Welcome! » Log In » Create A New Profile

Can I enable non-html tag in HTMLPurifier.such as "fb:name"

Posted by rainx 
Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 21, 2009 08:36AM

I am developing a f8-like open platform system. within this system, it allow developer to define their own feed template, just like what facebook does, developer could use some simple html tag (ie, a ) and one platform-specified tag , such as fb:name , here is a example of the feed:

<fb:name uid="1234" /> is eating an apple <a href="http://some.url">go to app</a>

above template is a legal one , but other tags is illegal , such as script, img, fb:redirect etc.

so can I use HTML Purifier to process this kind of string ?

Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 21, 2009 11:54AM

Sort of.

IIRC, HTML Purifier won't complain if you define an element that has a colon in it. HOWEVER, this is not strictly correct, since prefixes for XML namespaces can (and often do) change.

You'll probably want to do a little experimenting.

Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 25, 2009 04:45AM

I tried the following code :

<?php

require_once &#039;HTMLPurifier.auto.php&#039;;

$config = HTMLPurifier_Config::createDefault();
$config->set(&#039;Cache&#039;, &#039;SerializerPath&#039;, &#039;/tmp/&#039;);
$config->set(&#039;Cache&#039;, &#039;SerializerPath&#039;, &#039;/tmp/&#039;);
$config->set(&#039;HTML&#039;, &#039;Allowed&#039;, &#039;a[href|target],yk:name[uid]&#039;);
$dirty_html = <<<HTML
<yk:name uid=&#039;13423&#039;/><a href="http://163.com" >xxxxx</a>
HTML;
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
var_dump ($clean_html);
?>

and output while running the code is :


Warning: Element &#039;yk:name&#039; is not supported (for information on implementing this, see the support forums)  in /usr/share/php/HTMLPurifier/HTMLDefinition.php on line 265

Call Stack:
    0.0004      64756   1. {main}() /home/rainx/land/test/test.php:0
    0.0113     717148   2. HTMLPurifier->purify() /home/rainx/land/test/test.php:13
    0.0160     993836   3. HTMLPurifier_Generator->__construct() /usr/share/php/HTMLPurifier.php:127
    0.0160     994240   4. HTMLPurifier_Config->getHTMLDefinition() /usr/share/php/HTMLPurifier/Generator.php:47
    0.0160     994240   5. HTMLPurifier_Config->getDefinition() /usr/share/php/HTMLPurifier/Config.php:276
    0.0275    1643164   6. HTMLPurifier_Definition->setup() /usr/share/php/HTMLPurifier/Config.php:338
    0.0275    1643164   7. HTMLPurifier_HTMLDefinition->doSetup() /usr/share/php/HTMLPurifier/Definition.php:34
    0.0855    3456596   8. HTMLPurifier_HTMLDefinition->setupConfigStuff() /usr/share/php/HTMLPurifier/HTMLDefinition.php:167
    0.0877    2985100   9. trigger_error() /usr/share/php/HTMLPurifier/HTMLDefinition.php:265


Notice: Cannot allow attribute &#039;uid&#039; if element &#039;yk:name&#039; is not allowed/supported (for information on implementing this, see the support forums)  in /usr/share/php/HTMLPurifier/HTMLDefinition.php on line 316

Call Stack:
    0.0004      64756   1. {main}() /home/rainx/land/test/test.php:0
    0.0113     717148   2. HTMLPurifier->purify() /home/rainx/land/test/test.php:13
    0.0160     993836   3. HTMLPurifier_Generator->__construct() /usr/share/php/HTMLPurifier.php:127
    0.0160     994240   4. HTMLPurifier_Config->getHTMLDefinition() /usr/share/php/HTMLPurifier/Generator.php:47
    0.0160     994240   5. HTMLPurifier_Config->getDefinition() /usr/share/php/HTMLPurifier/Config.php:276
    0.0275    1643164   6. HTMLPurifier_Definition->setup() /usr/share/php/HTMLPurifier/Config.php:338
    0.0275    1643164   7. HTMLPurifier_HTMLDefinition->doSetup() /usr/share/php/HTMLPurifier/Definition.php:34
    0.0855    3456596   8. HTMLPurifier_HTMLDefinition->setupConfigStuff() /usr/share/php/HTMLPurifier/HTMLDefinition.php:167
    0.0882    2985136   9. trigger_error() /usr/share/php/HTMLPurifier/HTMLDefinition.php:316

