All geek questions in one place

Whitelist element with class using htmlpurifier

I want to allow span element only when it has a specific class in htmlpurifier

Does anyone know how to do this, right now I have

$config->set('HTML.Allowed','a[href],p,ol,li,ul,img[src],blockquote,em,span[class]'); $config->set('Attr.AllowedClasses',"allowed");

but this allows all spaces to be used and only permits the class that I like, only permits the "allowed" class, but I want it to allow span when its class value is "allowed"

thanks

+2
source share
4 answers

So, based on the Ambush-comander suggestion , I was able to remove all the gaps that did not have a particular class, the idea is that if the class that it required, the element does not have this class, the element will be deleted.

I did some research and found htmlpurifier customize that explains how to add an attribute according to their instructions. I only need to add four lines of code so this is how I did it

  // more configuration stuff up here $config->set('HTML.DefinitionID', 'enduser-customize.html editor'); $config->set('HTML.DefinitionRev', 1); $def = $config->getHTMLDefinition(true); $def->addAttribute('span', 'class*', new HTMLPurifier_AttrDef_Enum( array('allowed') )); // purify down here

* in the class makes the class requried and becuse we allow only the permitted class everything else striped. now there is one caveat to do it this way. if someone puts this class in this place then it will be allowed in my case. I do not use "permitted". I am using something else that will be replaced by html purifier

hth someone else

and thanks to the ambush and the pink for all their help!

+2
source

Special solution: redefine the required class in span and set it so that it has N possible values. Requiring this will remove the tag if it does not exist.

+4
source

You left a comment in my similar question . I still do not have a solution due to the injector / cleanup order, which is key in my case, but the injector solution should work for you, since you are not dependent on โ€œpre-processingโ€, so to speak.

As far as i see you have two worthy three main four options:

  • You can use the attribute solution in my question to clear all attributes if you don't mind the tags with the left <span> and </span> tags in your HTML. If you keep in mind, you can combine this solution with the installer to remove the empty label , although the order of execution is very, very likely to cripple you again. (So, I think if not - excellent, you have an answer! :))

  • You can use nozzles. They are a fairly extensive and detailed HTML cleaner function, so I can't come up with an example to help you fix the situation. But! Maybe you should take a look at the thread on the HTML cleaner forum where the Linkify injector was created , which is a pretty thorough discussion of the topic, not to mention the fact that the injector I mentioned in # 1 can also help you figure out them.

  • Something I'm investigating for my own purposes is the DOM methods built into PHP. This is a solid alternative if # 1 and # 2 for some reason get out from under you, but, of course, are expensive resources.

  • Regular expressions. I really mention this as a last resort, and this is not even a serious proposal. It would probably be prudent to use regex on already-cleaned HTML, but it seems like a waste of a good HTML parser. (But then, admittedly, so is # 3.)

Good luck.

+1
source

There is nothing in the documentation about setting attribute values. However, if you use the class only once, I think there will be no problem if you do as you wrote.;)

0
source

Source: https://habr.com/ru/post/1306941/

More articles:


All Articles