SammyBlackBaron
Reputation: 907
HTMLPurifier ignoring attributes even though in config
I'm having trouble allowing certain HTML attributes into HTMLPurifier's whitelist.
This is my code:
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', 'u,p,b,i,span[style],strike,s,strong,em,li,ul,ol,div[align],br,img[src|alt|width|height],sub,sup');
$purifier = new HTMLPurifier($config);
When I run: $clean_str = $purifier->purify($dirty_str); on this: <div align="left">Left</div> I get this: <div>left</div>.
If I remove: div[align] from HTML.Allowed I get this: Left - so I know that the HTML.Allowed is working for elements, but not for attributes.
I'm sure I'm doing something silly, but I can't for the life of me figure it out!
Thanks in advance for any help.
Using htmlpurifier-4.4.0-lite with PHP 5.3.14
Upvotes: 1
Views: 269
Answers (1)
Edward Z. Yang
Reputation: 26762
Turn off magic quotes. See the manual: http://php.net/manual/en/security.magicquotes.disabling.php
Upvotes: 3
Related Questions
- HtmlPurifier - allow data attribute
- HTMLPurifier allowing specific attribute values
- allowing data-* attributes with HTMLPurifier
- htmlpurifier custom attributes
- HTMLPurifier config error
- HTMLPurifier allow attributes
- Allowing custom attribute to element with htmlpurifier
- Adding attributes to a tag using htmlpurifier
- HTMLPurifier allow class attribute
- make HTMLPurifier omit double quotes around="attributes"