Skip to content

HTML Purification

Intro

HTML Purification is a process that removes potentially harmful HTML elements and attributes from user-generated content. This is important to prevent Cross-Site Scripting (XSS) attacks, which can be used to steal user data or perform other malicious actions.

Purification Process

The HTML Purification process is handled by the Purifier class. This class uses the HTMLPurifier library to clean up HTML content. The purify method is used to purify HTML content before saving it to the database.

Configuration

The embeds.php configuration file contains the list of approved URLs.

HTML Purifier Service

The HtmlPurifierService class is used to purify HTML content. It provides a purify method that takes the HTML content as input and returns the purified content. At present it is setup specifically to handle iframes.