diff --git a/composer.json b/composer.json
index 857630f..cb413dc 100644
--- a/composer.json
+++ b/composer.json
@@ -25,8 +25,7 @@
"require": {
"ext-dom": "*",
"ext-libxml": "*",
- "php": "^5.6 || ^7.0 || ^8.0",
- "ezyang/htmlpurifier": "^4.16"
+ "php": "^5.6 || ^7.0 || ^8.0"
},
"require-dev": {
"phpunit/phpunit": "^5.7 || ^6.5 || ^8.5"
diff --git a/src/Sanitizer.php b/src/Sanitizer.php
index c98d36c..53acf87 100644
--- a/src/Sanitizer.php
+++ b/src/Sanitizer.php
@@ -7,8 +7,6 @@
use enshrined\svgSanitize\data\TagInterface;
use enshrined\svgSanitize\data\XPath;
use enshrined\svgSanitize\ElementReference\Resolver;
-use HTMLPurifier;
-use HTMLPurifier_Config;
/**
* Class Sanitizer
@@ -648,9 +646,7 @@ public function setUseNestingLimit($limit)
protected function cleanUnsafeNodes(\DOMNode $currentElement) {
// Replace CDATA node with encoded text node
if ($currentElement instanceof \DOMCdataSection) {
- $purifier = new HTMLPurifier(HTMLPurifier_Config::createDefault());
- $clean_html = $purifier->purify($currentElement->nodeValue);
- $textNode = $currentElement->ownerDocument->createTextNode($clean_html);
+ $textNode = $currentElement->ownerDocument->createTextNode($currentElement->nodeValue);
$currentElement->parentNode->replaceChild($textNode, $currentElement);
// If the element doesn't have a tagname, remove it and continue with next iteration
} elseif (!$currentElement instanceof \DOMElement && !$currentElement instanceof \DOMText) {
diff --git a/tests/data/cdataClean.svg b/tests/data/cdataClean.svg
index b12dc8c..d65f06b 100644
--- a/tests/data/cdataClean.svg
+++ b/tests/data/cdataClean.svg
@@ -1,8 +1,7 @@
-
diff --git a/tests/data/cdataTwoClean.svg b/tests/data/cdataTwoClean.svg
index 069d7f8..4b134ee 100644
--- a/tests/data/cdataTwoClean.svg
+++ b/tests/data/cdataTwoClean.svg
@@ -1,7 +1,8 @@
-
-
diff --git a/tests/data/formDataClean.svg b/tests/data/formDataClean.svg
index 256c32b..7c22abb 100644
--- a/tests/data/formDataClean.svg
+++ b/tests/data/formDataClean.svg
@@ -2,8 +2,8 @@
-
-
-
+ <form action="javascript:alert('1')">
+ <input type="submit" onclick="javascript:alert('1')"/>
+ </form>
diff --git a/tests/data/htmlClean.svg b/tests/data/htmlClean.svg
index a0870cb..09ac462 100644
--- a/tests/data/htmlClean.svg
+++ b/tests/data/htmlClean.svg
@@ -1,3 +1,2 @@
- ><img src="" alt="" /> ><img src="" alt="" />
-
+ ><img src onerror=alert(1)> ><img src onerror=alert(1)>