => 'UTF-8', 'finalize' => true, 'cachePath' => storage_path('app/purifier'), 'cacheFileMode' => 0755, 'settings' => [ 'default' => [ 'HTML.Doctype' => 'HTML 4.01 Transitional', 'HTML.Allowed' => 'div,b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style],img[width|height|alt|src]', 'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align', 'AutoFormat.AutoParagraph' => true, 'AutoFormat.RemoveEmpty' => true, ], 'test' => [ 'Attr.EnableID' => 'true', ], "youtube" => [ "HTML.SafeIframe" => 'true', "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%", ], 'custom_definition' => [ 'id' => 'html5-definitions', 'rev' => 1, 'debug' => false, 'elements' => [ // http://developers.whatwg.org/sections.html ['section', 'Block', 'Flow', 'Common'], ['nav', 'Block', 'Flow', 'Common'], ['article', 'Block', 'Flow', 'Common'], ['aside', 'Block', 'Flow', 'Common'], ['header', 'Block', 'Flow', 'Common'], ['footer', 'Block', 'Flow', 'Common'], // Content model actually excludes several tags, not modelled here ['address', 'Block', 'Flow', 'Common'], ['hgroup', 'Block', 'Required: h1 | h2 | h3 | h4 | h5 | h6', 'Common'], // http://developers.whatwg.org/grouping-content.html ['figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'], ['figcaption', 'Inline', 'Flow', 'Common'], // http://developers.whatwg.org/the-video-element.html#the-video-element ['video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', 'width' => 'Length', 'height' => 'Length', 'poster' => 'URI', 'preload' => 'Enum#auto,metadata,none', 'controls' => 'Bool', ]], ['source', 'Block', 'Flow', 'Common', [ 'src' => 'URI', 'type' => 'Text', ]], // http://developers.whatwg.org/text-level-semantics.html ['s', 'Inline', 'Inline', 'Common'], ['var', 'Inline', 'Inline', 'Common'], ['sub', 'Inline', 'Inline', 'Common'], ['sup', 'Inline', 'Inline', 'Common'], ['mark', 'Inline', 'Inline', 'Common'], ['wbr', 'Inline', 'Empty', 'Core'], // http://developers.whatwg.org/edits.html ['ins', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ['del', 'Block', 'Flow', 'Common', ['cite' => 'URI', 'datetime' => 'CDATA']], ], 'attributes' => [ ['iframe', 'allowfullscreen', 'Bool'], ['table', 'height', 'Text'], ['td', 'border', 'Text'], ['th', 'border', 'Text'], ['tr', 'width', 'Text'], ['tr', 'height', 'Text'], ['tr', 'border', 'Text'], ], ], 'custom_attributes' => [ ['a', 'target', 'Enum#_blank,_self,_target,_top'], ], 'custom_elements' => [ ['u', 'Inline', 'Inline', 'Common'], ], ], ];
Example
default
clean(Input::get('inputname'));
or
Purifier::clean(Input::get('inputname'));
dynamic config
clean('This is my H1 title', 'titles'); clean('This is my H1 title', array('Attr.EnableID' => true));
or
Purifier::clean('This is my H1 title', 'titles'); Purifier::clean('This is my H1 title', array('Attr.EnableID' => true));