SVGSanitizer
in package
Class SVGSanitizer
simplified/compact version of svg-sanitizer - https://github.com/darylldoyle/svg-sanitizer by Daryll Doyle
Table of Contents
- SCRIPT_REGEX = '/(?:\\w+script|data):/xi'
- Regex to catch script and data values in attributes
- $allowedAttrs : array<string|int, mixed>
- $allowedTags : array<string|int, mixed>
- $minifyXML : bool
- $removeRemoteReferences : bool
- $removeXMLTag : bool
- $xmlDocument : DOMDocument
- $xmlLoaderValue : mixed
- $xmlOptions : int
- __construct() : mixed
- clean() : mixed
- SVGSanitizer::clean('<svg ...>')
- getAllowedAttrs() : array<string|int, mixed>
- Get the array of allowed attributes
- getAllowedTags() : array<string|int, mixed>
- Get the array of allowed tags
- getXMLOptions() : int
- Get XML options to use when saving XML See: DOMDocument::saveXML
- minify() : mixed
- Should we minify the output?
- removeRemoteReferences() : mixed
- Should we remove references to remote files?
- removeXMLTag() : mixed
- Should we remove the XML tag in the header?
- sanitize() : string
- Sanitize the passed string
- setAllowedAttrs() : mixed
- Set custom allowed attributes
- setAllowedTags() : mixed
- Set custom allowed tags
- setXMLOptions() : mixed
- Set XML options to use when saving XML See: DOMDocument::saveXML
- cleanAttributesOnWhitelist() : mixed
- Only allow attributes that are on the whitelist
- cleanHrefs() : mixed
- Clean the hrefs of script and data embeds
- cleanXlinkHrefs() : mixed
- Clean the xlink:hrefs of script and data embeds
- hasRemoteReference() : bool
- Does this attribute value have a remote reference?
- isAriaAttribute() : bool
- Check to see if an attribute is an aria attribute or not
- isDataAttribute() : bool
- Check to see if an attribute is an data attribute or not
- isUseTagDirty() : bool
- Make sure our use tag is only referencing internal resources
- removeDoctype() : mixed
- Remove the XML Doctype It may be caught later on output but that seems to be buggy, so we need to make sure it's gone
- removeNonPrintableCharacters() : bool
- Removes non-printable ASCII characters from string & trims it
- resetAfter() : mixed
- Reset the class after use
- resetInternal() : mixed
- Set up the DOMDocument
- setUpBefore() : mixed
- Set up libXML before we start
- startClean() : mixed
- Start the cleaning with tags, then we move onto attributes and hrefs later
Constants
SCRIPT_REGEX
Regex to catch script and data values in attributes
public
mixed
SCRIPT_REGEX
= '/(?:\\w+script|data):/xi'
Properties
$allowedAttrs
protected
array<string|int, mixed>
$allowedAttrs
$allowedTags
protected
array<string|int, mixed>
$allowedTags
$minifyXML
protected
bool
$minifyXML
= \false
$removeRemoteReferences
protected
bool
$removeRemoteReferences
= \false
$removeXMLTag
protected
bool
$removeXMLTag
= \false
$xmlDocument
protected
DOMDocument
$xmlDocument
$xmlLoaderValue
protected
mixed
$xmlLoaderValue
$xmlOptions
protected
int
$xmlOptions
= \LIBXML_NOEMPTYTAG
Methods
__construct()
public
__construct() : mixed
Return values
mixed —clean()
SVGSanitizer::clean('<svg ...>')
public
static clean(mixed $svgText) : mixed
Parameters
- $svgText : mixed
Return values
mixed —getAllowedAttrs()
Get the array of allowed attributes
public
getAllowedAttrs() : array<string|int, mixed>
Return values
array<string|int, mixed> —getAllowedTags()
Get the array of allowed tags
public
getAllowedTags() : array<string|int, mixed>
Return values
array<string|int, mixed> —getXMLOptions()
Get XML options to use when saving XML See: DOMDocument::saveXML
public
getXMLOptions() : int
Return values
int —minify()
Should we minify the output?
public
minify([bool $shouldMinify = false ]) : mixed
Parameters
- $shouldMinify : bool = false
Return values
mixed —removeRemoteReferences()
Should we remove references to remote files?
public
removeRemoteReferences([bool $removeRemoteRefs = false ]) : mixed
Parameters
- $removeRemoteRefs : bool = false
Return values
mixed —removeXMLTag()
Should we remove the XML tag in the header?
public
removeXMLTag([bool $removeXMLTag = false ]) : mixed
Parameters
- $removeXMLTag : bool = false
Return values
mixed —sanitize()
Sanitize the passed string
public
sanitize(string $dirty) : string
Parameters
- $dirty : string
Return values
string —setAllowedAttrs()
Set custom allowed attributes
public
setAllowedAttrs(array<string|int, mixed> $allowedAttrs) : mixed
Parameters
- $allowedAttrs : array<string|int, mixed>
Return values
mixed —setAllowedTags()
Set custom allowed tags
public
setAllowedTags(array<string|int, mixed> $allowedTags) : mixed
Parameters
- $allowedTags : array<string|int, mixed>
Return values
mixed —setXMLOptions()
Set XML options to use when saving XML See: DOMDocument::saveXML
public
setXMLOptions(int $xmlOptions) : mixed
Parameters
- $xmlOptions : int
Return values
mixed —cleanAttributesOnWhitelist()
Only allow attributes that are on the whitelist
protected
cleanAttributesOnWhitelist(DOMElement $element) : mixed
Parameters
- $element : DOMElement
Return values
mixed —cleanHrefs()
Clean the hrefs of script and data embeds
protected
cleanHrefs(DOMElement $element) : mixed
Parameters
- $element : DOMElement
Return values
mixed —cleanXlinkHrefs()
Clean the xlink:hrefs of script and data embeds
protected
cleanXlinkHrefs(DOMElement $element) : mixed
Parameters
- $element : DOMElement
Return values
mixed —hasRemoteReference()
Does this attribute value have a remote reference?
protected
hasRemoteReference( $value) : bool
Parameters
Return values
bool —isAriaAttribute()
Check to see if an attribute is an aria attribute or not
protected
isAriaAttribute( $attributeName) : bool
Parameters
Return values
bool —isDataAttribute()
Check to see if an attribute is an data attribute or not
protected
isDataAttribute( $attributeName) : bool
Parameters
Return values
bool —isUseTagDirty()
Make sure our use tag is only referencing internal resources
protected
isUseTagDirty(DOMElement $element) : bool
Parameters
- $element : DOMElement
Return values
bool —removeDoctype()
Remove the XML Doctype It may be caught later on output but that seems to be buggy, so we need to make sure it's gone
protected
removeDoctype() : mixed
Return values
mixed —removeNonPrintableCharacters()
Removes non-printable ASCII characters from string & trims it
protected
removeNonPrintableCharacters(string $value) : bool
Parameters
- $value : string
Return values
bool —resetAfter()
Reset the class after use
protected
resetAfter() : mixed
Return values
mixed —resetInternal()
Set up the DOMDocument
protected
resetInternal() : mixed
Return values
mixed —setUpBefore()
Set up libXML before we start
protected
setUpBefore() : mixed
Return values
mixed —startClean()
Start the cleaning with tags, then we move onto attributes and hrefs later
protected
startClean(DOMNodeList $elements) : mixed
Parameters
- $elements : DOMNodeList