I am using HTML Purifier in my PHP project and am having trouble getting it to work properly with user input. I am having users enter in HTML using a WYSIWYG editor (TinyMCE), but whenever a user enters in the HTML entity (non-breaking space) it gets saved into the database as this weird foreign character (Â). However, the thing...
Hey guys, I want to use the HTMLpurifier in combination with the Zend Framework. I would love to load the Class and its files with the Zend_Loader. How would you include it? Would you just use the HTMLPurifier.auto.php or do you know a better way of doing it? ...
How to whitelist just some attributes with HTMLpurifier? I want HTMLpurifier to delete all the other, not allowed attributes. ...
Using PHP against a UTF-8 compliant database. Here's how input goes in. user types input into textarea textarea encoded with javascript escape() passed via HTTP post decoded with PHP rawurldecode() passed through HTMLPurifier with default settings escaped for MySQL and stored in database And it comes out in the usual way and I run un...
In drupal, keep getting an upgrade message all over site from htmlpurifier that a 4.0 is available. Ran upgrades (uploaded files and ran update.php) but still have message. No finds on this when I googled around. Supposedly a flush.php in a maintenace folder will flush it's cache (which is invconveniently separate from the rest of Drup...
Is it possible to allow embed, object, and param HTML tags with HTMLPurifier? I'm trying to allow YouTube, Vimeo, etc. videos to be embedded, but they're always stripped, no matter what I try. I do understand that these are risky tags to allow. If it's not possible, what other HTML filtering options do I have with PHP? It doesn't seem t...
I'm using HTMLPurifier to check for XSS in an entire HTML document. The problem is that it appears to strip out anyything that isn’t inside <body> tags. But, I want to keep everything, just look out for serious XSS attacks. Any ideas how to allow <HTML>, <HEAD>, <META> etc.? ...
I have used HTML purifier to weed out any suspect stuff coming in from my public facing WYSIWYG editor. The incoming HTML is also displayed in the public portion of the website. I have allowed links, and I also automatically linkify URLs in plain text (using the purifier). Is there a way to allow external links, but ban links to the sa...
I'm trying to allow rel attribute in a elements within HTML Purifier filter. I'm following this guide http://htmlpurifier.org/docs/enduser-customize.html and here is my code: $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.Doctype', 'XHTML 1.0 Strict'); $config->set('HTM...
In jWYSIWYG editor, pushing enter inserts <br />s. Instead of this, I would prefer that pushing enter would wrap chunks in <p> tags. WHAT IS OUTPUT line <br /> new line WHAT I WANT <p>line</p> <p>new line</p> Quick examination of the config seems I can't do it without hacking it internally. Do you suggest I hack the plugin, or u...
Is there a comprehensive Html cleaner/Anti-Xss library for .NET that also has a defined whitelist. I know that Microsofts Anti-Xss is a good place to start, but it needs a good whitelist for allowed html tags and css. Does anyone know of something? ...
I have a database the I am rebuilding the table structure was crap so I'm porting some of the data from one table to another. This data appears to have been copy-pasted from MSO product so as I'm getting the data I clean it up with htmlpurifier and some str_replace in php. Here is the clean function: function clean_html($html) { ...
I'm trying to install HTML Purifier http://htmlpurifier.org/ but I get the following error Undefined variable: dirty_html. I was wondering how can I fix this problem? Here is the PHP code. require_once '../../htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', '...
I have this script that collects data from users and I wanted to check their data for malicious code like XSS and SQL injections by using HTML Purifier http://htmlpurifier.org/ but how do I add it to my php form submission script? Here is my HTML purifier code require_once '../../htmlpurifier/library/HTMLPurifier.auto.php'; $config ...
How do I allow youtube videos on my web page using HTML Purifier http://htmlpurifier.org/. Can someone help me on this on their demo I have to check Use experimental features. How do I fix my code to allow youtube videos? ...
I read the http://htmlpurifier.org/docs/enduser-youtube.html doc, but I still can't figure out where to put the code to allow object, param and embed tags and Use experimental features with my htmlpurifier. Can someone please show me how to do this? ...
Premise I know that writing code to act differently when a test is run is hilariously bad practise, but I may've actually come across a scenario in which it may be necessary. Specifically, I'm trying to test a very specific wrapper for HTML Purifier in the Zend framework - a View Helper, to be exact. The HTML Purifier autoloader is nec...
How do I display this in © html purifier instead of this all the time ©. In other words how do I display both in html purifier http://htmlpurifier.org/? ...
How do I allow <style> tags in html purifier http://htmlpurifier.org/? ...
How do I allow the marquee tag in html purifier http://htmlpurifier.org/ I read the docs but I couldn't find anything. Does any one have a clue? ...