Reputation: 907
I'm having trouble allowing certain HTML attributes into HTMLPurifier's whitelist.
This is my code:
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', 'u,p,b,i,span[style],strike,s,strong,em,li,ul,ol,div[align],br,img[src|alt|width|height],sub,sup');
$purifier = new HTMLPurifier($config);
When I run: $clean_str = $purifier->purify($dirty_str);
on this: <div align="left">Left</div>
I get this: <div>left</div>
.
If I remove: div[align]
from HTML.Allowed
I get this: Left
- so I know that the HTML.Allowed
is working for elements, but not for attributes.
I'm sure I'm doing something silly, but I can't for the life of me figure it out!
Thanks in advance for any help.
Using htmlpurifier-4.4.0-lite with PHP 5.3.14
Upvotes: 1
Views: 269
Reputation: 26762
Turn off magic quotes. See the manual: http://php.net/manual/en/security.magicquotes.disabling.php
Upvotes: 3