-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathHtmlPurifyRule.php
More file actions
42 lines (35 loc) · 1.09 KB
/
HtmlPurifyRule.php
File metadata and controls
42 lines (35 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<?php
declare(strict_types=1);
namespace KaririCode\Sanitizer\Rule\Html;
use KaririCode\Sanitizer\Contract\SanitizationContext;
use KaririCode\Sanitizer\Contract\SanitizationRule;
/**
* Strips tags and decodes entities — aggressive XSS cleanup.
*
* Applies: strip_tags → html_entity_decode → trim.
* Parameters: allowed (string, tags to preserve).
*
* @author Walmir Silva <walmir.silva@kariricode.org>
*
* @since 3.1.0 ARFA 1.3
*/
final readonly class HtmlPurifyRule implements SanitizationRule
{
#[\Override]
public function sanitize(mixed $value, SanitizationContext $context): mixed
{
if (! \is_string($value)) {
return $value;
}
$allowedRaw = $context->getParameter('allowed', '');
$allowed = \is_string($allowedRaw) ? $allowedRaw : '';
$value = strip_tags($value, '' !== $allowed ? $allowed : null);
$value = html_entity_decode($value, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
return trim($value);
}
#[\Override]
public function getName(): string
{
return 'html.purify';
}
}