Welcome! » Log In » Create A New Profile

Whitelisting attributes

Posted by Creatrix 
Creatrix
Whitelisting attributes
December 14, 2014 08:42AM

Hello,

We are currently investigating Html purifier, and although we like it so far, there is one issue that breaks the entire deal. The issue is with white listing attributes. As far as we understand, we have to white list using (attribute/s, element) to achieve the result. However due to the nature of our application, we can not foresee before hand the attributes that will need white listing, nor on what element or elements they will be added. We are hoping to be able to white list attributes based on a prefix and on more than one or all elements. In other words, we are hoping to be able to white list using (postfix_* /s, element /s), where '/s' indicate one or more, and '*' indicates any character. Note that the postfix does not necessarily end with '_'.

Re: Whitelisting attributes
December 23, 2014 03:36PM

Unfortunately there is no functionality like this built in. It might be possible to do a simple patch to do this though.

Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with < and >.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines:

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with:

.htmlpurifier-help {display:none;}

Message: