Overview
The XSS library cleans given data of any possible XSS. The XSS library uses a whitelist to clean out XSS. Basically, all XML/HTML tags and attributes that are not on the list are removed. This is more reliable than using a blacklist, which only removes elements and attributes that you specify. You may manually load the XSS helper like this:
load::library('xss');
Basic Usage
Cleaning data of XSS is easy:
$clean = xss::clean($dirty);
xss::clean will return FALSE if the supplied data contains invalid XML. Otherwise, it will return the cleaned data.
Note: Because the XSS library uses the XML library
for parsing data, so you must load the XML library before using the XSS
library.
Using A Custom Whitelist
Dingo allows you to specify exactly what elements and attributes are allowed by the XSS filter:
$clean = xss::clean($dirty,array(
'a'=>array('attributes'=>array('href'=>'URL','title'=>'/^([ \-_a-zA-Z0-9\.\/\!]+)$/'),
'img'=>array('attributes'=>array('src'=>'URL','title'=>'ANY','alt'=>'ANY')),
'b'=>array('transform'=>'strong'),
'i'=>array('transform'=>'em'),
'strong'=>array(),
'em'=>array(),
'p'=>array()
));
© 2008 - 2010 Evan Byrne