set('HTML.Allowed', 'p,br,strong,b,em,i,u,ul,ol,li,a[href|target],h2[id],h3[id],h4[id],blockquote,span[style]'); $config->set('CSS.AllowedProperties', 'color,background-color'); $config->set('HTML.TargetBlank', true); $config->set('AutoFormat.RemoveEmpty', true); // DOM-Clobbering-Schutz: IDs in User-Content prefixen (V18) $config->set('Attr.IDPrefix', 'uc-'); $config->set('Cache.SerializerPath', storage_path('app/purifier')); $this->purifier = new HTMLPurifier($config); } public function sanitize(string $dirtyHtml): string { return $this->purifier->purify($dirtyHtml); } }