Welcome! » Log In » Create A New Profile

Allowed HTML elements

Posted by Rishabh 
Forum List Message List New Topic
Rishabh
Allowed HTML elements
April 04, 2011 11:01AM

Hello,

First of all, thanks on creating this powerful library.

I had a couple of questions:

1. I want to create an HTML page with forms and Javascript enabled. However, on purifying it, all these elements are stripped out. How can these be checked without them being stripped out completely?

2. Also, while there is a set of smoke tests available in the distribution, has someone created a set of test pages on which these attacks can be checked against?

Regards!

Reply Quote
Ambush Commander
Re: Allowed HTML elements
April 04, 2011 11:06AM

1. No, you can't do that with HTML Purifier

2. We have an extensive test suite in tests/, and you can also do hand testing using the demo page

Reply Quote
Newer Topic Older Topic
Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with < and >.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines: 

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with: 

.htmlpurifier-help {display:none;}

Message: