Reputation: 1349
Preventing all html tags in HTMLPurifier
How to set value of HTML.ForbiddenElements so that it would not allow any HTML tags to be entered.
Upvotes: 0
Views: 425
Answers (1)
Reputation: 6179
If you want to disallow everything with HTML Purifier, the easiest way ought to be to set an empty with whitelist HTML.Allowed rather than an attempt at a thorough blacklist. (Generally speaking, I'd recommend staying away from blacklist approaches unless you really have no other option - with blacklists, there's always a chance to miss something.)
But:
HTML Purifier is a tool designed to help you specifically if you allow HTML. If you don't, chances are it is simply computational overhead and doesn't net you a benefit.
To contrast:
Perhaps try htmlspecialchars(strip_tags(...), ENT_QUOTES, 'your-encoding-goes-here') instead? That should be faster and just as secure for what you're trying to achieve.
Upvotes: 1
Related Questions
- htmlpurifier - How to escape self closing tags?
- HtmlPurifier and pre tag content
- HTMLPurifier Library removes all custom tags
- htmlpurifier allow scheme for specific tags
- Allow certain tags in htmlpurifier
- Limit HTMLPurifier to accept specific tags
- Get HTMLPurifier 4.5 to allow only one tag
- Can I configure HTML Purifier to allow <style> tags?
- How to Allow tags in HTML Purifier?
- How to whitelist just some attributes with HTMLpurifier?