phihag
Reputation: 287715
Sanitize user-provided style attribute
I am sanitizing user input HTML coming from TinyMCE with the Symfony HTML Sanitizer.
How do I restrict the values of the style attribute? The documentation mentions that I can create a custom attribute sanitizer, but surely this is an extremely common use case that does not require me to implement my own CSS parser?
I want to allow font-size and color (e.g. something like <span style="font-size:10px;color:#00ff00">little green</span>, and forbid all other CSS rules (e.g. background images).
Upvotes: 0
Views: 80
Answers (0)
Related Questions
- When is it best to sanitize user input?
- Sanitize/Rewrite HTML on the Client Side
- Sanitize user defined CSS in PHP
- In a bash script, how do I sanitize user input?
- Sanitize html for injection using javascript innerHTML?
- What Sanitize modules are for?
- What can I use to sanitize received HTML while retaining basic formatting?
- Rails Sanitize: Safety + Allowing Embeds