function antiXSS($val, $mode = '')
{
require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('multishop') . 'res/htmlpurifier-4.7.0/HTMLPurifier.auto.php';
if (is_array($val)) {
foreach ($val as $key => $subVal) {
$val[$key] = mslib_befe::antiXSS($subVal, $mode);
}
return $val;
} else {
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
// replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
// replace with your doctype
$config->set('Cache.SerializerPath', $this->DOCUMENT_ROOT . 'uploads/tx_multishop');
switch ($mode) {
case 'html':
$config->set('HTML.Allowed', 'table,tr,th,td,tbody,thead,tfood,h1[style],h2[style],h3[style],h4[style],h5[style],h6[style],h7[style],style,font[style],iframe[style|frameborder|allowfullscreen|width|height|src],a[href],img[alt|src|unselectable],div,span,p,i,a,b,br,hr,u,strike,strong,em,ul,ol,li,del,ins,strike');
// Allow basic HTML
$config->set("HTML.Nofollow", TRUE);
$config->set('HTML.TargetBlank', TRUE);
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(//|http://|https://)(www.youtube.com/embed/|player.vimeo.com/video/)%');
$config->set('Cache.SerializerPath', $this->DOCUMENT_ROOT . 'uploads/tx_multishop');
$purifier = new HTMLPurifier($config);
return $purifier->purify($val);
break;
case 'strip_tags':
$config->set('HTML.Allowed', '');
// Allow Nothing
$config->set('Cache.SerializerPath', $this->DOCUMENT_ROOT . 'uploads/tx_multishop');
$purifier = new HTMLPurifier($config);
return $purifier->purify($val);
break;
default:
$config->set('HTML.Allowed', 'p,div,span,p,i,a,b,br,hr,u,strike,strong,em,ul,ol,li,del,ins,strike');
// Allow basic HTML
$config->set("HTML.Nofollow", TRUE);
$config->set('HTML.TargetBlank', TRUE);
$config->set('Cache.SerializerPath', $this->DOCUMENT_ROOT . 'uploads/tx_multishop');
$purifier = new HTMLPurifier($config);
return $purifier->purify($val);
break;
}
}
}
