How to use in a controller?

Question

How to use in a controller?

jpegram2 opened this issue 6 years ago · 2 comments

I have an API controller endpoint that receives Post data. The fields are validated using FOSRestBundle RequestParam annotation so there is no form required. What I want to do is use HTMLPurifier to filter each input value primarily for XSS before using them.

For example I get a JSON object that looks something like this:
{ "emailAddress": "someone@somewhere.net", "maxResults": 10, "subject": "</a><a href=\"https://www.google.com\" target=\"_blank\">Subject" }

Back in the Zend 1 days I simply called something like:
$this->HTMLPurifier->purify($this->getRequest()->getParam('subject')
and it would return the sanitized string.

Anybody used this package this way or have an example of it's use in a controller? Thanks

Answer 1 · 2018-07-28T11:54:09.000Z

Hello @jpegram2, if you use the current v1 of the bundle you can add the following to your config:

# app/config/services.yml or config/services.yaml
services:
    # ...
    \HTMLPurifier:
        alias: '@exercise_html_purifier.default'

# From Symfony 3.3
    \HTMLPurifier:  '@exercise_html_purifier.default'

Then in your controller you will be able to call $this->get(\HTMLPurifier::class)->purify($data).
Or inject it using the alias or the id (and/or autowiring) and use $this->htmlPurifier->purify($data).

Answer 2 · 2018-07-29T18:59:03.000Z

Thanks @HeahDude for replay!