Add HTMLPurifier with sane default configuration
What does this MR do?
HTMLPurifier can be used to autolink and properly secure html input against XSS. It is set to preserve a set of HTML as markup but disallow CSS styling and loading external (absolute) resources.
This is going to be used in the forum from now on to properly handle the output of forum post messages.
It can be used inside twig as purify filter or via DI in both legacy modules as well as rest controllers.
How confident are you it won't break things if deployed?
just adds and instantiates a library
Links to related issues
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
joined #foodsharing-beta channel at https://slackin.yunity.org -
added an entry to CHANGELOG.md (description, merge request link, username(s))