rhukster/dom-sanitizer
Composer 安装命令:
composer require rhukster/dom-sanitizer
包简介
A simple but effective DOM/SVG/MathML Sanitizer for PHP 7.4+
README 文档
README
A simple but effective DOM/SVG/MathML Sanitizer for PHP 7.3+. This was created due to my requirements for a performant DOM and specifically SVG sanitizer that was MIT compatible.
This borrows the extensive list of valid tags and attributes in the excellent DOMPurify library for JavaScript, but uses PHP DOMDocument to parse the DOM and filter out dangerous tags and attributes.
Installation
composer require rhukster/dom-sanitizer
Options
Options can be passed to the sanitize() method as an optional array. Default values are:
$options = [ 'remove-namespaces' => false, 'remove-php-tags' => true, 'remove-html-tags' => true, 'remove-xml-tags' => true, 'compress-output' => true, ];
Usage
Sanitizing HTML
The default option but provides with the full list of HTML tags and attributes.
require 'vendor/autoload.php'; use Rhukster\DomSanitizer\DOMSanitizer; $input = file_get_contents('bad.html'); $sanitizer = new DOMSanitizer(DOMSanitizer::HTML); $output = $sanitizer->sanitize($input, [ 'remove-html-tags' => false, ]);
Sanitizing SVG
You can limit the valid tags and attributes by passing DOMSanitizer::SVG to the constructor. This is advisable if you know you are dealing with SVGs.
require 'vendor/autoload.php'; use Rhukster\DomSanitizer\DOMSanitizer; $input = file_get_contents('bad.svg'); $sanitizer = new DOMSanitizer(DOMSanitizer::SVG); $output = $sanitizer->sanitize($input);
Sanitizing MathML
You can limit the valid tags and attributes by passing DOMSanitizer::MATHML to the constructor. This is advisable if you know you are dealing with MathML code.
require 'vendor/autoload.php'; use Rhukster\DomSanitizer\DOMSanitizer; $input = file_get_contents('mathml-sample.xml'); $sanitizer = new DOMSanitizer(DOMSanitizer::MATHML); $output = $sanitizer->sanitize($input, [ 'compress-output' => false, ]);
Modifying the allowed tags and attributes
You have full access to the tags and attributes via the following methods:
public function addAllowedTags(array $allowed_tags): void public function addAllowedAttributes(array $allowed_attributes): void public function addDisallowedTags(array $disallowed_tags): void public function addDisallowedAttributes(array $disallowed_attributes): void public function getAllowedTags(): array public function setAllowedTags(array $allowed_tags): void public function getAllowedAttributes(): array public function setAllowedAttributes(array $allowed_attributes): void public function getDisallowedTags(): array public function setDisallowedTags(array $disallowed_tags): void public function getDisallowedAttributes(): array public function setDisallowedAttributes($disallowed_attributes): void
rhukster/dom-sanitizer 适用场景与选型建议
rhukster/dom-sanitizer 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.76M 次下载、GitHub Stars 达 11, 最近一次更新时间为 2021 年 09 月 22 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 rhukster/dom-sanitizer 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 rhukster/dom-sanitizer 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 2.76M
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 11
- 点击次数: 26
- 依赖项目数: 4
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2021-09-22