/**
* Returns XHTML snippets filtered to remove XSS vectors using HTMLPurifier.
*
* This is expensive - best used before saving content as opposed to on display of content.
*
* Note we only run filters if the raw_html provided is a string - boolean, int, NULL, etc pass through untouched.
*
* We also skip tidy and purification in any of these cases:
*
* - $raw_html is empty
* - is_numeric($raw_html) is true
*
* @param string $raw_html
* @param string $config string identifying key of HTMLPurifier config as setup in config/htmlpurifier/setup.php
* @param boolean default true should we run the HTML through tidy before using HTMLPurifier
* @return string XSS-filtered XHTML
*/
function reason_sanitize_html($raw_html, $config = 'default', $tidy = true)
{
if (is_string($raw_html)) {
if (!empty($raw_html) && !is_numeric($raw_html)) {
$html = $tidy ? tidy($raw_html) : $raw_html;
$purifier_config = reason_get_html_purifier_config($config);
return get_safer_html_html_purifier($html, $purifier_config);
}
}
return $raw_html;
}
/**
* Sanitizes HTML using HTMLPurifier - accepts custom config object.
*
* @param string html string needing sanitization
* @param HTMLPurifier_Config custom configuation - if provided we use HTML Purifier regardless of HTML_SANITIZATION_FUNCTION value.
* @return string sanitized html string
*
* @todo remove support for HTML_SANITIZATION_FUNCTION when Reason 4.5 is released.
*/
function carl_get_safer_html($raw_html, $config = NULL)
{
if (defined('HTML_SANITIZATION_FUNCTION') && is_null($config)) {
$func_name = HTML_SANITIZATION_FUNCTION;
return $func_name($raw_html);
} else {
return get_safer_html_html_purifier($raw_html, $config);
}
}
