|
| 1 | +<?php |
| 2 | +/** |
| 3 | + * Class HTMLSanitizer |
| 4 | + * |
| 5 | + * @filesource HTMLSanitizer.php |
| 6 | + * @created 24.04.2018 |
| 7 | + * @package chillerlan\BBCode\Output\HTML |
| 8 | + * @author smiley <smiley@chillerlan.net> |
| 9 | + * @copyright 2018 smiley |
| 10 | + * @license MIT |
| 11 | + */ |
| 12 | + |
| 13 | +namespace chillerlan\BBCode\Output\HTML; |
| 14 | + |
| 15 | +use chillerlan\BBCode\SanitizerAbstract; |
| 16 | + |
| 17 | +class HTMLSanitizer extends SanitizerAbstract{ |
| 18 | + |
| 19 | + /** |
| 20 | + * Sanitizes the input before parsing to prevent vulnerabilities or compatibility problems. |
| 21 | + * |
| 22 | + * @param $content string to sanitize |
| 23 | + * |
| 24 | + * @return string |
| 25 | + */ |
| 26 | + public function sanitizeInput(string $content):string{ |
| 27 | + return htmlspecialchars($content, ENT_NOQUOTES | ENT_SUBSTITUTE | ENT_DISALLOWED | ENT_HTML5, 'UTF-8', false); |
| 28 | + } |
| 29 | + |
| 30 | + /** |
| 31 | + * Sanitizes the output after parsing to prevent user created xss etc. |
| 32 | + * Here you can run things like HTMLPurifier or whatever |
| 33 | + * |
| 34 | + * @param string $content |
| 35 | + * |
| 36 | + * @return string |
| 37 | + */ |
| 38 | + public function sanitizeOutput(string $content):string{ |
| 39 | + return $content; |
| 40 | + } |
| 41 | +} |
0 commit comments