$xss_disalowed_attibutes
$xss_disalowed_attibutes : array
Remove bad attributes such as style, onclick and xmlns
$xss_naughty_scripts : \TriTan\Common\type
Smilar to $this->xss_naughty_html, but instead of looking for tags it looks for PHP and JavaScript commands that are disallowed. Rather than removing the code, it simply converts the parenthesis to entities rendering the code un-executable.
purify(string $string, boolean $is_image = false) : string
Escaping for rich text.
This method should only be used on output. With the exception of uploading images, never use this method on input. All inputted data should be accepted and then purified on output for optimal results. For output of images, make sure to escape with esc_url().
string | $string | |
boolean | $is_image | Description |
Escaped rich text.
entityDecode( $string, $charset = 'UTF-8') : string
HTML Entities Decode
This function is a replacement for html_entity_decode()
The reason we are not using html_entity_decode() by itself is because while it is not technically correct to leave out the semicolon at the end of an entity most browsers will still interpret the entity correctly. html_entity_decode() does not convert entities without semicolons, so we are left with our own little solution here. Bummer.
$string | ||
$charset |
jsLinkRemoval( $match) : string
JS Link Removal
Callback function for $this->purify() to sanitize links This limits the PCRE backtracks, making it more performance friendly and prevents PREG_BACKTRACK_LIMIT_ERROR from being triggered in PHP 5.2+ on link-heavy strings
$match |
jsImgRemoval( $match) : string
JS Image Removal
Callback function for $this->purify() to sanitize image tags This limits the PCRE backtracks, making it more performance friendly and prevents PREG_BACKTRACK_LIMIT_ERROR from being triggered in PHP 5.2+ on image tag heavy strings
$match |