search

tgalopin / html-sanitizer

Sanitize untrustworthy HTML user input
MIT License
390 stars 41 forks source link

Remove span #40

Open zecka opened 4 years ago

zecka commented 4 years ago

Any way to remove span tag when used 'basic' extension ?

zecka commented 4 years ago

Finaly I create a custom extension who extends BasicExtension

// custom-extension.php
use HtmlSanitizer\Extension\Basic\BasicExtension;
class CustomExtension extends BasicExtension
{
    public function getName(): string
    {
        return 'custom';
    }
    public function createNodeVisitors(array $config = []): array
    {
        $array = parent::createNodeVisitors($config);
        unset($array['span']);
        return $array;
    }
}
// demo.php
require 'custom-extension.php';
$builder = HtmlSanitizer\SanitizerBuilder::createDefault();
$builder->registerExtension(new CustomExtension());
$sanitizer = $builder->build([
    'extensions' => ['custom'],
    'tags'  => [
        'a' => ['allowed_attributes' => ['target']],
    ]
]);
$safeHtml = $sanitizer->sanitize($content);
keywan-ghadami-oxid commented 3 years ago

@zecka thank you, that example helped me to understand things. May I ask why you do not allow span tag in your application?

zecka commented 3 years ago

To be honest, I don't remember why I asked this question, but probably because I was trying to clean up some html content from an old wysiwyg that added spans with custom style tags. Or maybe I was trying to clean up a "description" field from an rss feed to keep only the link tags.