Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Replaces SilverStripe framework's HtmlEditorSanitiser with a sanitiser based on HTMLPurifier
PHP
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
_config
code
tests
README.md
composer.json

README.md

HtmlPurifierSanitiser module

Replaces HtmlEditorSanitiser (which implements the TinyMCE valid_elements whitelist rules) with a sanitiser based on HTMLPurifier

TinyMCE's whitelist isn't capable of (for instance) allowing hrefs to contain regular http: links but not javascript: links, and so doesn't completely eliminate XSS potential

This class uses the TinyMCE whitelist, but only as a reference for instructions it gives to HTMLPurifier, which is a library designed specifically for filtering HTML to remove XSS vectors

Note that these features in TinyMCE whitelists are not supported:

  • Wildcards (on elements or attributes)

Maintainer Contact

  • Hamish Friedlander

Requirements

  • SilverStripe 3.1+
Something went wrong with that request. Please try again.