/**
* Validate HTML.
*
* @param string $html
* The source HTML.
* @param string $allowed_tags
* The allowed HTML tags.
* @param string $allowed_css
* The allowed css elements.
* @param boolean $trusted
* Whether this is from a trusted source like an admin user.
* @param boolean $full_page
* Whether to allow all HTML.
* TODO: This currently skips all validation and returns the input.
*
* @return string
* The sanitized HTML.
*/
public static function html($html, $allowed_tags = '', $allowed_css = '', $trusted = false, $full_page = false)
{
$purifier = HTMLPurifierWrapper::getInstance();
$config = HTMLPurifierConfig::createDefault();
if ($full_page) {
return $html;
} elseif ($trusted) {
$config->set('CSS.Trusted', true);
$config->set('HTML.Trusted', true);
$config->set('Attr.EnableID', true);
$allowed_tags = self::SCRUB_BASIC_HTML . ',' . self::SCRUB_ADVANCED_HTML;
} else {
$config->set('CSS.Trusted', false);
$config->set('HTML.Trusted', false);
$config->set('Attr.EnableID', false);
if (!empty($allowed_tags) && $allowed_tags == '.') {
$allowed_tags = self::SCRUB_BASIC_HTML . ',' . substr($allowed_tags, 1);
} else {
$allowed_tags = self::SCRUB_BASIC_HTML;
}
}
if (empty($allowed_css) || $allowed_css[0] == '.') {
$allowed_css = self::SCRUB_BASIC_CSS . ',' . substr($allowed_css, 1);
} elseif ($allowed_css == '') {
$allowed_css = self::SCRUB_BASIC_CSS;
}
$config->set('HTML.Allowed', $allowed_tags);
$config->set('CSS.AllowedProperties', $allowed_css);
$config->set('Core.EscapeNonASCIICharacters', true);
return $purifier->purify($html, $config);
}
