for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
<?php
class No_Iframes extends Plugin {
private $host;
public function about() {
return array(1.0,
"Remove embedded iframes (unless whitelisted)",
"fox");
}
public function init($host) {
$this->host = $host;
$host->add_hook($host::HOOK_SANITIZE, $this);
/**
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes) {
$site_url
If this is a false-positive, you can also ignore this issue in your code via the ignore-unused annotation
ignore-unused
public function hook_sanitize($doc, /** @scrutinizer ignore-unused */ $site_url, $allowed_elements, $disallowed_attributes) {
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
$xpath = new DOMXpath($doc);
$entries = $xpath->query('//iframe');
foreach ($entries as $entry) {
if (!iframe_whitelisted($entry)) {
$entry->parentNode->removeChild($entry);
return array($doc, $allowed_elements, $disallowed_attributes);
public function api_version() {
return 2;
codysnider /
tt-rss
Andrew Dolgov
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.