Class yii\helpers\HtmlPurifier

All Classes | Methods
Inheritanceyii\helpers\HtmlPurifier » yii\helpers\BaseHtmlPurifier
Available since version2.0
Source Code https://github.com/yiisoft/yii2/blob/master/framework/helpers/HtmlPurifier.php

HtmlPurifier provides an ability to clean up HTML from any harmful code.

Basic usage is the following:

echo HtmlPurifier::process($html);

If you want to configure it:

echo HtmlPurifier::process($html, [
    'Attr.EnableID' => true,
]);

For more details please refer to HTMLPurifier documentation.

Public Methods

Hide inherited methods

Method Description Defined By
process() Passes markup through HTMLPurifier making it safe to output to end user. yii\helpers\BaseHtmlPurifier

Protected Methods

Hide inherited methods

Method Description Defined By
configure() Allow the extended HtmlPurifier class to set some default config options. yii\helpers\BaseHtmlPurifier

Method Details

Hide inherited methods

configure() protected static method (available since version 2.0.3)

Defined in: yii\helpers\BaseHtmlPurifier::configure()

Allow the extended HtmlPurifier class to set some default config options.

protected static void configure ( $config )
$config \HTMLPurifier_Config 

                protected static function configure($config)
{
}
process() public static method

Defined in: yii\helpers\BaseHtmlPurifier::process()

Passes markup through HTMLPurifier making it safe to output to end user.

public static string process ( $content, $config null )
$content string

The HTML content to purify
$config array|Closure|null

The config to use for HtmlPurifier. If not specified or null the default config will be used. You can use an array or an anonymous function to provide configuration options:

  • An array will be passed to the HTMLPurifier_Config::create() method.

  • An anonymous function will be called after the config was created. The signature should be: function($config) where $config will be an instance of HTMLPurifier_Config.

    Here is a usage example of such a function:

    // Allow the HTML5 data attribute `data-type` on `img` elements.
$content = HtmlPurifier::process($content, function ($config) {
  $config->getHTMLDefinition(true)
         ->addAttribute('img', 'data-type', 'Text');
});
return string

The purified HTML content.

 

                public static function process($content, $config = null)
{
    $configInstance = \HTMLPurifier_Config::create($config instanceof \Closure ? null : $config);
    $configInstance->autoFinalize = false;
    $purifier = \HTMLPurifier::instance($configInstance);
    $purifier->config->set('Cache.SerializerPath', \Yii::$app->getRuntimePath());
    $purifier->config->set('Cache.SerializerPermissions', 0775);
    static::configure($configInstance);
    if ($config instanceof \Closure) {
        call_user_func($config, $configInstance);
    }
    return $purifier->purify($content);
}