1<?php
2
3
4namespace ComboStrap\Web;
5
6
7use ComboStrap\LogUtility;
8
9class Sanitizer
10{
11
12    public static function sanitize($content, $suffixMessage = "", $canonical = "security")
13    {
14        /**
15         * Nodes
16         */
17        $forbiddenNodes = ["script", "style", "iframe"];
18        foreach ($forbiddenNodes as $forbiddenNode) {
19            $pattern = "<$forbiddenNode";
20            $result = preg_match_all("/$pattern/im", $content, $matches);
21            if ($result) {
22                return self::logAndReturnTheEmptyString("You can't used a $forbiddenNode node$suffixMessage.", $canonical);
23            }
24        }
25
26        /**
27         * Attribute
28         */
29        $pattern = "style=";
30        $result = preg_match_all("/$pattern/im", $content, $matches);
31        if ($result) {
32            return self::logAndReturnTheEmptyString("You can't used a style attribute $suffixMessage", $canonical);
33        }
34
35        $pattern = "on[a-zA-Z]*=";
36        $result = preg_match_all("/$pattern/im", $content, $matches);
37        if ($result) {
38            return self::logAndReturnTheEmptyString("You can't used an callback handler on attribute $suffixMessage", $canonical);
39        }
40
41        return $content;
42
43    }
44
45    /**
46     * Created to be sure that the content returned is empty
47     * @param string $string
48     * @param $canonical
49     * @return string
50     */
51    private static function logAndReturnTheEmptyString(string $string, $canonical): string
52    {
53        LogUtility::msg($string, LogUtility::LVL_MSG_ERROR, $canonical);
54        return "";
55    }
56
57}
58