Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Text Formatter
Docs

Text Formatter Laravel Package

s9e/text-formatter

PHP text formatting library with plugin support for BBCode, Markdown, HTML, and more. Includes predefined bundles, extensive documentation, and a JavaScript port for client-side preview and demos. Install via Composer and integrate customizable parsing/rendering.

View on GitHub
Deep Wiki
Context7

This plugin enables a whitelist of HTML elements to be used. By default, no HTML elements and no attributes are allowed. For each HTML element, a whitelist of attributes can be set. Unsafe elements such as <script> and unsafe attributes such as onclick must be set using a different method that safe elements and attributes.

Examples

Allowing some safe HTML

$configurator = new s9e\TextFormatter\Configurator;
$configurator->HTMLElements->allowElement('b');
$configurator->HTMLElements->allowAttribute('b', 'class');
$configurator->HTMLElements->allowElement('i');

// Get an instance of the parser and the renderer
extract($configurator->finalize());

$text = '<b>Bold</b> and <i>italic</i> are allowed, but only <b class="important">bold</b> can use the "class" attribute, not <i class="important">italic</i>.';
$xml  = $parser->parse($text);
$html = $renderer->render($xml);

echo $html;

<b>Bold</b> and <i>italic</i> are allowed, but only <b class="important">bold</b> can use the "class" attribute, not <i>italic</i>.

Allowing unsafe HTML

The following will not work.

try
{
	$configurator = new s9e\TextFormatter\Configurator;
	$configurator->HTMLElements->allowElement('script');
}
catch (Exception $e)
{
	echo $e->getMessage(), "\n";
}

try
{
	$configurator = new s9e\TextFormatter\Configurator;
	$configurator->HTMLElements->allowElement('img');
	$configurator->HTMLElements->allowAttribute('img', 'onerror');
}
catch (Exception $e)
{
	echo $e->getMessage();
}

'script' elements are unsafe and are disabled by default. Please use s9e\TextFormatter\Plugins\HTMLElements\Configurator::allowUnsafeElement() to bypass this security measure
'onerror' attributes are unsafe and are disabled by default. Please use s9e\TextFormatter\Plugins\HTMLElements\Configurator::allowUnsafeAttribute() to bypass this security measure

Unsafe HTML can still be allowed using allowUnsafeElement() and allowUnsafeAttribute().

$configurator = new s9e\TextFormatter\Configurator;
$configurator->HTMLElements->allowUnsafeElement('script');
$configurator->HTMLElements->allowElement('b');
$configurator->HTMLElements->allowUnsafeAttribute('b', 'onmouseover');

// Get an instance of the parser and the renderer
extract($configurator->finalize());

$text = '<script>alert(1)</script><b onmouseover="alert(1)">Hover me</b>.';
$xml  = $parser->parse($text);
$html = $renderer->render($xml);

echo $html;

<script>alert(1)</script><b onmouseover="alert(1)">Hover me</b>.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours