I'm using HTML Purifier to remove all malicious code from user input. I want to send an alert email when a XSS code is detected (and removed) by HTML Purifier.
The purify()
method returns purified HTML. I can't compare the input HTML with the purified HTML to detect changes because HTML Purifier ensures standards-compliant output by transforming HTML.
Is it possible?
Thanks for your help!
Nope, HTML Purifier doesn't support this use-case.