Go4Expert (http://www.go4expert.com/)
-   Perl (http://www.go4expert.com/articles/perl-tutorials/)
-   -   Strip/sanitize HTML with Perl (http://www.go4expert.com/articles/strip-sanitize-html-perl-t17713/)

pradeep 27May2009 14:26

Strip/sanitize HTML with Perl


Sanitizing HTML is just removing unwanted HTML elements from any inputted HTML code, it does not validate HTML code. We all have seen many sites which allow you to post comments using only a few HTML elements like <a>, <b>, <i> etc. the other HTML tags are automatically removed, you may even want to remove all HTML tags completely or you may want to allow HTML tags with some conditions like <img> tags' src attribute should have only relative URL, or the HTML may contain <span> tags but no style attributes etc. etc.


There are a couple of modules available on CPAN like HTML::Sanitizer, HTML::Strip, HTML::Scrubber; I personally like to use HTML::Scrubber, it's easy to use, you can have complex conditions if you want and is fast.

The code

Example: We want to strip all HTML from a string or file

Code: Perl


use HTML::Scrubber;

my $html = q(<style type="text/css"> myStle { background: #afe; color: #000;} </style>
    <script language="javascript" type="text/javascript"> alert("We are testing HTML::Scrubber");    </script>
        a   => <a href=1>link </a>
        br  => <br>
        b   => <B> bold </B>
        u   => <U> UNDERLINE </U>
     <img src="http://go4expert.com/text.png" border=0>);
my $scrubber = HTML::Scrubber->new;
$scrubber->default(0); ## default to no HTML

my $clean_html = $scrubber->scrub($html);

## OR file

$clean_html = $scrubber->scrub_file('myHtml.html');

Wasn't that easy? Let's take a look at some more interesting examples.

Example: Strip <script> and <style> tags

Code: Perl

my $scrubber = HTML::Scrubber->new;
$scrubber->default(1); ## default to allow HTML

$scrubber->script(0); ## no script
$scrubber->style(0); ## no style

# OR

$scrubber->deny(qw[script style]);

my $clean_html = $scrubber->scrub($html);

Example: Anchor tags allowed only if contain relative URLs

Code: Perl

my $scrubber = HTML::Scrubber->new;
$scrubber->default(1); ## default to allow HTML

my @rules = (
        a => {
            href => qr{^(?!http://)}i, # only relative URLs
            title => 1,                # title attribute allowed

$scrubber->rules( @rules );

my $clean_html = $scrubber->scrub($html);



shabbir 3Jun2009 09:35

Re: Strip/sanitize HTML with Perl
Nomination this Article for Article of the month - May 2009

All times are GMT +5.5. The time now is 11:05.