Welcome! » Log In » Create A New Profile

Howto stop from escaping characters

Posted by jmut 
Howto stop from escaping characters
November 12, 2009 11:02AM

Hi folks, I'd like to make htmlpurifier not escape all entities.

This is my setup

 $config = HTMLPurifier_Config::createDefault();
        $config->set('Core', 'Encoding', 'UTF-8'); // replace with your encoding
        $config->set('HTML', 'Doctype', 'XHTML 1.0 Transitional'); // replace with your doctype
        $config->set('Cache', 'SerializerPath', '/some/dir/');

        $allowedHtml = '
            a[rel|rev|charset|hreflang|tabindex|accesskey|type|name|href|target|title|class]
            strong,b,em,i,strike,u,
            p[align],ol[type|compact],ul,li,br,img[src|width|height|alt|title],
            sub,sup,
            blockquote,table[border|cellspacing|cellpadding|width|height|align|summary|bgcolor|background|bordercolor],
            tr[rowspan|width|height|align|valign|bgcolor|background|bordercolor],tbody,thead,tfoot,
            td[colspan|rowspan|width|height|align|valign|bgcolor|background|bordercolor|scope]
            th[colspan|rowspan|width|height|align|valign|scope],
            caption,div, span, code, pre,address, h1, h2, h3, h4, h5, h6, hr[size|noshade],
            font[face|size|color],dd,dl,dt,cite,abbr,acronym,del[datetime|cite],ins[datetime|cite],
            button,col[align|char|charoff|span|valign|width],colgroup[align|char|charoff|span|valign|width],
            dfn,fieldset, kbd,label[for],legend,optgroup[label|disabled],option[disabled|label|selected|value],
            q[cite],small,
            textarea[cols|rows|disabled|name|readonly],tt,var,big
            *[style|id|title|class]
            ';
        $config->set('HTML', 'Allowed', $allowedHtml);
//        $config->set('HTML', 'AllowedAttributes', '*.style,*.id,*.title,*.class');
        $config->set('Attr', 'EnableID', true);
        $filter = new HTMLPurifier($config);

Then we have

echo $filter->purify(&#039;moo &  < > &#039;);

The output is:

moo &amp;  &lt; &gt;

while I'd like it to be:

moo & < > 

In other words I'd like the filter to drop all nasty tags and security related thingies...but not escape entities. Is this doable. I checked documentation and can't really find solution

Re: Howto stop from escaping characters
November 12, 2009 11:46AM

This is not doable, and if it were, would constitute a security risk. "What are you really trying to do?"

Sorry, you do not have permission to post/reply in this forum.