Filter HTML

The \Nullai\Hygiene\SanitizeHtml::filterTags() method is a powerful tool for sanitizing HTML content by allowing or blacklisting specific HTML tags and their attributes. This feature is particularly useful for ensuring secure and clean user-generated content.

​

Method Signature

\Nullai\Hygiene\SanitizeHtml::filterTags(string $html, string $tags, bool $allow): string

​

Examples

​

1. Whitelisting Specific Tags and Attributes

Allow only the <p> and <a> tags, preserving the href and class attributes for <a>. All other tags and attributes will be removed.

<?php
echo \Nullai\Hygiene\SanitizeHtml::filterTags(
    html: '<p class="bold"><a href="#" class="underline">Link</a></p><div>Other Content</div>',
    tags: 'a:href|class,p',
    allow: true
);

// Output: <p><a href="#" class="underline">Link</a></p>

​

2. Blacklisting Specific Tags

Remove <iframe> and <script> tags from the input HTML while leaving other tags intact.

<?php
echo \Nullai\Hygiene\SanitizeHtml::filterTags(
    html: '<iframe><iframe><script>alert(true)<script><p>Safe Content</p>',
    tags: 'iframe,script',
    allow: false
);

// Output: <p>Safe Content</p>

​

Common Use Cases

• Content Management Systems (CMS): Allow safe tags (e.g., <p>, <strong>) for user-submitted content.
• Preventing Cross-Site Scripting (XSS): Blacklist potentially dangerous tags such as <script> or <iframe>.
• Custom HTML Filtering: Enforce specific rules for HTML output tailored to your requirements.

​

Best Practices

1. Use Whitelisting: Prioritize whitelisting tags and attributes to ensure security by default.
2. Minimize Attributes: Allow only the essential attributes for each tag to reduce risks.
3. Test Thoroughly: Regularly test the output for edge cases and unusual input to ensure the desired behavior.

With \Nullai\Hygiene\SanitizeHtml::filterTags(), you can easily implement secure and customizable HTML sanitization in your applications.