[Drupal] How to programmatically purify the contents of a Drupal website's feed?

| | 2 min read

If your Drupal website is delivering content to other third party sites through web syndication mechanisms like the RSS feed you need to purify the HTML markup before delivering it to them to prevent an XSS attack on those sites through your feeds. Read on to know how to programmatically purify the contents of your Drupal website's feed .

The most simple solution that you can use to filter your feed content is to programmatically filter the content in the View’s feed template file. Check out the steps below

  1. We are going to use HTML Purifier which is a PHP filter library to do the job. It will remove malicious HTML code in the content present in your Drupal site.
  2. First install and configure the Drupal HTML purifier module in your Drupal site
  3. Next copy and paste your View’s row template file to your theme directory
  4. You can find the row theming file from the Theming information link in Views basic settings.
  5. A typical View template for the feed display will have following variables
    <?php
    
    /**
     * @file
     * Default view template to display a item in an RSS feed.
     *
     * @ingroup views_templates
     */
    ?>
      <item>
        <title><?php print $title; ?></title>
        <link><?php print $link; ?></link>
        <description><?php print $description; ?></description>
        <?php print $item_elements; ?>
      </item>
  6. Now you have to filter $description using the following code.
    $description = _htmlpurifier_process($description, -1);
  7. The variable description will now have purified HTML ready to be shipped.
  8. Hope the article was helpful in solving the problem in your Drupal site