htmlpurifier

问题 Using PHP/Codeigniter/HTMLPurifier/CSStidy like so: require_once 'extra/htmlpurifier-4_4_0/library/HTMLPurifier.auto.php'; require_once 'extra/csstidy-1_3/class.csstidy.php'; $input_css = $this->input->post('input_css'); $config = HTMLPurifier_Config::createDefault(); $config->set('Filter.ExtractStyleBlocks', TRUE); // Create a new purifier instance $purifier = new HTMLPurifier($config); // Wrap our CSS in style tags and pass to purifier. // we're not actually interested in the html response

问题 How can I can add the "javascript:xyz" url format for the URI.AllowedSchemes in HTML purifier module in drupal ? I suppose this is the file I should modify URI.AllowedSchemes or is there any other config change I need to make. This is for the site moderator to publish bookmarklets and will not be exposed to outside world. 回答1: http://htmlpurifier.org/docs/enduser-uri-filter.html 来源： https://stackoverflow.com/questions/5138282/how-do-i-add-javascript-url-scheme-in-html-purifier-module-in

问题 Hi I am at prototype stage with my site. I read the html purifier main page and questions about this library in this site but I am still not clear with the issue on my mind. Can you guide me please? Thanks, BR My Understanding: From the docs I have read, I understood that the best I can do is: to use mysqli_real_escape_string while inputting untrusted data into my mysql database to use html purifier library while outputting data from mysql database to sscreen as html My Questions Q1) Does my

问题 I use HTML Purifier to clean input in my CMS. Many of my clients like to have PayPal donation buttons in their site, but HTML Purifier strips the forms out. I noticed that HTML Purifier has a HTMLPurifier_HTMLModule_Forms class, but I don't know if that does what I want. If it does, how do I enable it? 回答1: $config->set('HTML.Trusted', true); $config->set('Attr.EnableID', true); should turn on Forms (I think they’re enabled by default in the trusted set.) Of course, this also allows

问题 I want to only allow the span element only when it has a certain class in htmlpurifier does anyone know how to do this, right now I have $config->set('HTML.Allowed','a[href],p,ol,li,ul,img[src],blockquote,em,span[class]'); $config->set('Attr.AllowedClasses',"allowed"); but that allows all spans and only allows class allowed I like that it only allows the "allowed" class but I only want it to allow span when the value of its class is "allowed" thanks 回答1: Ad hoc solution: redefine the class in

问题 My html purifier settings now allow only these tags $configuration->set('HTML.Allowed', 'p,ul,ol,li'); I want to allow indentation of lists and my editor uses this html <ul style="margin-left: 40px;"> How should I change my HTMLPurifier Allowed tags? I thought to add style , but I think it would be better to specify exactly which style is allowed, which in this case would be margin-left . What is the right way to change the HTML.Allowed for this case? 回答1: Allow the style attributes, and then

问题 I want to use the HTMLpurifier in combination with the Zend Framework. I would love to load the Class and its files with the Zend_Loader. How would you include it? Would you just use the HTMLPurifier.auto.php or do you know a better way of doing it? 回答1: I use HTML Purifier as a filter in my Zend Framework project. Here's an altered version of my class: require_once 'HTMLPurifier.includes.php'; require_once 'HTMLPurifier.autoload.php'; class My_Filter_HtmlPurifier implements Zend_Filter

问题 I want to use the HTMLpurifier in combination with the Zend Framework. I would love to load the Class and its files with the Zend_Loader. How would you include it? Would you just use the HTMLPurifier.auto.php or do you know a better way of doing it? 回答1: I use HTML Purifier as a filter in my Zend Framework project. Here's an altered version of my class: require_once 'HTMLPurifier.includes.php'; require_once 'HTMLPurifier.autoload.php'; class My_Filter_HtmlPurifier implements Zend_Filter

问题 I'm researching PHP security best practices and specifically the HTML Purifier library. I like the idea of using a third-party library to help strengthen the security of my sites, but I'm confused about a few things... First, a general question... What does HTML Purifier do that practicing secure PHP programming can't? If I'm using HTML Purifier, does that mean I get to skip common security measures like using PHP functions to filter input and escape output? One of the response comments for

问题 I am using HTMLPurifier for simple Tinymce WYSIWYG .If I don't use htmlspecialchars ,would it be open to XSS Attack ?This is what I'm doing $detail = $purifier->purify($detail); to purify data for that textarea .If I use htmlspecialchars ,it strips all basic tags as well which is not user friendly for an WYSIWYG editor.But the problem is,this allows <script> tag as well. And if I change conf setting to $config->set('ExtractStyleBlocks.1', true); It doesn't allow < and > for <script> tag