Merge pull request #4 from KaririCode-Framework/develop

Enhance Sanitizer Component and README Updates

Author: walmir-silva

README.md

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KaririCode\Sanitizer\Contract;
+
+interface SanitizationResult
+{
+    public function addError(string $property, string $errorKey, string $message): void;
+
+    public function setSanitizedData(string $property, mixed $value): void;
+
+    public function hasErrors(): bool;
+
+    public function getErrors(): array;
+
+    public function getSanitizedData(): array;
+
+    public function toArray(): array;
+}

README.pt-br.md

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KaririCode\Sanitizer\Contract;
+
+use KaririCode\PropertyInspector\AttributeHandler;
+
+interface SanitizationResultProcessor
+{
+    /**
+     * Processa os resultados de sanitização após a execução dos processadores.
+     *
+     * @param AttributeHandler $handler O manipulador que contém os atributos processados
+     *
+     * @return SanitizationResult O resultado da sanitização, incluindo dados processados e erros
+     */
+    public function process(AttributeHandler $handler): SanitizationResult;
+}

composer.lock

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KaririCode\Sanitizer\Processor;
+
+use KaririCode\PropertyInspector\AttributeHandler;
+use KaririCode\Sanitizer\Contract\SanitizationResult as SanitizationResultContract;
+use KaririCode\Sanitizer\Contract\SanitizationResultProcessor;
+use KaririCode\Sanitizer\SanitizationResult;
+
+class DefaultSanitizationResultProcessor implements SanitizationResultProcessor
+{
+    public function __construct(
+        private SanitizationResultContract $result = new SanitizationResult()
+    ) {
+    }
+
+    public function process(AttributeHandler $handler): SanitizationResult
+    {
+        $processedValues = $handler->getProcessedPropertyValues();
+        $errors = $handler->getProcessingResultErrors();
+
+        foreach ($processedValues as $property => $data) {
+            $this->result->setSanitizedData($property, $data['value']);
+
+            if (isset($errors[$property])) {
+                $this->addPropertyErrors($this->result, $property, $errors[$property]);
+            }
+        }
+
+        return $this->result;
+    }
+
+    private function addPropertyErrors(
+        SanitizationResult $result,
+        string $property,
+        array $propertyErrors
+    ): void {
+        foreach ($propertyErrors as $error) {
+            $result->addError($property, $error['errorKey'], $error['message']);
+        }
+    }
+}

src/Contract/SanitizationResult.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KaririCode\Sanitizer\Processor\Domain\HtmlPurifier\Cleaner;
+
+use KaririCode\Sanitizer\Processor\Domain\HtmlPurifier\Configuration;
+
+final class AttributeCleaner
+{
+    public function __construct(
+        private readonly Configuration $config
+    ) {
+    }
+
+    public function cleanAttributes(\DOMElement $element): void
+    {
+        if (!in_array(strtolower($element->tagName), $this->config->getAllowedTags(), true)) {
+            return;
+        }
+
+        $attributes = iterator_to_array($element->attributes);
+        foreach ($attributes as $attr) {
+            $attrName = $attr->name;
+            $tagName = strtolower($element->tagName);
+
+            if (!$this->isAttributeAllowed($attrName, $tagName)) {
+                $element->removeAttribute($attrName);
+            }
+        }
+    }
+
+    private function isAttributeAllowed(string $attrName, string $tagName): bool
+    {
+        $allowedAttributes = $this->config->getAllowedAttributes();
+
+        return isset($allowedAttributes[$attrName])
+               && in_array($tagName, $allowedAttributes[$attrName], true);
+    }
+}

src/Contract/SanitizationResultProcessor.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KaririCode\Sanitizer\Processor\Domain\HtmlPurifier\Cleaner;
+
+final class InputCleaner
+{
+    public function clean(string $input): string
+    {
+        // Remove scripts and inline events
+        $input = preg_replace('/<script\b[^>]*>(.*?)<\/script>/is', '', $input);
+        $input = preg_replace('/\bon\w+\s*=\s*"[^"]*"/i', '', $input);
+        $input = preg_replace('/<!--.*?-->/s', '', $input);
+
+        return $input;
+    }
+}

src/Processor/DefaultSanitizationResultProcessor.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KaririCode\Sanitizer\Processor\Domain\HtmlPurifier\Cleaner;
+
+final class OutputCleaner
+{
+    public function clean(string $output): string
+    {
+        // Remove any remaining HTML comments
+        $output = preg_replace('/<!--.*?-->/s', '', $output);
+
+        // Normalize whitespace
+        $output = preg_replace('/^\s+|\s+$/m', '', $output);
+        $output = preg_replace('/\s+/', ' ', $output);
+
+        return trim($output);
+    }
+}

src/Processor/Domain/HtmlPurifier/Cleaner/AttributeCleaner.php

@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KaririCode\Sanitizer\Processor\Domain\HtmlPurifier;
+
+final class Configuration
+{
+    private const DEFAULT_ALLOWED_TAGS = [
+        'p', 'br', 'strong', 'em', 'u', 'ol', 'ul', 'li',
+        'a', 'img', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
+    ];
+    private const DEFAULT_ALLOWED_ATTRIBUTES = [
+        'href' => ['a'],
+        'src' => ['img'],
+        'alt' => ['img'],
+    ];
+
+    private array $allowedTags;
+    private array $allowedAttributes;
+
+    public function __construct()
+    {
+        $this->allowedTags = self::DEFAULT_ALLOWED_TAGS;
+        $this->allowedAttributes = self::DEFAULT_ALLOWED_ATTRIBUTES;
+    }
+
+    public function configure(array $options): void
+    {
+        $this->allowedTags = $options['allowedTags'] ?? $this->allowedTags;
+        $this->allowedAttributes = $options['allowedAttributes'] ?? $this->allowedAttributes;
+    }
+
+    public function getAllowedTags(): array
+    {
+        return $this->allowedTags;
+    }
+
+    public function getAllowedAttributes(): array
+    {
+        return $this->allowedAttributes;
+    }
+}