htmlpurifier

htmlpurifier with an html5 doctype

空扰寡人 提交于 2019-12-12 07:26:40
问题 Is it possible to have htmlpurifier use the html5 doctype? The documentation here states that you can change the doctype and encoding with the following: <?php require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Core', 'Encoding', 'ISO-8859-1'); // replace with your encoding $config->set('HTML', 'Doctype', 'HTML 4.01 Transitional'); // replace with your doctype $purifier = new HTMLPurifier($config); $clean_html =

htmlPurifier not working with Froala editor WYSIWYG

隐身守侯 提交于 2019-12-12 06:37:09
问题 When i Input.: <script>alert("XSS")</script>Cleaning Test My output should be Cleaning Test but i get same as input <script>alert("XSS")</script>Cleaning Test can someone help me to solve this problem and tried a lot but doesn't works i need to check my htmlpurifie is working this is my code <?php require_once 'htmlpurifier/library/HTMLPurifier.auto.php'; ini_set("display_errors", 1); error_reporting(E_ALL); define('DB_SERVER', "localhost"); define('DB_USER', "sanoj"); define('DB_PASSWORD',

Forbid script tags and event listeners in jqte jQuery text editor using htmlpurifier

吃可爱长大的小学妹 提交于 2019-12-12 02:28:13
问题 I am using jqte to give users of a cms I wrote some WYSIWYG for their content. To output the content publicly I use htmlPurifier so there is no way, editors will do harm to the visitors of the site. They could however place <button onclick="alert('this sux')">klick me</button> in the textarea and the next user will find a working button. <script>evilcode</script> is even executed. Has anyone dealt with this before me and can give me a hint to an elegant solution here? 回答1: I'm going to go out

HTMLPurifier dies when the following code is run through it

此生再无相见时 提交于 2019-12-11 15:48:21
问题 Using the latest release of HTMLPurifier with default configs. The following code will cause the oh-so-lovely blank white page in PHP. Am I missing something? Even if I set HTML.TidyLevel to light or none it still breaks. Here is a partial log of the errors thrown when trying to purify the code below: http://pastie.org/private/13f0htscq0v8bhhlt7dpg For reference, here is the associated code I'm using to do it: $config = new HTMLPurifier_Config(new HTMLPurifier_ConfigSchema()); $config->set(

Laravel Mews HTMLPurifier - add custom config

最后都变了- 提交于 2019-12-11 11:07:05
问题 I am using HTMLPurifier and this package for Laravel 5: https://github.com/mewebstudio/Purifier However, the docs show to use it like this: $clean = Purifier::clean($dirty); and the default config file is: return [ 'encoding' => 'UTF-8', 'finalize' => true, 'cachePath' => storage_path('app/purifier'), 'settings' => [ 'default' => [ 'HTML.Doctype' => 'XHTML 1.0 Strict', 'HTML.Allowed' => 'img[alt|src],ul,li,p,br,b', 'CSS.AllowedProperties' => '', //'AutoFormat.AutoParagraph' => true,

Remove empty tags in Imperavi Redactor

血红的双手。 提交于 2019-12-11 07:39:34
问题 Using Imperavi Redactor with Yii 2 framework. When no text is entered, Imperavi Redactor produces this markup: <p><br></p> . For each line break this markup is appended too. I want to remove this because there is no way to normally validate such content with RequiredValidator . I want to do deletion in beforeValidate() event and check if any text is entered. If there is no text except empty tags, spaces and line breaks the saving is not allowed. Otherwise the content should be saved in

HTMLPurifier: auto br

試著忘記壹切 提交于 2019-12-11 06:37:39
问题 How i can get: <p>first<br>p</p> <p>second p</p> from: <p>first p</p> <p>second p</p> using HTMLPurifier? 回答1: I'm not sure about the specifics, but since this question has no answers, see if these pointers help you: If you're really set on solving this with HTML Purifier, you might be able to write a textnode transformation that does an nl2br or str_replace by writing a class that extends HTMLPurifier_AttrDef_Text . Pseudocode: class HTMLPurifier_AttrDef_Text_Linebreaks extends HTMLPurifier

How can I allow <audio> elements with HTML Purifier?

◇◆丶佛笑我妖孽 提交于 2019-12-11 05:27:59
问题 How can I allow elements with HTML Purifier? I have tried $config->set('HTML.Allowed', 'audio'); , but now it will delete all other elements including <p>, <br> etc. I then tried $def->addAttribute('audio', 'src', 'CDATA'); but it's not working. 回答1: HTML.Allowed is a whitelist of all allowed tags, so what you presumably want to do is concatenate $config->get('HTML.Allowed') with ,audio as a value. That said, HTML Purifier's approach to security is HTML flavour aware - as in, rather than just

with HTMLpurifier, how to add a couple attributes to the default whitelist, e.g. 'onclick'

和自甴很熟 提交于 2019-12-11 02:36:08
问题 Two questions: I have been reading docs and SO posts.. and know how to do it the long way (defining each and every element and attribute myself), but all I want to do is add 2 or 3 attributes to the default whitelist.. so that I do not have to constantly find and add more elements/attributes to, e.g., HTML.AllowedElements and/or HTML.AllowedAttributes . Specifically, now, (for internal trusted users) I need to allow javascript attributes (input from tinymce). Question #1.) Is there a way to

Configuring HTMLPurifier to display external links as plain text

£可爱£侵袭症+ 提交于 2019-12-10 20:44:10
问题 I am trying to configure HTMLPurifier to only display external links as plain text. I used DisplayLinkURI option but it display all links as a plain text. is there any configuration for that? here is my code: $mySite='<a href="http://www.mysite.com/">mysite</a>'; $externalSite='<a href="http://www.external.com/">external</a>'; require_once 'include/htmlpurifier/library/HTMLPurifier.auto.php'; $Config = HTMLPurifier_Config::createDefault(); $Config->set('AutoFormat.DisplayLinkURI', true);