Welcome! » Log In » Create A New Profile

HTML Purifier filtering out CSS/layouts?

Posted by Chris_Pspace 
Chris_Pspace
HTML Purifier filtering out CSS/layouts?
April 11, 2009 10:29PM

I run a social network and recently started to use HTML Purifier to replace my older input filter. Unfortunately I've found my second problem. The first problem was with no longer being able to post playlist.com playlists and I was told in the forum it's because they use flash variables and HTML Purifier is yet to support this. I can wait until the newer version comes out I guess lol, but then I have another problem.

The second problem I have I was recently made aware of because members are telling me that they can't use backgrounds or layouts (CSS) in their profiles now. Some who were able to pre HTML Purifier said that they erased their old layout to use a new one only to find out that my site now filters out their layout changes.

Is there anything that can be done about this? I could copy/paste some layout code but there are so many variations of layouts that I probably don't need to do this in order for you guys to know what the problem is. What can I do guys??? :)

Thanks in advance!!

Chris

Re: HTML Purifier filtering out CSS/layouts?
April 12, 2009 12:27AM

<blockquote>I run a social network and recently started to use HTML Purifier to replace my older input filter. Unfortunately I've found my second problem. The first problem was with no longer being able to post playlist.com playlists and I was told in the forum it's because they use flash variables and HTML Purifier is yet to support this. I can wait until the newer version comes out I guess lol, but then I have another problem.</blockquote>

Are you using the filter method or the SafeObject method?

<blockquote>The second problem I have I was recently made aware of because members are telling me that they can't use backgrounds or layouts (CSS) in their profiles now. Some who were able to pre HTML Purifier said that they erased their old layout to use a new one only to find out that my site now filters out their layout changes.</blockquote>

Check out %Filter.ExtractStyleBlocks. You'll need CSS Tidy.

Chris_Pspace
Re: HTML Purifier filtering out CSS/layouts?
April 29, 2009 09:01PM

Thanks for responding. I'm very impressed by the HTML Purifier product and am very glad that I made the switch despite the problems that I'm running into. I have no idea if I'm using the filter method or the safeobject method. I imagine that I'm using the filter method as I'm running a function to filter the user's input before saving to the database, etc.

I did check out what you were referring to %Filter.ExtractStyleBlocks and i am a little confused as to what to do with this new found knowledge. :) Similar to Myspace, my users can add CSS to their 'About Me' section in their profile and prior to using HTML Purifier their profiles could be customized this way. Now it looks as though everything is stripped away.

The %Filter.ExtractStyleBlocks sounds like it will strip the CSS out and put it wherever I specify, such as into the header of the user's profile. Am I correct in this assumption? I'm not quite sure yet how to get from point A to point B but it sounds like this is a very good start.

My visitor's have been complaining to me thinking that I'm no longer allowing them to customize their profiles, but in actuality the filter has been changed and isn't working quite the same as it once did. I'm not sure how to use CSS Tidy yet, but judging by your answer and what I've read regarding both %Filter.ExtractStyleBlocks and CSS Tidy, I should be able to continue to have users simply enter CSS in their 'About Me' section and create a script to take care of the CSS that was input.

Has anyone done anything like this yet? I'm relatively curious how one would go about doing this. My script is very simple in that it filter's the user's input and whatever is left is stored in the database for that user's profile. When the profile is viewed the input is displayed.

It sounds like I just need to learn a bit more before I can actually implement this for my users, but the sooner the better so if anyone has any tips or examples of this type of thing please feel free to let me know. :)

Here is the very simple code that I use to process the user's input. The result is stored in the $about_me variable and later stored in the database. If you can give me a clue what I need to change in the code below, perhaps I can get this going for my users ASAP before they all leave for one of my competitors. :)

$about_me=$HTTP_POST_VARS["about_me"];
$about_me=$fm->remove($about_me);
$about_me=addslashes($about_me);

Thank you VERY MUCH in advance for any additional help.

Chris

Re: HTML Purifier filtering out CSS/layouts?
April 29, 2009 09:11PM

Yep. So what you did previously was just let the <style> blocks reside inline; now, HTML Purifier extracts the style blocks. You then have to stick the corresponding CSS into a real style block in your head tag (or possibly in another CSS file). The documentation has a sample implementation that you should copy paste and play around with.

Sorry, you do not have permission to post/reply in this forum.