/** * Filter unwanted attributes from tags * * This includes event handler attributes ('onload', 'onclick' etc.) * e.g. '<body onload="alert('XSS');">' * * @param string $str * @return string */ public function filter($str) { $str = $this->tagFinder->findTags($str, function ($fullTag, $attributes) { return $this->removeAttribute($fullTag, $attributes); }); return $str; }
/** * @dataProvider findTagsReplacementDataProvider * @param string $str * @param string $replacement * @param string $expected */ public function testFindTagsReplacement($str, $replacement, $expected) { $tagFinder = new TagFinder\ByAttribute('title'); $replacer = function () use($replacement) { return $replacement; }; $actual = $tagFinder->findTags($str, $replacer); $this->assertEquals($expected, $actual); }