SammyBlackBaron
SammyBlackBaron

Reputation: 907

HTMLPurifier ignoring attributes even though in config

I'm having trouble allowing certain HTML attributes into HTMLPurifier's whitelist.

This is my code:

$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', 'u,p,b,i,span[style],strike,s,strong,em,li,ul,ol,div[align],br,img[src|alt|width|height],sub,sup');
$purifier = new HTMLPurifier($config);

When I run: $clean_str = $purifier->purify($dirty_str); on this: <div align="left">Left</div> I get this: <div>left</div>.

If I remove: div[align] from HTML.Allowed I get this: Left - so I know that the HTML.Allowed is working for elements, but not for attributes.

I'm sure I'm doing something silly, but I can't for the life of me figure it out!

Thanks in advance for any help.

Using htmlpurifier-4.4.0-lite with PHP 5.3.14

Upvotes: 1

Views: 269

Answers (1)

Edward Z. Yang
Edward Z. Yang

Reputation: 26762

Turn off magic quotes. See the manual: http://php.net/manual/en/security.magicquotes.disabling.php

Upvotes: 3

Related Questions