/**
* Filter unwanted attributes from tags
*
* This includes event handler attributes ('onload', 'onclick' etc.)
* e.g. '<body onload="alert('XSS');">'
*
* @param string $str
* @return string
*/
public function filter($str)
{
$str = $this->tagFinder->findTags($str, function ($fullTag, $attributes) {
return $this->removeAttribute($fullTag, $attributes);
});
return $str;
}
/**
* @dataProvider findTagsReplacementDataProvider
* @param string $str
* @param string $replacement
* @param string $expected
*/
public function testFindTagsReplacement($str, $replacement, $expected)
{
$tagFinder = new TagFinder\ByAttribute('title');
$replacer = function () use($replacement) {
return $replacement;
};
$actual = $tagFinder->findTags($str, $replacer);
$this->assertEquals($expected, $actual);
}
