htmlpurifier

问题 I am using wysiwyg called summernote which values I send to server, where I purify it with HTML Purifier. After that I save it to the DB (mysql). I then need to show purified html back in the wysiwyg, so write it as a textarea value (the textarea is linked in js with summernote). But it shows escaped html instead of formatted text. The editor works normally and js console shows no errors. Javascript I use to init summernote $('.summernote').summernote({ lang: 'cs-CZ', height: 100, airMode:

问题 I want to allow a limited white list of HTML tags that users can use in my forum. So I have configured the HTML Purifier like so: $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.Allowed', 'p,a[href|rel|target|title],img[src],span[style],strong,em,ul,ol,li'); $purifier = new HTMLPurifier($config); What I am wondering is, does the default configuration of the HTML Purifier still apply, with the exception of a reduced number of accepted HTML tags or do I need to re-set every

问题 I am trying to pass some XML tags (abcdef>) through htmlpurifier. Since the tags itself are not supported, I am trying to add an element first and then adding it to allowedElements. However this is not working, i'm just getting a blank page. Any ideas please on what I am doing wrong, or if there is an easier way to achieve what i am looking for. $config = HTMLPurifier_Config::createDefault(); $config->set('Core', 'Encoding', "UTF-8"); $config->set('HTML', 'DefinitionID', 'pinaki-test');

问题 I'm trying to run HTMLPurifier on user input from a WYSIWYG (CK Editor) and the images are breaking. Unfiltered Input: <img alt="laugh" src="/lib/ckeditor/plugins/smiley/images/teeth_smile.gif" title="laugh"> After running through purifier with default settings: <img alt=""laugh"" src="%5C" title=""laugh""> I have tried changing the configuration settings; but I the src is never preserved. Any thoughts? 回答1: I have a suspicion that magic_quotes could be a reason..? Also did you try $config-

问题 I'm trying to run HTMLPurifier on user input from a WYSIWYG (CK Editor) and the images are breaking. Unfiltered Input: <img alt="laugh" src="/lib/ckeditor/plugins/smiley/images/teeth_smile.gif" title="laugh"> After running through purifier with default settings: <img alt=""laugh"" src="%5C" title=""laugh""> I have tried changing the configuration settings; but I the src is never preserved. Any thoughts? 回答1: I have a suspicion that magic_quotes could be a reason..? Also did you try $config-

问题 I'm trying to run HTMLPurifier on user input from a WYSIWYG (CK Editor) and the images are breaking. Unfiltered Input: <img alt="laugh" src="/lib/ckeditor/plugins/smiley/images/teeth_smile.gif" title="laugh"> After running through purifier with default settings: <img alt=""laugh"" src="%5C" title=""laugh""> I have tried changing the configuration settings; but I the src is never preserved. Any thoughts? 回答1: I have a suspicion that magic_quotes could be a reason..? Also did you try $config-

问题 How to allow custom (html5 data-*) attributes in HtmlPurifier? Input: <img src="/my.jpg" data-type="5" alt="" /> leads to an error: Attribute 'data-type' in element 'img' not supported (for information on implementing this, see the support forums) HtmlPurifier options are set to: 'HTML.AllowedAttributes' => array('img.src', 'a.href', 'img.data-type') 回答1: HTML purifier defines the matrix of attributes that are standard compliant and complains when you try to use an attribute that it is not

问题 I would appreciate an answer to settle a disagreement between me and some co-workers. We have a typical PHP / LAMP web application. The only input we want from users is plain text. We do not invite or want users to enter HTML at any point. Form elements are mostly basic input text tags. There might be a few textareas, checkboxes etc. There is currently no sanitizing of output to pages. All dynamic content, some of which came from user input, is simply echoed to the page. We obviously need to

问题 I would appreciate an answer to settle a disagreement between me and some co-workers. We have a typical PHP / LAMP web application. The only input we want from users is plain text. We do not invite or want users to enter HTML at any point. Form elements are mostly basic input text tags. There might be a few textareas, checkboxes etc. There is currently no sanitizing of output to pages. All dynamic content, some of which came from user input, is simply echoed to the page. We obviously need to

问题 Given the code below, how do I use htmlpurifier to allow the entire contents to pass through. I want to allow the entire html document but the html,head,style,title,body and meta get stripped out. I even tried $config->set('Core.ConvertDocumentToFragment', false) but that didn't work. Any help on where to start would be greatly appreciated. I tried the example here HTML Purifier - Change default allowed HTML tags configuration but it doesn't work. I keep getting exceptions that the tags are