views:

420

answers:

1

I'm trying to allow rel attribute in a elements within HTML Purifier filter. I'm following this guide http://htmlpurifier.org/docs/enduser-customize.html and here is my code:

                $config = HTMLPurifier_Config::createDefault();
                $config->set('HTML.Doctype', 'XHTML 1.0 Strict');
                $config->set('HTML.DefinitionID', 'enduser-customize.html tutorial');
                $config->set('HTML.DefinitionRev', 1);
                $config->set('Cache.DefinitionImpl', null); // remove this later!
                $def = $config->getHTMLDefinition(true);
                $def->addAttribute('a', 'href*', 'URI');
                $def->addAttribute('a', 'rel', 'CDATA');
                $purifier = new HTMLPurifier($config);

However, the HTML purifier is still filtering out all rel attributes... I'm a little confused what the problem could be.

When I use:

$config->set('Attr', 'AllowedRel', array('something'));

I get this error:

Notice: Using deprecated API: use $config->set('Attr.AllowedRel', ...) instead on line 191 in file C:\wamp\www\neonet\application\modules\admin\controllers\IndexController.php in C:\wamp\www\neonet\library\My\htmlpurifier-4.0.0-standalone\HTMLPurifier.standalone.php on line 1819

EDIT:

New code:

                $config = HTMLPurifier_Config::createDefault();
                $config->set('HTML.Doctype', 'XHTML 1.0 Strict');
                $config->set('Attr.AllowedRel', array('something'));
                $purifier = new HTMLPurifier($config);

When I use:

<href="/" rel="something">anchor</a>

Rel attribute still gets filtered.

+2  A: 

This configuration directive may be of interest to you. As for your code, it works for me; perhaps you have magic quotes turned on or haven't flushed the cached appropriately? (Try bumping DefinitionRev in that case.)

The other classic error when trying to use rel is that it doesn't work with XHTML Strict; that doctype doesn't define rel, so Attr.AllowedRel doesn't do anything (this should be mentioned in the docs but isn't.) So, you'll have to pick a different doctype if you want to keep your W3C checkmark or use the original code.

Edward Z. Yang
Yes but when I try to use it, I get an error, see above, I have edited my post.
Richard Knop
Ok ignore the last comment, I was using deprecated API... but it still doesn't work.
Richard Knop
Thanks, I will change the doctype.
Richard Knop