Welcome! » Log In » Create A New Profile

custom whitelist?

Posted by es555

es555

custom whitelist?
August 20, 2009 02:59AM

I want to use htmlpurifier in such a way that only a strict subset of tags and attributes are allowed. Where and how can I specify the list of html tags and attributes that I want to allow (so that ALL other tags and attributes get immediately filtered out). Thanks.

Reply Quote

vaughan

Re: custom whitelist?
August 20, 2009 09:55AM

Registered: 5 years ago
Posts: 204

i'd start with reading the docs on this site.

http://htmlpurifier.org/live/configdoc/plain.html#HTML.AllowedElements

http://htmlpurifier.org/live/configdoc/plain.html#HTML.AllowedAttributes

are what you require. you could use HTML.Allowed for a general purpose, but you'll get more benefit from using the above 2 configs rather than HTML.Allowed.

hope this helps you.

Reply Quote

Ambush Commander

Re: custom whitelist?
August 20, 2009 10:45AM

Admin
Registered: 6 years ago
Posts: 2,636

%HTML.Allowed is a strictly equivalent to the two mentioned above.

Reply Quote

Newer Topic Older Topic

Print View RSS

Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with < and >.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines:

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with:

.htmlpurifier-help {display:none;}

Message:

Navigation

custom whitelist?