IDs are not displayed after using the purify package with Laravel

Question

I have a Laravel website and I'm using the stevebauman/purify v6 package to clean and validate content on the frontend. However I have a little problem. When I have an id in an html tag, it removes it or rather it just doesn't display it.

This is what I tried so far:

1. Updated the allowed.HTML in config/purify.php like this

'HTML.Allowed' => 'h1[id],h2[id],h3[id],h4[id],h5[id],h6[id],b,strong,blockquote,code,pre[class|id],i,em,a[href|title|id],ul,ol,li,p[style|id],br,span[id],img[width|height|alt|src|class|id]',

2. I also added this line to the config file:

'Attr.AllowedFrameTargets' => array('_blank', '_self', '_parent', '_top', 'id'),

3. In app/Providers/AppServiceProvider.php I added the class:

public function register()
{
    $this->app->register(\Stevebauman\Purify\PurifyServiceProvider::class);
}

4. I also made sure to empty the cache php artisan config:cache

I'm displaying the content in my view like this:

{!! \Purify::clean($post->content) !!}

Unfortunately the IDs are not displayed on the frontend.

Answer 1

HTML Purifier disallows id attributes by default. You need to explicitly allow them with an additional toggle: Attr.EnableID:

Allows the ID attribute in HTML. This is disabled by default due to the fact that without proper configuration user input can easily break the validation of a webpage by specifying an ID that is already on the surrounding HTML. If you don't mind throwing caution to the wind, enable this directive, but I strongly recommend you also consider blacklisting IDs you use (%Attr.IDBlacklist) or prefixing all user supplied IDs (%Attr.IDPrefix).