Skip to content

Kirby 4.2.0

    Search by Algolia

    $dom->sanitize()

    Sanitizes the DOM according to the provided configuration

    $dom->sanitize(array $options): array

    Parameters

    Name Type Default Description
    $options * array Array with the following options:
    - allowedAttrPrefixes: Global list of allowed attribute prefixes
    like data- and aria-
    - allowedAttrs: Global list of allowed attrs or true to allow
    any attribute
    - allowedDataUris: List of all MIME types that may be used in
    data URIs (only checked in urlAttrs and inside url() wrappers)
    or true for any
    - allowedDomains: Allowed hostnames for HTTP(S) URLs in urlAttrs
    and inside url() wrappers or true for any
    - allowHostRelativeUrls: Whether URLs that begin with / should be
    allowed even if the site index URL is in a subfolder (useful when using
    the HTML <base> element where the sanitized code will be rendered)
    - allowedNamespaces: Associative array of all allowed namespace URIs;
    the array keys are reference names that can be referred to from the
    allowedAttrPrefixes, allowedAttrs, allowedTags, disallowedTags
    and urlAttrs lists; the namespace names as used in the document are not
    validated; setting the whole option to true will allow any namespace
    - allowedPIs: Names of allowed XML processing instructions or
    true for any
    - allowedTags: Associative array of all allowed tag names with the
    value of either an array with the list of all allowed attributes for
    this tag, true to allow any attribute from the allowedAttrs list
    or false to allow the tag without any attributes;
    not listed tags will be unwrapped (removed, but children are kept);
    setting the whole option to true will allow any tag
    - attrCallback: Closure that will receive each DOMAttr and may
    modify it; the callback must return an array with exception
    objects for each modification
    - disallowedTags: Array of explicitly disallowed tags, which will
    be removed completely including their children (matched case-insensitively)
    - doctypeCallback: Closure that will receive the DOMDocumentType
    and may throw exceptions on validation errors
    - elementCallback: Closure that will receive each DOMElement and
    may modify it; the callback must return an array with exception
    objects for each modification
    - urlAttrs: List of attributes that may contain URLs

    Return type

    array

    Exceptions

    Type Description
    Kirby\Exception\InvalidArgumentException If the doctype is not valid

    Parent class

    Kirby\Toolkit\Dom