Xss - adampatterson/Tentacle GitHub Wiki

###Overview The XSS library cleans given data of any possible XSS. The XSS library uses a whitelist to clean out XSS. Basically, all XML/HTML tags and attributes that are not on the list are removed. This is more reliable than using a blacklist, which only removes elements and attributes that you specify. You may manually load the XSS helper like this:

load::library('xss');

###Basic Usage Cleaning data of XSS is easy:

$clean = xss::clean($dirty);

xss::clean will return FALSE if the supplied data contains invalid XML. Otherwise, it will return the cleaned data.

Note: Because the XSS library uses the XML library for parsing data, so you must load the XML library before using the XSS library.

###Using A Custom Whitelist Dingo allows you to specify exactly what elements and attributes are allowed by the XSS filter:

$clean = xss::clean($dirty,array(
    'a'=>array('attributes'=>array('href'=>'URL','title'=>'/^([ \-_a-zA-Z0-9\.\/\!]+)$/'),
    'img'=>array('attributes'=>array('src'=>'URL','title'=>'ANY','alt'=>'ANY')),
    'b'=>array('transform'=>'strong'),
    'i'=>array('transform'=>'em'),
    'strong'=>array(),
    'em'=>array(),
    'p'=>array()
));