All geek questions in one place

HtmlPurifier - allows you to use data

I am trying to resolve some data-attribute with htmlPurifier for all my span , but no way ...

I have this line:

 <p> <span data-time-start="1" data-time-end="5" id="5"> <word class="word">My</word> <word class="word">Name</word> </span> <span data-time-start="6" data-time-end="15" id="88"> <word class="word">Is</word> <word class="word">Zooboo</word> </span> <p>

My htmlpurifier configuration:

 $this->HTMLpurifierConfigInverseTransform = \HTMLPurifier_Config::createDefault(); $this->HTMLpurifierConfigInverseTransform->set('HTML.Allowed', 'span,u,strong,em'); $this->HTMLpurifierConfigInverseTransform->set('HTML.ForbiddenElements', 'word,p'); $this->HTMLpurifierConfigInverseTransform->set('CSS.AllowedProperties', 'font-weight, font-style, text-decoration'); $this->HTMLpurifierConfigInverseTransform->set('AutoFormat.RemoveEmpty', true);

I clear my $value as follows:

 $purifier = new \HTMLPurifier($this->HTMLpurifierConfigInverseTransform); var_dump($purifier->purify($value));die;

And get the following:

 <span>My Name</span><span>Is Zoobo</span>

But how to save my id , data-time-start , data-time-end data attributes in my span ?

I need to have this:

 <span data-time-start="1" data-time-end="5" id="5">My Name</span data-time-start="6" data-time-end="15" id="88"><span>Is Zoobo</span>

I tried to test this configuration:

 $this->HTMLpurifierConfigInverseTransform->set('HTML.Allowed', 'span[data-time-start],u,strong,em');

but the error message is:

User warning: attribute 'data-time-start' in the element 'span' not (for information on this, see the support forums)

Thanks for the help!

EDIT 1

I tried to resolve the id for firdt with this line of code:

 $this->HTMLpurifierConfigInverseTransform->set('Attr.EnableID', true);

This does not work for me ...

EDIT 2

For data-* attributes, I add this line, but nothing happened ...

 $def = $this->HTMLpurifierConfigInverseTransform->getHTMLDefinition(true); $def->addAttribute('sub', 'data-time-start', 'CDATA'); $def->addAttribute('sub', 'data-time-end', 'CDATA');
+6
source share
1 answer

HTML Cleaner knows the structure of HTML and uses this knowledge as the basis of its white listing process. If you add a standard attribute to the white list, it does not allow arbitrary content for this attribute - it understands the attribute and will still reject content that does not make sense.

For example, if you had an attribute somewhere in which numeric values ​​were accepted, the HTML Purifier would still deny the HTML that was trying to enter the value "foo" for this attribute.

If you add custom attributes, just adding it to the whitelist doesn't teach HTML Purifier how to handle attributes: what data can it expect in these attributes? What data is malicious?

There is extensive documentation on how you can tell HTML Purifier about the structure of your custom attributes here: Customize

Here is a sample code for the attribute 'target' <a> -tag:

 $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.DefinitionID', 'enduser-customize.html tutorial'); $config->set('HTML.DefinitionRev', 1); $config->set('Cache.DefinitionImpl', null); // remove this later! $def = $config->getHTMLDefinition(true); $def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');

This will add target as a field that accepts only the values "_blank" , "_self" , "_target" and "_top" . This is a little more rigorous than the actual definition of HTML, but for most purposes it’s enough.

For the general approach you need for data-time-start and data-time-end . For possible customization, check out the official HTML cleanup documentation (as described above). My best guess from your example is that you don't want Enum#... , but Number like this ...

 $def->addAttribute('span', 'data-time-start', 'Number'); $def->addAttribute('span', 'data-time-end', 'Number');

... but check this out and see what works best for your use case. (Although you are implementing this, do not forget that you also need to list the attributes in the white list, as you are doing now.)

For id you must include Attr.EnableID = true as part of your configuration.

I hope this helps!

+7
source

Source: https://habr.com/ru/post/984325/

More articles:


All Articles