How to use in a controller?
jpegram2 opened this issue · 2 comments
I have an API controller endpoint that receives Post data. The fields are validated using FOSRestBundle RequestParam annotation so there is no form required. What I want to do is use HTMLPurifier to filter each input value primarily for XSS before using them.
For example I get a JSON object that looks something like this:
{ "emailAddress": "someone@somewhere.net", "maxResults": 10, "subject": "</a><a href=\"https://www.google.com\" target=\"_blank\">Subject" }
Back in the Zend 1 days I simply called something like:
$this->HTMLPurifier->purify($this->getRequest()->getParam('subject')
and it would return the sanitized string.
Anybody used this package this way or have an example of it's use in a controller? Thanks
Hello @jpegram2, if you use the current v1 of the bundle you can add the following to your config:
# app/config/services.yml or config/services.yaml
services:
# ...
\HTMLPurifier:
alias: '@exercise_html_purifier.default'
# From Symfony 3.3
\HTMLPurifier: '@exercise_html_purifier.default'
Then in your controller you will be able to call $this->get(\HTMLPurifier::class)->purify($data)
.
Or inject it using the alias or the id (and/or autowiring) and use $this->htmlPurifier->purify($data)
.
Thanks @HeahDude for replay!