Replace anti-xss with html purifier (#1751)

* Replace voku/anti-xss with ezyang/htmlpurifier. Despite anti-xss being a smaller footprint dependency, an a better license fit with our MIT license, there are issues with it's automatic it sanitisation of global variables causing side effects * Additional unit tests for xss in html writer cell comments
PHPOffice · Dec 10, 2020 · 9289ab1 · 9289ab1
1 parent 957cb62
commit 9289ab1
Show file tree

Hide file tree

Showing 4 changed files with 354 additions and 578 deletions.
diff --git a/composer.json b/composer.json
@@ -59,7 +59,7 @@
         "psr/simple-cache": "^1.0",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0",
-        "voku/anti-xss": "^4.1"
+        "ezyang/htmlpurifier": "^4.13"
     },
     "require-dev": {
         "dompdf/dompdf": "^0.8.5",