XssSanitiser

An implementation of the factory method, allows you to create an instance of a class

This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Remove XSS attack vectors from an HTML fragment string

Remove XSS attack vectors from HTMLValue content

Remove XSS attack vectors from a DOMElement

Get the names of elements which will be removed.

Set the names of elements which will be removed.

Note that allowing the elements which are included in the default list could result in XSS vulnerabilities.

Get the names of attributes which will be removed from any elements that have them.

Set the names of attributes which will be removed from any elements that have them.

Note that allowing the attributes which are included in the default list could result in XSS vulnerabilities.

Get whether the inner contents of an element will be kept for elements that get removed.

Set whether to keep the inner contents of an element if it gets removed.