Welcome! » Log In » Create A New Profile

Not filtering?

Posted by DavidIanWaters 
Not filtering?
December 06, 2011 07:06AM

My code:

require_once './HTMLPurifier.standalone.php';

$config = HTMLPurifier_Config::createDefault();

$config->set('HTML.Allowed', 'p,span,em,ul,ol,li');

$purifier = new HTMLPurifier($config);

$output= $purifier->purify($input);

$input:

<script>abc</script><p>p1</p><div>123</div>

$output:

<script>abc</script><p>p1</p><div>123</div>

Works fine on your demo page: output is <p>p1</p>123

What am i doing wrong?

Thanks

David

Re: Not filtering?
December 06, 2011 11:40AM

I don't think that's all of your code; where are you echo'ing the input and output? Can you post ALL of it?

Re: Not filtering?
December 06, 2011 04:19PM

I now know that the input to purifier came from TinyMCE which must use htmlentities which probably means that purifier will not work? Have tried html-entity-decode and it seems to work.

Re: Not filtering?
December 06, 2011 04:22PM

TinyMCE doesn't htmlentities its input. But yes, if you htmlentities input before passing it to HTML Purifier, HTML Purifier will think it's all escaped and good and not do anything to it.

Sorry, you do not have permission to post/reply in this forum.