/** @var string The null namespace; we use a null character as this is a hashable value in PHP (null is not), while it is an illegal character in XML and thus will not appear in a legitimate namespace URI */
protected const NULL_NAMESPACE = "\x00";
/** @var array The default configuration structure */
protected const DEFAULT_CONF = [
'allowElements' => [
self::HTML_NAMESPACE => [
'a' => true,
'abbr' => true,
'acronym' => true,
'address' => true,
'area' => true,
'article' => true,
'aside' => true,
'audio' => true,
'b' => true,
'bdi' => true,
'bdo' => true,
'bgsound' => true,
'big' => true,
'blockquote' => true,
'body' => true,
'br' => true,
'button' => true,
'canvas' => true,
'caption' => true,
'center' => true,
'cite' => true,
'code' => true,
'col' => true,
'colgroup' => true,
'datalist' => true,
'dd' => true,
'del' => true,
'details' => true,
'dfn' => true,
'dialog' => true,
'dir' => true,
'div' => true,
'dl' => true,
'dt' => true,
'em' => true,
'fieldset' => true,
'figcaption' => true,
'figure' => true,
'font' => true,
'footer' => true,
'form' => true,
'h1' => true,
'h2' => true,
'h3' => true,
'h4' => true,
'h5' => true,
'h6' => true,
'head' => true,
'header' => true,
'hgroup' => true,
'hr' => true,
'html' => true,
'i' => true,
'img' => true,
'input' => true,
'ins' => true,
'kbd' => true,
'keygen' => true,
'label' => true,
'layer' => true,
'legend' => true,
'li' => true,
'link' => true,
'listing' => true,
'main' => true,
'map' => true,
'mark' => true,
'marquee' => true,
'menu' => true,
'meta' => true,
'meter' => true,
'nav' => true,
'nobr' => true,
'ol' => true,
'optgroup' => true,
'option' => true,
'output' => true,
'p' => true,
'picture' => true,
'popup' => true,
'pre' => true,
'progress' => true,
'q' => true,
'rb' => true,
'rp' => true,
'rt' => true,
'rtc' => true,
'ruby' => true,
's' => true,
'samp' => true,
'section' => true,
'select' => true,
'selectmenu' => true,
'small' => true,
'source' => true,
'span' => true,
'strike' => true,
'strong' => true,
'style' => true,
'sub' => true,
'summary' => true,
'sup' => true,
'table' => true,
'tbody' => true,
'td' => true,
'tfoot' => true,
'th' => true,
'thead' => true,
'time' => true,
'tr' => true,
'track' => true,
'tt' => true,
'u' => true,
'ul' => true,
'var' => true,
'video' => true,
'wbr' => true,
]
],
'allowAttributes' => [
self::NULL_NAMESPACE => [
'abbr' => "*",
'accept' => "*",
'accept-charset' => "*",
'accesskey' => "*",
'action' => "*",
'align' => "*",
'alink' => "*",
'allow' => "*",
'allowfullscreen' => "*",
'alt' => "*",
'anchor' => "*",
'archive' => "*",
'as' => "*",
'async' => "*",
'autocapitalize' => "*",
'autocomplete' => "*",
'autocorrect' => "*",
'autofocus' => "*",
'autopictureinpicture' => "*",
'autoplay' => "*",
'axis' => "*",
'background' => "*",
'behavior' => "*",
'bgcolor' => "*",
'border' => "*",
'bordercolor' => "*",
'capture' => "*",
'cellpadding' => "*",
'cellspacing' => "*",
'challenge' => "*",
'char' => "*",
'charoff' => "*",
'charset' => "*",
'checked' => "*",
'cite' => "*",
'class' => "*",
'classid' => "*",
'clear' => "*",
'code' => "*",
'codebase' => "*",
'codetype' => "*",
'color' => "*",
'cols' => "*",
'colspan' => "*",
'compact' => "*",
'content' => "*",
'contenteditable' => "*",
'controls' => "*",
'controlslist' => "*",
'conversiondestination' => "*",
'coords' => "*",
'crossorigin' => "*",
'csp' => "*",
'data' => "*",
'datetime' => "*",
'declare' => "*",
'decoding' => "*",
'default' => "*",
'defer' => "*",
'dir' => "*",
'direction' => "*",
'dirname' => "*",
'disabled' => "*",
'disablepictureinpicture' => "*",
'disableremoteplayback' => "*",
'disallowdocumentaccess' => "*",
'download' => "*",
'draggable' => "*",
'elementtiming' => "*",
'enctype' => "*",
'end' => "*",
'enterkeyhint' => "*",
'event' => "*",
'exportparts' => "*",
'face' => "*",
'for' => "*",
'form' => "*",
'formaction' => "*",
'formenctype' => "*",
'formmethod' => "*",
'formnovalidate' => "*",
'formtarget' => "*",
'frame' => "*",
'frameborder' => "*",
'headers' => "*",
'height' => "*",
'hidden' => "*",
'high' => "*",
'href' => "*",
'hreflang' => "*",
'hreftranslate' => "*",
'hspace' => "*",
'http-equiv' => "*",
'id' => "*",
'imagesizes' => "*",
'imagesrcset' => "*",
'importance' => "*",
'impressiondata' => "*",
'impressionexpiry' => "*",
'incremental' => "*",
'inert' => "*",
'inputmode' => "*",
'integrity' => "*",
'invisible' => "*",
'is' => "*",
'ismap' => "*",
'keytype' => "*",
'kind' => "*",
'label' => "*",
'lang' => "*",
'language' => "*",
'latencyhint' => "*",
'leftmargin' => "*",
'link' => "*",
'list' => "*",
'loading' => "*",
'longdesc' => "*",
'loop' => "*",
'low' => "*",
'lowsrc' => "*",