string(34) "<a href="http://163.com">xxxxx</a>"

can I avoid this error by changing the 'HTML.Doctype' Setting?

Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 25, 2009 09:24AM
Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 27, 2009 04:41AM

ok I can add a name tag by the following code:


<?php
require_once &#039;HTMLPurifier.auto.php&#039;;
$config = HTMLPurifier_Config::createDefault();
$config->set(&#039;Cache&#039;, &#039;DefinitionImpl&#039;, null); // remove this later!
$config->set(&#039;Cache&#039;, &#039;SerializerPath&#039;, &#039;/tmp/&#039;);

$config->set(&#039;HTML&#039;, &#039;DefinitionID&#039;, &#039;Yahoo Koubei OpenPlatform.ykml&#039;);
$config->set(&#039;HTML&#039;, &#039;DefinitionRev&#039;, 1);
$config->set(&#039;HTML&#039;, &#039;Allowed&#039;, &#039;a[href|target],name[uid|linked]&#039;);
$def = $config->getHTMLDefinition(true);
$ykname = $def->addElement(
    &#039;name&#039;,   // name
    &#039;Inline&#039;,    // content set
    &#039;Empty&#039;, // allowed children
    &#039;Common&#039;, // attribute collection
    array( // attributes
        &#039;uid&#039;    => &#039;CDATA&#039;,
        &#039;linked&#039; => &#039;CDATA&#039;
    )
);

$dirty_html = <<<HTML
<name uid=&#039;13423&#039; linked="false"/><a href="http://163.com" >xxxxxx</a>
HTML;

$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
var_dump ($clean_html);
?>

the output is correct :


"<name uid="13423" linked="false" /><a href="http://163.com">xxxxxx</a>"

---------------------------------------

but while i replaced the name tag with yk:name on the source code:


<?php
require_once &#039;HTMLPurifier.auto.php&#039;;
$config = HTMLPurifier_Config::createDefault();
$config->set(&#039;Cache&#039;, &#039;DefinitionImpl&#039;, null); // remove this later!
$config->set(&#039;Cache&#039;, &#039;SerializerPath&#039;, &#039;/tmp/&#039;);

$config->set(&#039;HTML&#039;, &#039;DefinitionID&#039;, &#039;Yahoo Koubei OpenPlatform.ykml&#039;);
$config->set(&#039;HTML&#039;, &#039;DefinitionRev&#039;, 1);
$config->set(&#039;HTML&#039;, &#039;Allowed&#039;, &#039;a[href|target],yk:name[uid|linked]&#039;);
$def = $config->getHTMLDefinition(true);
$ykname = $def->addElement(
    &#039;yk:name&#039;,   // name
    &#039;Inline&#039;,    // content set
    &#039;Empty&#039;, // allowed children
    &#039;Common&#039;, // attribute collection
    array( // attributes
        &#039;uid&#039;    => &#039;CDATA&#039;,
        &#039;linked&#039; => &#039;CDATA&#039;
    )
);

$dirty_html = <<<HTML
<name uid=&#039;13423&#039; linked="false"/><a href="http://163.com" >xxxxxx</a>
HTML;

$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
var_dump ($clean_html);
?>

the output is :


"<a href="http://163.com">xxxxxx</a>"

---------------------------------------------

it remembered that the document mentioned that htmlpurifier is currently not namespace aware. but why it can not works on yk:name tag?

Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 27, 2009 11:31AM

Hmm... so, I've never actually tested what the code does when there's a colon in the attribute/element name. It looks like it doesn't like it. I'm going to go check and see what the code is actually doing, and see if there's a simple patch to change it.

Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 27, 2009 11:41AM

You forgot to change the dirty HTML in the second example (not that it would make a difference...)

So, all two (out of three) of our lexer implementations don't parse elements with colons in them correctly, so there's no way for HTML Purifier to do a sensible thing there. Fortunately, there's a quick workaround:

$config->set(&#039;Core&#039;, &#039;LexerImpl&#039;, &#039;DirectLex&#039;);

Since HTML Purifier is moving towards having one parsing strategy, namely the one in html5lib, I hope this "fix" works for you, even if it seems a little odd.

Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
May 28, 2009 02:00AM

great, it works.

How to fix with format ...?

<span style="font-size:100%;font-family:arial,sans,sans-serif;" 
		data-sheets-value="{"1":2,"2":"7.\ud504\ub85c\uc81d\ud2b8 - 
			\uc77c\uac10\uc758 \uc0c1\ud0dc\ub97c \uc0c1\uc138\uc5d0\uc11c \ubcc0\uacbd\uc2dc\uc5d0 \uc608)\uc0c1\ud0dc 
			: \uc644\ub8cc / \uc218\uc815\uc2dc \uc0c1\ud0dc : \uc644\ub8cc\ub85c \ub418\uc5b4 \ubcf4\uc5ec\uc9c4\ub2e4.\n   
			\uc0c1\ud0dc\uc758 \ubcc0\uacbd\ub41c \uac12\uc774 \uc801\uc6a9\ub418\uc5b4 \uc218\uc815\uc774 \uac00\ub2a5\ud558\ub2e4.\n   
			\ub9ac\uc2a4\ud2b8\uc5d0\uc11c \uccb4\ud06c\ubc15\uc2a4 \uc120\ud0dd - 
			\ubcf4\uc5ec\uc9c0\ub294 \uc0c1\ud0dc\ub97c \ubcc0\uacbd\uc2dc \uc0c1\ud0dc\uac00 \uc2e0\uaddc\ub85c \ubcf4\uc5ec\uc9c0\uba74 0% 
			\ub418\uc5b4\uc788\ub2e4.\n   --> 
			\uc0c1\ud0dc\uac00 \uc801\uc6a9\ub41c\uac83\uc73c\ub85c \ubcf4\uc5ec\uc838\uc57c\ud55c\ub2e4."}" data-sheets-userformat="{"2":8705,"3":{"1":0},"12":0,"16":10}">

		7.ÇÁ·ÎÁ§Æ® - ÀÏ°¨ÀÇ »óŸ¦ »ó¼¼¿¡¼­ º¯°æ½Ă¿¡ ¿¹)»óÅ : ¿Ï·á / ¼öÁ¤½Ă »óÅ : ¿Ï·á·Î µÇ¾î º¸¿©Áø´Ù.<br>   »óÅÂÀÇ º¯°æµÈ °ªÀ̀ Àû¿ëµÇ¾î ¼öÁ¤À̀ °¡´ÉÇÏ´Ù.<br>   ¸®½ºÆ®¿¡¼­ Ă¼Å©¹Ú½º ¼±ÅĂ - º¸¿©Áö´Â »óŸ¦ º¯°æ½Ă »óÅ°¡ ½Å±Ô·Î º¸¿©Áö¸é 0% µÇ¾îÀÖ´Ù.<br>   --&gt; »óÅ°¡ Àû¿ëµÈ°ÍÀ¸·Î º¸¿©Á®¾ßÇÑ´Ù.
	</span>
Re: Can I enable non-html tag in HTMLPurifier.such as "fb:name"
November 18, 2016 02:34PM
Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with &lt; and &gt;.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines:

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with:

.htmlpurifier-help {display:none;}

Message: