ircmaxell / stauros
A fast XSS cleaner for PHP
Installs: 12 384
Dependents: 0
Suggesters: 0
Security: 0
Stars: 118
Watchers: 20
Forks: 10
Open Issues: 2
Requires
- php-64bit: >=5.5
Requires (Dev)
- ezyang/htmlpurifier: dev-master
- friendsofphp/php-cs-fixer: 1.*
- phpunit/phpunit: ^4.8|^5.0
This package is auto-updated.
Last update: 2024-11-20 00:46:39 UTC
README
A fast XSS sanitation library for PHP.
##IMPORTANT
THIS IS AN EXPERIMENTAL LIBRARY, USE AT YOUR OWN RISK
How to use it
With the default settings, simply call Stauros->scanHTML():
$stauros = new Stauros;
$clean = $stauros->scanHTML($dirty);
Easy as that
Working with streams
Stauros supports streaming content as well. You can use a stream as input, getting a string as output:
$clean = $stauros->scanHTMLStreamToString($stream);
Or you can use it as a stream to stream process:
$stauros->scanHTMLStreamToStream($input, $output);
Advanced Usage
The configuration class (Stauros\HTML\Config) allows you to specify html tag whitelists, as well as attribute whitelist and implement an attribute callback for further customization.