Reputation: 984
HTMLPurifier causes a 500 Internal Server Error
I have setup HTMLPurifer using the default configuration found here
All seems to be working ok apart from when I pass text containing something like <script></script>. Instead of filtering this out as an XSS attack, I receive an internal server error.
I've tried other html like <b></b> and this works ok, so It must be something to do with the script tag specifically. Any idea? Thanks.
Edit: Ok so I've tried all kinds of things to enable error logging. I've deliberately creating PHP errors to test that errors are being written to the log and this is ok. However no matter what I do I can't get the 500 error to log its cause.
Upvotes: 2
Views: 363
Answers (1)
Reputation: 26762
My psychic debugging skills tell me you should turn off mod_security.
Upvotes: 1
Related Questions
- htmlpurifier with an html5 doctype
- How do I stop htmlPurifier from automatically decoding html entities?
- HTMLPurifier config error
- htmlpurifier does not allow css important decleration
- How to allow code in htmlpurifier
- HTMLPurifier converts > to &gt;
- HTMLPurifier ignoring attributes even though in config
- No HTML at all with HTML Purifier
- HTMLPurifier Not working?
- PHP & HTML Purifier error: Undefined variable: dirty_html