Using HTML PURIFIER Only to close unclosed tags without removing XSS vulnerability or anything else ?
Official website: http://htmlpurifier.org/
Use HTML PURIFIER only for unclosed tags (Preventing from removing classes, styles and others) :)
Thank you in advance.
You can utilize HTML Purifier's built in HTML parser to do this by simply overriding the "strategy", which is responsible for processing tokens. Here is how to do it:
include_once 'library/HTMLPurifier.auto.php';
$raw = '<a href="onclick:xss()">foo';
class HTMLPurifier_Strategy_Null extends HTMLPurifier_Strategy {
public function execute($tokens, $config, $context) {
return $tokens;
}
}
class HTMLLinter extends HTMLPurifier {
public function __construct($config = null) {
parent::__construct($config);
$this->strategy = new HTMLPurifier_Strategy_Null();
}
}
$linter = new HTMLLinter();
echo $linter->purify($raw);