Purify HTML to prevent XSS attacks or unwanted HTML.
This extension provides you with opportunities to purify specific HTML which may is not fully under your control in order to remove possible Cross-Site-Scripting (XSS) attacks.
Simply install the extension with Composer.
composer require elementareteilchen/html-purify
This extension uses ezyang/htmlpurifier, which is set as composer requirement to be loaded automatically.
<hp:purify allowedHtmlTags="strong,em">{someVariableWithPotentialXSS -> f:format.raw()}</hp:purify>
{someVariableWithPotentialXSS -> f:format.raw() -> hp:purify()}
{hp:purify(allowedHtmlTags: 'p,strong', htmlContent: '<p>Text with <strong>HTML</strong> but <em>EM will be removed</em></p>')}
$purifiedHtml = \ElementareTeilchen\HtmlPurify\Service\PurifyService::purify($htmlContent, $allowedHtmlTags);