Skip to content

Instantly share code, notes, and snippets.

@hparadiz

hparadiz/Artician HTML purification

Created July 1, 2020 17:27
Show Gist options
  • Save hparadiz/260cf98562efa362d5e589b2133b042d to your computer and use it in GitHub Desktop.
Save hparadiz/260cf98562efa362d5e589b2133b042d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Artician HTML purification
<?php
/**********************************************************/
/* HTML PURIFICATION */
/**********************************************************/
/* string purify
*
* @param $dirty_html string
* @param $lite bool Disallow everything except u,l,i,h1,h2,h3,h4,h5,h6,strong,em,span,div; Also disallow style/class
* @param $customize bool
*
* @returns Purified HTML
*/
function purify($dirty_html,$lite = FALSE, $customize = FALSE,$css_tricks = FALSE) {
require_once '/var/www/artician/artician.com/htdocs/classes/htmlpurifier/HTMLPurifier.auto.php';
require_once '/var/www/artician/artician.com/htdocs/classes/htmlpurifier/HTMLPurifier.func.php';
$config = HTMLPurifier_Config::createDefault();
//Configuration
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); // replace with your doctype
$config->set('Core.EscapeNonASCIICharacters', false);
$config->set('Attr.AllowedRel', array('nofollow'));
$config->set('HTML.Nofollow', true); // Add Nofollow to all outgoing links
//Customize Mode, Allows ID
if($customize) {
$config->set('Attr.EnableID',TRUE);
$config->set('HTML.AllowedAttributes', array('id','src','style','class','href','type','name','title','id','alt','class','style','border','width','height','rel','cellspacing','cellpadding'));
$config->set('HTML.Allowed', 'a[href],strong,em,ol[type|start],ul[type],li,blockquote,h1,h2,h3,h4,h5,h6,b,u,i,img[src],p,br,font,hr,td,th,tr,table,sup,sub,small,span,div,center,link,*[name|title|id|alt|class|style|border|width|height|rel|cellspacing|cellpadding]');
}
//Is In Line Text?
if($lite) {
$config->set('HTML.ForbiddenAttributes', array('style','class'));
$config->set('HTML.Allowed', 'a[href],strong,em,ol[type|start],ul[type],li,blockquote,h1,h2,h3,h4,h5,h6,b,u,i,p,br,font,sup,sub,small,span,div,center');
}
else {
$config->set('HTML.SafeEmbed',TRUE);
$config->set('HTML.SafeObject',TRUE);
}
//Enable CSS Tricks, Such as display:*, !important cascade modifiers, and proprietary CSS values
if ($css_tricks) {
$config->set('CSS.Proprietary', TRUE);
$config->set('CSS.AllowTricky', TRUE);
$config->set('CSS.AllowImportant', TRUE);
}
$purifier = new HTMLPurifier($config);
$html = $purifier->purify($dirty_html);
return $html;
}
function purify_cleanHTML($dirty_html,$allowed='a[href|target],strong,em,ol[type|start],ul[type],li,blockquote,h1,h2,h3,h4,h5,h6,b,u,i,img[src],p,br,font,hr,td,th,tr,table,sup,sub,small,span,div,center,link,*[name|title|alt|class|style|border|width|height|rel|cellspacing|cellpadding]',$AllowedAttributes=array('style','class'),$ForbiddenElements=array('iframe')) {
require_once '/var/www/artician/artician.com/htdocs/classes/htmlpurifier/HTMLPurifier.auto.php';
require_once '/var/www/artician/artician.com/htdocs/classes/htmlpurifier/HTMLPurifier.func.php';
$config = HTMLPurifier_Config::createDefault();
// configuration goes here:
//$config->set('HTML.TidyLevel', 'light');
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); // replace with your doctype
$config->set('HTML.ForbiddenElements', $ForbiddenElements);
$config->set('HTML.DefinitionID', 'new-filter-for-user-input');
$config->set('HTML.DefinitionRev', 1);
//No caching of this filter definition - remove later!
$config->set('HTML.Allowed', $allowed);
$config->set('HTML.AllowedAttributes', $AllowedAttributes);
$purifier = new HTMLPurifier($config);
$html = $purifier->purify($dirty_html);
return $html;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment