59 lines
1.3 KiB
YAML
59 lines
1.3 KiB
YAML
|
name: HtmlSanitizerInterface
|
||
|
class_comment: null
|
||
|
dependencies: []
|
||
|
properties: []
|
||
|
methods:
|
||
|
- name: sanitize
|
||
|
visibility: public
|
||
|
parameters:
|
||
|
- name: input
|
||
|
comment: '# * Sanitizes an untrusted HTML input for safe insertion into a document''s
|
||
|
DOM.
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * This interface is inspired by the W3C Standard Draft about a HTML Sanitizer
|
||
|
API
|
||
|
|
||
|
# * ({@see https://wicg.github.io/sanitizer-api/}).
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * @author Titouan Galopin <galopintitouan@gmail.com>
|
||
|
|
||
|
# */
|
||
|
|
||
|
# interface HtmlSanitizerInterface
|
||
|
|
||
|
# {
|
||
|
|
||
|
# /**
|
||
|
|
||
|
# * Sanitizes an untrusted HTML input for a <body> context.
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * This method is NOT context sensitive: it assumes the returned HTML string
|
||
|
|
||
|
# * will be injected in a "body" context, and therefore will drop tags only
|
||
|
|
||
|
# * allowed in the "head" element. To sanitize a string for injection
|
||
|
|
||
|
# * in the "head" element, use {@see HtmlSanitizerInterface::sanitizeFor()}.'
|
||
|
- name: sanitizeFor
|
||
|
visibility: public
|
||
|
parameters:
|
||
|
- name: element
|
||
|
- name: input
|
||
|
comment: '# * Sanitizes an untrusted HTML input for a given context.
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * This method is context sensitive: by providing a parent element name
|
||
|
|
||
|
# * (body, head, title, ...), the sanitizer will adapt its rules to only
|
||
|
|
||
|
# * allow elements that are valid inside the given parent element.'
|
||
|
traits: []
|
||
|
interfaces: []
|