Htmlpurifier does not add some tags to the allowed ones

Question

I want to configure htmlpurifier so that it allows tags in html. Htmlpurifier the whitelist with the tags table, tbody and does not work. On the official website in demo mode, the table tag is also deleted even if you add it to the allowed ones. But the tag works correctly. Tell me, what am I doing wrong?

You can try configure here: https://htmlpurifier.org/demo.php

$whitelistTagList = ['u', 'table'];

$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', implode(', ', $whitelistTagList));

return HTMLPurifier::getInstance()->purify($value, $config);

Answer 1

It's worth noting that a <table> tag by itself isn't valid HTML. You also need to allow <tr>, <td>, <th>, et cetera. Otherwise HTML Purifier would, at best, turn input like this:

<table>
  <tr>
    <td>
      Foo
    </td>
  </tr>
</table>

...into this through purification:

<table>
      Foo
</table>

...and since <table> requires other HMTL nodes inside it to be valid, the entire <table> tag and its contents will be removed.

As a sidenote, you should probably implode(',', $whitelistTagList), without the space. By coincidence it works with the space as well, but the described syntax of HTML.Allowed doesn't use spaces after commas:

Specify elements and attributes that are allowed using: element1[attr1|attr2],element2.... For example, if you would like to only allow paragraphs and links, specify a[href],p.