1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Strip/sanitize HTML with Perl

Discussion in 'Perl' started by pradeep, May 27, 2009.

  1. pradeep

    pradeep Team Leader


    Sanitizing HTML is just removing unwanted HTML elements from any inputted HTML code, it does not validate HTML code. We all have seen many sites which allow you to post comments using only a few HTML elements like <a>, <b>, <i> etc. the other HTML tags are automatically removed, you may even want to remove all HTML tags completely or you may want to allow HTML tags with some conditions like <img> tags' src attribute should have only relative URL, or the HTML may contain <span> tags but no style attributes etc. etc.


    There are a couple of modules available on CPAN like HTML::Sanitizer, HTML::Strip, HTML::Scrubber; I personally like to use HTML::Scrubber, it's easy to use, you can have complex conditions if you want and is fast.

    The code

    Example: We want to strip all HTML from a string or file

    use HTML::Scrubber;
    my $html = q(<style type="text/css"> myStle { background: #afe; color: #000;} </style>
        <script language="javascript" type="text/javascript"> alert("We are testing HTML::Scrubber");    </script>
            a   => <a href=1>link </a>
            br  => <br>
            b   => <B> bold </B>
            u   => <U> UNDERLINE </U>
         <img src="http://go4expert.com/text.png" border=0>);
    my $scrubber = HTML::Scrubber->new;
    $scrubber->default(0); ## default to no HTML
    my $clean_html = $scrubber->scrub($html);
    ## OR file
    $clean_html = $scrubber->scrub_file('myHtml.html');
    Wasn't that easy? Let's take a look at some more interesting examples.

    Example: Strip <script> and <style> tags

    my $scrubber = HTML::Scrubber->new;
    $scrubber->default(1); ## default to allow HTML
    $scrubber->script(0); ## no script
    $scrubber->style(0); ## no style
    # OR
    $scrubber->deny(qw[script style]);
    my $clean_html = $scrubber->scrub($html);
    Example: Anchor tags allowed only if contain relative URLs

    my $scrubber = HTML::Scrubber->new;
    $scrubber->default(1); ## default to allow HTML
    my @rules = (
            a => {
                href => qr{^(?!http://)}i, # only relative URLs
                title => 1,                # title attribute allowed
    $scrubber->rules( @rules );
    my $clean_html = $scrubber->scrub($html);


  2. shabbir

    shabbir Administrator Staff Member

Share This Page