I’m fairly new to PHP and Laravel, and I’ve been trying to figure out how to properly handle HTML content from a WYSIWYG editor, before storing in the string in db. I’ve experimented with a couple of packages:
https://github.com/mewebstudio/Purifier https://github.com/stevebauman/purify
Most of the tutorials i find here and other sources use markdown editor, but unfortunately I can't use a markdown editor as the client requirement is to use a WYSIWYG Editor like ckeditor or tinymce.
Could you anyone point me to a resource that help me with handle html and css sanitisation and remove all & any kind of js (including inline js)
Thank you in advance.
You need a KSES/HTML Filter package which will let you filter out any HTML tags/attributes that are not on your allow list. That way you can define which tags you want to allow & what attributes you want to allow on those tags. You can try this package though it hasn't been updated in a while.
@amitgupta thanks for the reply.
But this package seems not maintained anymore. I was also looking for any courses or video series regarding how to handle this kind of data.
@mangola I gave an example of the kind of package you need & I did say it hasn't been updated in a while.
ezyang/htmlpurifier is another package which does the same thing & is actively maintained. If that doesn't work for you then find something else which does. For your purpose you need a way to allow only certain tags & certain attributes on each tag.
Please or to participate in this conversation.