HtmlSanitizerInterface
in
Sanitizes an untrusted HTML input for safe insertion into a document's DOM.
This interface is inspired by the W3C Standard Draft about a HTML Sanitizer API (https://wicg.github.io/sanitizer-api/).
Tags
Table of Contents
Methods
- sanitize() : string
- Sanitizes an untrusted HTML input for a <body> context.
- sanitizeFor() : string
- Sanitizes an untrusted HTML input for a given context.
Methods
sanitize()
Sanitizes an untrusted HTML input for a <body> context.
public
sanitize(string $input) : string
This method is NOT context sensitive: it assumes the returned HTML string will be injected in a "body" context, and therefore will drop tags only allowed in the "head" element. To sanitize a string for injection in the "head" element, use HtmlSanitizerInterface::sanitizeFor().
Parameters
- $input : string
Return values
stringsanitizeFor()
Sanitizes an untrusted HTML input for a given context.
public
sanitizeFor(string $element, string $input) : string
This method is context sensitive: by providing a parent element name (body, head, title, ...), the sanitizer will adapt its rules to only allow elements that are valid inside the given parent element.
Parameters
- $element : string
- $input : string