Class CHtmlPurifier

CHtmlPurifier is wrapper of HTML Purifier.

CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.

CHtmlPurifier can be used as either a widget or a controller filter.

Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.

Usage as a class:

$p = new CHtmlPurifier();
$p->options = array('URI.AllowedSchemes'=>array(
  'http' => true,
  'https' => true,
));
$text = $p->purify($text);

Usage as validation rule:

array('text','filter','filter'=>array($obj=new CHtmlPurifier(),'purify')),

CComponent

CBaseController

CWidget

CFilterWidget implements IFilter

COutputProcessor

CHtmlPurifier

Package: system\web\widgets
Copyright: 2008-2013 Yii Software LLC
License: http://www.yiiframework.com/license/
Author: Qiang Xue <qiang.xue@gmail.com>
Since: 1.0
Located at x2engine/framework/web/widgets/CHtmlPurifier.php

Methods summary
`public`	# `processOutput( string $output )` Processes the captured output. This method purifies the output using HTML Purifier. Processes the captured output. This method purifies the output using HTML Purifier. Parameters `$output` `string` $output the captured output to be processed Overrides `COutputProcessor::processOutput()`
`public mixed`	# `purify( mixed $content )` Purifies the HTML content by removing malicious code. Purifies the HTML content by removing malicious code. Parameters `$content` `mixed` $content the content to be purified. Returns `mixed` the purified content
`public static`	# `setOptions( mixed $options )` Set the options for HTML Purifier and create a new HTML Purifier instance based on these options. Set the options for HTML Purifier and create a new HTML Purifier instance based on these options. Parameters `$options` `mixed` $options the options for HTML Purifier Returns `static` the object instance itself
`public mixed`	# `getOptions( )` Get the options for the HTML Purifier instance. Get the options for the HTML Purifier instance. Returns `mixed` the HTML Purifier instance options
`protected HTMLPurifier`	# `getPurifier( )` Get the HTML Purifier instance or create a new one if it doesn't exist. Get the HTML Purifier instance or create a new one if it doesn't exist. Returns `HTMLPurifier`
`protected HTMLPurifier`	# `createNewHtmlPurifierInstance( )` Create a new HTML Purifier instance. Create a new HTML Purifier instance. Returns `HTMLPurifier`

Methods inherited from COutputProcessor
`init(), onProcessOutput(), run()`

Methods inherited from CFilterWidget
`__construct(), filter(), getIsFilter()`

Methods inherited from CWidget
`actions(), getController(), getId(), getOwner(), getViewFile(), getViewPath(), render(), setId()`

Methods inherited from CBaseController
`beginCache(), beginClip(), beginContent(), beginWidget(), createWidget(), endCache(), endClip(), endContent(), endWidget(), renderFile(), renderInternal(), widget()`

Methods inherited from CComponent
`__call(), __get(), __isset(), __set(), __unset(), asa(), attachBehavior(), attachBehaviors(), attachEventHandler(), canGetProperty(), canSetProperty(), detachBehavior(), detachBehaviors(), detachEventHandler(), disableBehavior(), disableBehaviors(), enableBehavior(), enableBehaviors(), evaluateExpression(), getEventHandlers(), hasEvent(), hasEventHandler(), hasProperty(), raiseEvent()`

Properties inherited from CFilterWidget
`$stopAction`

Properties inherited from CWidget
`$actionPrefix, $skin`

Magic properties inherited from CFilterWidget
`$isFilter`

Magic properties inherited from CWidget
`$controller, $id, $owner, $viewPath`

Packages

Classes

Class CHtmlPurifier

Parameters

Overrides

Parameters

Returns

Parameters

Returns

Returns

Returns

Returns