'manifest' => "*",
'marginheight' => "*",
'marginwidth' => "*",
'max' => "*",
'maxlength' => "*",
'mayscript' => "*",
'media' => "*",
'method' => "*",
'min' => "*",
'minlength' => "*",
'multiple' => "*",
'muted' => "*",
'name' => "*",
'nohref' => "*",
'nomodule' => "*",
'nonce' => "*",
'noresize' => "*",
'noshade' => "*",
'novalidate' => "*",
'nowrap' => "*",
'object' => "*",
'open' => "*",
'optimum' => "*",
'part' => "*",
'pattern' => "*",
'ping' => "*",
'placeholder' => "*",
'playsinline' => "*",
'policy' => "*",
'poster' => "*",
'preload' => "*",
'pseudo' => "*",
'readonly' => "*",
'referrerpolicy' => "*",
'rel' => "*",
'reportingorigin' => "*",
'required' => "*",
'resources' => "*",
'rev' => "*",
'reversed' => "*",
'role' => "*",
'rows' => "*",
'rowspan' => "*",
'rules' => "*",
'sandbox' => "*",
'scheme' => "*",
'scope' => "*",
'scopes' => "*",
'scrollamount' => "*",
'scrolldelay' => "*",
'scrolling' => "*",
'select' => "*",
'selected' => "*",
'shadowroot' => "*",
'shadowrootdelegatesfocus' => "*",
'shape' => "*",
'size' => "*",
'sizes' => "*",
'slot' => "*",
'span' => "*",
'spellcheck' => "*",
'src' => "*",
'srcdoc' => "*",
'srclang' => "*",
'srcset' => "*",
'standby' => "*",
'start' => "*",
'step' => "*",
'style' => "*",
'summary' => "*",
'tabindex' => "*",
'target' => "*",
'text' => "*",
'title' => "*",
'topmargin' => "*",
'translate' => "*",
'truespeed' => "*",
'trusttoken' => "*",
'type' => "*",
'usemap' => "*",
'valign' => "*",
'value' => "*",
'valuetype' => "*",
'version' => "*",
'virtualkeyboardpolicy' => "*",
'vlink' => "*",
'vspace' => "*",
'webkitdirectory' => "*",
'width' => "*",
'wrap' => "*",
],
],
'allowCustomElements' => false,
'allowUnknownMarkup' => false,
'allowComments' => false,
'allowProcessingInstructions' => false,
'nullNamespaceAsHtml' => true,
];
/** @var array The parsed configuration, as used for processing */
protected $config;
/** Initializes a sanitizer with the provided configuration, or the default configuration if no configuration is provided
*
* The configuration array may contain any of the following keys:
*
* - `allowElements`: an indexed array of elements to retain in the tree. Elements not in this list will be blocked as if they were included in the `blockElements` list
* - `allowElements`: an indexed array of elements to retain in the tree. Elements not in this list will be treated as if they were included in the `blockElements` list
* - `blockElements`: an indexed array of elements to remove from the tree while retaining their children
* - `dropElements`: an indexed array of elements to remove from the tree along with their children
* - `allowAttributes`: an indexed array of attributes to allow on certain elements. Attributes not in this list will be dropped
* - `dropAttributes`: an indexed array of attributes to remove from certain elements
* - `allowCustomElements`: Whether to allow custom elements, false by default. For the purposes of this implementation these are elements with names containing dashed. If true, elements are still subject to the allow, block, and drop lists
* - `allowCustomElements`: Whether to allow custom elements, false by default. For the purposes of this implementation these are HTML elements with names containing dashed. If true, elements are still subject to the allow, block, and drop lists
* - `allowUnknownMarkup`: Whether to allow non-standard elements which are not custom elements, false by default. If true, elements are still subject to the allow, block, and drop lists
* - `allowComments`: Whether to retain comments, false by default
* - `allowProcessingInstructions`: Whether to retain processing instructions, false by default. Processing instructions do not normally appear in HTML documents. This option is an extension to the specification
* - `nullNamespaceAsHtml`: Whether to interpret elements from the tree in the null namespace as being in the HTML namespace, true by default. Per standard behaviour HTML elements have a namespace URI, but not all parsers do this. This may be set to false when sanitizing XML documents. This option is an extension to the specification
* - `nullNamespaceAsHtml`: Whether to interpret elements from the tree in the null namespace as being in the HTML namespace, true by default. Per standard behaviour HTML elements have a namespace URI, but not all PHP-based parsers do this. This may be set to false when sanitizing XML documents. This option is an extension to the specification
*
* The entries in element lists may be strings, in which case these are interpreted as local names in the HTML namespace, or an array with the following keys: