htmlpurifier

is there a way to stop HTMLPurifier/CSStidy from forcing input CSS into all lowercase?

折月煮酒 提交于 2019-12-25 04:58:11
问题 Using PHP/Codeigniter/HTMLPurifier/CSStidy like so: require_once 'extra/htmlpurifier-4_4_0/library/HTMLPurifier.auto.php'; require_once 'extra/csstidy-1_3/class.csstidy.php'; $input_css = $this->input->post('input_css'); $config = HTMLPurifier_Config::createDefault(); $config->set('Filter.ExtractStyleBlocks', TRUE); // Create a new purifier instance $purifier = new HTMLPurifier($config); // Wrap our CSS in style tags and pass to purifier. // we're not actually interested in the html response

How do I add 'javascript' url scheme in HTML purifier module in Drupal?

青春壹個敷衍的年華 提交于 2019-12-24 21:42:20
问题 How can I can add the "javascript:xyz" url format for the URI.AllowedSchemes in HTML purifier module in drupal ? I suppose this is the file I should modify URI.AllowedSchemes or is there any other config change I need to make. This is for the site moderator to publish bookmarklets and will not be exposed to outside world. 回答1: http://htmlpurifier.org/docs/enduser-uri-filter.html 来源: https://stackoverflow.com/questions/5138282/how-do-i-add-javascript-url-scheme-in-html-purifier-module-in

html purifier library usage concept

冷暖自知 提交于 2019-12-24 17:52:16
问题 Hi I am at prototype stage with my site. I read the html purifier main page and questions about this library in this site but I am still not clear with the issue on my mind. Can you guide me please? Thanks, BR My Understanding: From the docs I have read, I understood that the best I can do is: to use mysqli_real_escape_string while inputting untrusted data into my mysql database to use html purifier library while outputting data from mysql database to sscreen as html My Questions Q1) Does my

Whitelist Forms in HTML Purifier Configuration

寵の児 提交于 2019-12-22 18:29:40
问题 I use HTML Purifier to clean input in my CMS. Many of my clients like to have PayPal donation buttons in their site, but HTML Purifier strips the forms out. I noticed that HTML Purifier has a HTMLPurifier_HTMLModule_Forms class, but I don't know if that does what I want. If it does, how do I enable it? 回答1: $config->set('HTML.Trusted', true); $config->set('Attr.EnableID', true); should turn on Forms (I think they’re enabled by default in the trusted set.) Of course, this also allows

Whitelist element with class of, using htmlpurifier

左心房为你撑大大i 提交于 2019-12-21 22:13:58
问题 I want to only allow the span element only when it has a certain class in htmlpurifier does anyone know how to do this, right now I have $config->set('HTML.Allowed','a[href],p,ol,li,ul,img[src],blockquote,em,span[class]'); $config->set('Attr.AllowedClasses',"allowed"); but that allows all spans and only allows class allowed I like that it only allows the "allowed" class but I only want it to allow span when the value of its class is "allowed" thanks 回答1: Ad hoc solution: redefine the class in

Modifying htmlpurifier allowed tags for this markup

陌路散爱 提交于 2019-12-21 05:25:09
问题 My html purifier settings now allow only these tags $configuration->set('HTML.Allowed', 'p,ul,ol,li'); I want to allow indentation of lists and my editor uses this html <ul style="margin-left: 40px;"> How should I change my HTMLPurifier Allowed tags? I thought to add style , but I think it would be better to specify exactly which style is allowed, which in this case would be margin-left . What is the right way to change the HTML.Allowed for this case? 回答1: Allow the style attributes, and then

Include HTMLpurifier with Zend_Loader

旧时模样 提交于 2019-12-20 15:32:08
问题 I want to use the HTMLpurifier in combination with the Zend Framework. I would love to load the Class and its files with the Zend_Loader. How would you include it? Would you just use the HTMLPurifier.auto.php or do you know a better way of doing it? 回答1: I use HTML Purifier as a filter in my Zend Framework project. Here's an altered version of my class: require_once 'HTMLPurifier.includes.php'; require_once 'HTMLPurifier.autoload.php'; class My_Filter_HtmlPurifier implements Zend_Filter

Include HTMLpurifier with Zend_Loader

て烟熏妆下的殇ゞ 提交于 2019-12-20 15:30:47
问题 I want to use the HTMLpurifier in combination with the Zend Framework. I would love to load the Class and its files with the Zend_Loader. How would you include it? Would you just use the HTMLPurifier.auto.php or do you know a better way of doing it? 回答1: I use HTML Purifier as a filter in my Zend Framework project. Here's an altered version of my class: require_once 'HTMLPurifier.includes.php'; require_once 'HTMLPurifier.autoload.php'; class My_Filter_HtmlPurifier implements Zend_Filter

What does HTML Purifier do that secure PHP programming can't?

久未见 提交于 2019-12-18 10:54:22
问题 I'm researching PHP security best practices and specifically the HTML Purifier library. I like the idea of using a third-party library to help strengthen the security of my sites, but I'm confused about a few things... First, a general question... What does HTML Purifier do that practicing secure PHP programming can't? If I'm using HTML Purifier, does that mean I get to skip common security measures like using PHP functions to filter input and escape output? One of the response comments for

HTMLPurifier without htmlspecialchars

|▌冷眼眸甩不掉的悲伤 提交于 2019-12-13 00:29:59
问题 I am using HTMLPurifier for simple Tinymce WYSIWYG .If I don't use htmlspecialchars ,would it be open to XSS Attack ?This is what I'm doing $detail = $purifier->purify($detail); to purify data for that textarea .If I use htmlspecialchars ,it strips all basic tags as well which is not user friendly for an WYSIWYG editor.But the problem is,this allows <script> tag as well. And if I change conf setting to $config->set('ExtractStyleBlocks.1', true); It doesn't allow < and > for <script> tag