htmlpurifier

问题 Is it possible to have htmlpurifier use the html5 doctype? The documentation here states that you can change the doctype and encoding with the following: <?php require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Core', 'Encoding', 'ISO-8859-1'); // replace with your encoding $config->set('HTML', 'Doctype', 'HTML 4.01 Transitional'); // replace with your doctype $purifier = new HTMLPurifier($config); $clean_html =

问题 When i Input.: <script>alert("XSS")</script>Cleaning Test My output should be Cleaning Test but i get same as input <script>alert("XSS")</script>Cleaning Test can someone help me to solve this problem and tried a lot but doesn't works i need to check my htmlpurifie is working this is my code <?php require_once 'htmlpurifier/library/HTMLPurifier.auto.php'; ini_set("display_errors", 1); error_reporting(E_ALL); define('DB_SERVER', "localhost"); define('DB_USER', "sanoj"); define('DB_PASSWORD',

问题 I am using jqte to give users of a cms I wrote some WYSIWYG for their content. To output the content publicly I use htmlPurifier so there is no way, editors will do harm to the visitors of the site. They could however place <button onclick="alert('this sux')">klick me</button> in the textarea and the next user will find a working button. <script>evilcode</script> is even executed. Has anyone dealt with this before me and can give me a hint to an elegant solution here? 回答1: I'm going to go out

问题 Using the latest release of HTMLPurifier with default configs. The following code will cause the oh-so-lovely blank white page in PHP. Am I missing something? Even if I set HTML.TidyLevel to light or none it still breaks. Here is a partial log of the errors thrown when trying to purify the code below: http://pastie.org/private/13f0htscq0v8bhhlt7dpg For reference, here is the associated code I'm using to do it: $config = new HTMLPurifier_Config(new HTMLPurifier_ConfigSchema()); $config->set(

问题 I am using HTMLPurifier and this package for Laravel 5: https://github.com/mewebstudio/Purifier However, the docs show to use it like this: $clean = Purifier::clean($dirty); and the default config file is: return [ 'encoding' => 'UTF-8', 'finalize' => true, 'cachePath' => storage_path('app/purifier'), 'settings' => [ 'default' => [ 'HTML.Doctype' => 'XHTML 1.0 Strict', 'HTML.Allowed' => 'img[alt|src],ul,li,p,br,b', 'CSS.AllowedProperties' => '', //'AutoFormat.AutoParagraph' => true,

问题 Using Imperavi Redactor with Yii 2 framework. When no text is entered, Imperavi Redactor produces this markup: <p><br></p> . For each line break this markup is appended too. I want to remove this because there is no way to normally validate such content with RequiredValidator . I want to do deletion in beforeValidate() event and check if any text is entered. If there is no text except empty tags, spaces and line breaks the saving is not allowed. Otherwise the content should be saved in

问题 How i can get: <p>first<br>p</p> <p>second p</p> from: <p>first p</p> <p>second p</p> using HTMLPurifier? 回答1: I'm not sure about the specifics, but since this question has no answers, see if these pointers help you: If you're really set on solving this with HTML Purifier, you might be able to write a textnode transformation that does an nl2br or str_replace by writing a class that extends HTMLPurifier_AttrDef_Text . Pseudocode: class HTMLPurifier_AttrDef_Text_Linebreaks extends HTMLPurifier

问题 How can I allow elements with HTML Purifier? I have tried $config->set('HTML.Allowed', 'audio'); , but now it will delete all other elements including <p>, <br> etc. I then tried $def->addAttribute('audio', 'src', 'CDATA'); but it's not working. 回答1: HTML.Allowed is a whitelist of all allowed tags, so what you presumably want to do is concatenate $config->get('HTML.Allowed') with ,audio as a value. That said, HTML Purifier's approach to security is HTML flavour aware - as in, rather than just

问题 Two questions: I have been reading docs and SO posts.. and know how to do it the long way (defining each and every element and attribute myself), but all I want to do is add 2 or 3 attributes to the default whitelist.. so that I do not have to constantly find and add more elements/attributes to, e.g., HTML.AllowedElements and/or HTML.AllowedAttributes . Specifically, now, (for internal trusted users) I need to allow javascript attributes (input from tinymce). Question #1.) Is there a way to

问题 I am trying to configure HTMLPurifier to only display external links as plain text. I used DisplayLinkURI option but it display all links as a plain text. is there any configuration for that? here is my code: $mySite='<a href="http://www.mysite.com/">mysite</a>'; $externalSite='<a href="http://www.external.com/">external</a>'; require_once 'include/htmlpurifier/library/HTMLPurifier.auto.php'; $Config = HTMLPurifier_Config::createDefault(); $Config->set('AutoFormat.DisplayLinkURI', true);