Add configuration encode helper. (#154)

src/Helper/Encode.php

@@ -17,6 +17,36 @@ final class Encode
 {
     private const HTMLSPECIALCHARS_FLAGS = ENT_QUOTES | ENT_HTML5 | ENT_SUBSTITUTE;
 
+    /**
+     * @var array<string>
+     */
+    private static array $removeEvilAttributes = [
+        'style',
+    ];
+    /**
+     * @var array<string>
+     */
+    private static array $removeEvilHtmlTags = [
+        'button',
+        'form',
+        'input',
+        'select',
+        'svg',
+        'textarea',
+    ];
+
+    /**
+     * Initialize the class with custom configuration.
+     *
+     * @psalm-param array<string> $removeEvilAttributes
+     * @psalm-param array<string> $removeEvilHtmlTags
+     */
+    public static function initialize(array $removeEvilAttributes = [], array $removeEvilHtmlTags = []): void
+    {
+        self::$removeEvilAttributes = $removeEvilAttributes;
+        self::$removeEvilHtmlTags = $removeEvilHtmlTags;
+    }
+
     /**
      * Encodes special characters into HTML entities for use as a tag content i.e. `<div>tag content</div>`.
      *
@@ -56,6 +86,13 @@ public static function value(mixed $value, bool $doubleEncode = true, string $en
         return strtr($value, ['\u{0000}' => '&#0;']); // U+0000 NULL
     }
 
+    /**
+     * Sanitizes HTML content to prevent XSS attacks.
+     *
+     * @param ElementInterface|string ...$values The HTML content to sanitize.
+     *
+     * @return string The sanitized HTML content.
+     */
     public static function santizeXSS(string|ElementInterface ...$values): string
     {
         $cleanHtml = '';
@@ -79,8 +116,8 @@ private static function cleanXSS(string $content): string|array
     {
         $antiXss = new AntiXSS();
 
-        $antiXss->removeEvilHtmlTags(['button', 'form', 'input', 'select', 'svg', 'textarea']);
-        $antiXss->removeEvilAttributes(['style']);
+        $antiXss->removeEvilHtmlTags(self::$removeEvilHtmlTags);
+        $antiXss->removeEvilAttributes(self::$removeEvilAttributes);
 
         return $antiXss->xss_clean($content);
     }

tests/Helper/EncodeTest.php

@@ -5,10 +5,25 @@
 namespace PHPForge\Html\Tests\Helper;
 
 use PHPForge\Html\Helper\Encode;
+use PHPForge\Support\Assert;
 use PHPUnit\Framework\TestCase;
 
 final class EncodeTest extends TestCase
 {
+    public function testInitializate(): void
+    {
+        Encode::initialize(['style'], ['button', 'form', 'input', 'select', 'svg', 'textarea']);
+
+        $this->assertSame(
+            ['style'],
+            Assert::inaccessibleProperty(new Encode(), 'removeEvilAttributes'),
+        );
+        $this->assertSame(
+            ['button', 'form', 'input', 'select', 'svg', 'textarea'],
+            Assert::inaccessibleProperty(new Encode(), 'removeEvilHtmlTags'),
+        );
+    }
+
     /**
      * @dataProvider PHPForge\Html\Tests\Provider\EncodeProvider::encode
      *