PHP implementations for various whatwg specifications:
- DOM
- HTML parsing and serialization
- HTML sanitizer
- CSS selectors level 4
use Souplette\Souplette;
use Souplette\DOM\Document;
$html = file_get_contents('/path/to/file.html');
$doc = Souplette::parseHTML($html);
assert($doc instanceof Document);use Souplette\Souplette;
$html = Souplette::serializeDocument($doc);$element = $document->getElementById('example');
$html = $element->outerHTML;use Souplette\HTML\Sanitizer\Sanitizer;
use Souplette\HTML\Sanitizer\SanitizerConfig;
// With the default configuration
$sanitized = Sanitizer::default()->sanitize($document);
// Using a custom configuration
$config = SanitizerConfig::create()
->blockElements('script', 'style');
$sanitized = Sanitizer::of($config)->sanitize($document);$element = $document->getElementById('example');
// With the default configuration
$element->setHTML('<script>alert("pwnd!")</script>');
// Using a custom configuration
$config = SanitizerConfig::create()
->blockElements('script', 'style');
$element->setHTML('<script>alert("pwnd!")</script>', [
'sanitizer' => Sanitizer::of($config),
]);use Souplette\HTML\Sanitizer\Sanitizer;
$html = '<script>alert("pwnd!")</script>';
$sanitized = Sanitizer::default()->sanitizeFor('form', $html);The Souplette DOM api supports the querySelector and querySelectorAll methods
on Document and Element instances.
Due to the non-dynamic nature of the Souplette DOM implementation (no scripting engine),
some selectors (like :hover, :focus, etc...) cannot be supported.
In some cases however the selector engine can use an approximation.
For example input:disabled will match an input element if either:
- the input element has a
disabledattribute, or - the input element is a descendant of a
fieldsetelement with adisabledattribute.