Welcome! » Log In » Create A New Profile

Configuration and Filter Levels for HTMLPurifier

Posted by Miniman 
Configuration and Filter Levels for HTMLPurifier
August 14, 2007 09:18AM

First of all i have to thank you for this great tool.

But i cant find any documentation of all Configuration Options i can set like :

$configPur->set('Core', 'DefinitionCache', null); $configPur->set('Core', 'Encoding', 'ISO-8859-1'); $configPur->set('HTML', 'Doctype', 'HTML 4.01 Transitional');

Where can i find the other options ? And i did read a document about Filter Levels. Where can i set them ?

I have the problem that i want to render the whole site against XSS Attacks. Then i want to render the forum posts and pms to allow only 4 or 5 tags like <br> or <blockqout>. Could somebody explain me how to do this ?

Kind regards,

Marco

Re: Configuration and Filter Levels for HTMLPurifier
August 14, 2007 02:58PM

If HTML in forum posts is the only potential source of XSS attacks -- that is, untrusted users can submit HTML only through forum posts -- then you need the filtering when posts are being submitted. If untrusted users submit HTML in blog posts, etc., the submissions need to be filtered before they get in. You set up code to run the filter for each of such cases. You can specify the allowed tags on a case-by-case basis. If HP is too much for you to use, try the Kses filter - the modified version is decent though not excellent like HP.

Re: Configuration and Filter Levels for HTMLPurifier
August 15, 2007 12:18PM

Thanks for you reply. But where can if find those filters ? And where can i find the possible configuration options ? Is there a list with all options anywhere ? Is there a possibility to choose a filter ( which has included more configuration options at once ).

Re: Configuration and Filter Levels for HTMLPurifier
August 15, 2007 08:39PM

Documentation for configuration options can be found here.

Filter levels need to manually set element by element using %HTML.Allowed

What software are you trying to integrate HTML Purifier with?

Re: Configuration and Filter Levels for HTMLPurifier
August 17, 2007 05:25AM

Its a custom software solution. An online social network. I need it for all user input like Forum posts or private messages. And they should only able to insert some tags like <br> or <blockqoute>.

Re: Configuration and Filter Levels for HTMLPurifier
August 19, 2007 03:42PM
Sorry, you do not have permission to post/reply in this forum.