htmlpurifier

Is there a simple approach to add a HTML5 ruleset for HTMLPurifier? HP can be configured to recognize new tags with: // setup configurable HP instance $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.DefinitionID', 'html5 draft'); $config->set('HTML.DefinitionRev', 1); $config->set('Cache.DefinitionImpl', null); // no caching $def = $config->getHTMLDefinition(true); // add a new tag $form = $def->addElement( 'article', // name 'Block', // content set 'Flow', // allowed children 'Common', // attribute collection array( // attributes ) ); // add a new attribute $def-

As per the HTML Purifier smoketest , 'malformed' URIs are occasionally discarded to leave behind an attribute-less anchor tag, e.g. <a href="javascript:document.location='http://www.google.com/'">XSS</a> becomes <a>XSS</a> ...as well as occasionally being stripped down to the protocol, e.g. <a href="http://1113982867/">XSS</a> becomes <a href="http:/">XSS</a> While that's unproblematic, per se, it's a bit ugly. Instead of trying to strip these out with regular expressions, I was hoping to use HTML Purifier's own library capabilities / injectors / plug-ins / whathaveyou. Point of reference:

I am using HTML Purifier (http://htmlpurifier.org/) I just want to remove <script> tags only. I don't want to remove inline formatting or any other things. How can I achieve this? One more thing, it there any other way to remove script tags from HTML Because this question is tagged with regex I'm going to answer with poor man's solution in this situation: $html = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $html); However, regular expressions are not for parsing HTML/XML, even if you write the perfect expression it will break eventually, it's not worth it, although, in some cases it's