HtmlSanitizerInterface
interface HtmlSanitizerInterface
Sanitizes an untrusted HTML input for safe insertion into a document's DOM.
This interface is inspired by the W3C Standard Draft about a HTML Sanitizer API ({see https://wicg.github.io/sanitizer-api/}).
Methods
Sanitizes an untrusted HTML input for a context.
Sanitizes an untrusted HTML input for a given context.
Details
string
sanitize(string$input)
Sanitizes an untrusted HTML input for a context.
This method is NOT context sensitive: it assumes the returned HTML string will be injected in a "body" context, and therefore will drop tags only allowed in the "head" element. To sanitize a string for injection in the "head" element, use {see HtmlSanitizerInterface::sanitizeFor()}.
string
sanitizeFor(string$element,string$input)
Sanitizes an untrusted HTML input for a given context.
This method is context sensitive: by providing a parent element name (body, head, title, ...), the sanitizer will adapt its rules to only allow elements that are valid inside the given parent element.