Added a function to check the security of HTML source

This commit is contained in:
Pierre 2018-01-07 17:53:39 +01:00
parent c83fd453a0
commit 4c4d7b854e

View File

@ -69,21 +69,45 @@ function toInt($input) : int{
/** /**
* Remove HTML markup codes (<, >) * Remove HTML markup codes (<, >)
* *
* @param String $input The string to change * @param string $input The string to change
* @return String The updated string * @return string The updated string
*/ */
function removeHTMLnodes($input){ function removeHTMLnodes(string $input) : string {
$output = str_replace("<", "&lt;", $input); $output = str_replace("<", "&lt;", $input);
return str_replace(">", "&gt;", $output); return str_replace(">", "&gt;", $output);
} }
/**
* Check the security of an HTML string
*
* @param string $input The string to check
* @return bool TRUE if the string is safe to insert / FALSE else
*/
function checkHTMLstring(string $string) : bool {
//Check for script or style or meta tag
if(str_ireplace(array("<string", "<style", "<meta"), "", $string) != $string)
return false;
//Check for onclick, onkeyup, onmousehover tag
if(str_ireplace(array("onclick", "onkeyup", "onmousehover"), "", $string) != $string)
return false;
//Check for images integrated to the post
if(preg_match("/data:image/", $string))
return false;
//The message is valid
return true;
}
/** /**
* Check a string before inserting it * Check a string before inserting it
* *
* @param String $string The string to check * @param string $string The string to check
* @return Boolean True if the string is valid / false else * @return bool True if the string is valid / false else
*/ */
function check_string_before_insert($string){ function check_string_before_insert(string $string) : bool {
//First, empty string are invalid //First, empty string are invalid
if($string == "") if($string == "")