ryan Posted March 8, 2013 Posted March 8, 2013 HTML Purifier is an HTML sanitization and validation module for ProcessWire. It serves as a front-end to the HTML Purifier PHP library. From htmlpurifier.org: HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications. Usage: This module is something that you would use from a template file or another module. The syntax basically goes like this: $purifier = $modules->get('MarkupHTMLPurifier'); $cleanHTML = $purifier->purify($dirtyHTML); The default settings seem to be about right for most cases. However, you can also specify custom settings to HTML Purifier by performing set() calls before calling purify(). For example, UTF-8 encoding is assumed, so if you wanted ISO-8859-1 instead, you'd do: $purifier->set('Core.Encoding', 'ISO-8859-1'); About this module: The reason I made this module is that I'm currently working on a CKEditor module for ProcessWire. It supports a very nice inline mode that I'd like to use. But the problem with an inline mode is that the text you edit is real rendered HTML (rather than a textarea), so that could be a security problem (i.e. XSS). I researched into into how best to resolve that, and the HTML Purifier library kept coming up. So here this module is. The new CKEditor module will require it if you want to use inline mode. Download: GitHub: https://github.com/ryancramerdesign/MarkupHTMLPurifier Modules Directory: http://modules.processwire.com/modules/markup-htmlpurifier/ 15
Joss Posted March 8, 2013 Posted March 8, 2013 This is seriously useful! I was thinking about using WYSIHTML Bootstrap thingy on front end forms - this should be a perfect addition! 1
Pete Posted March 8, 2013 Posted March 8, 2013 That's great ryan as in a module just the other day I was using Sanitizer which was getting me so far, but this should give some additional useful options 1
onjegolders Posted July 26, 2013 Posted July 26, 2013 Joss, did you ever get anywhere with incorporating WYSIHTML5?
renobird Posted April 15, 2014 Posted April 15, 2014 Thank you Ryan! I'm importing hundreds of user profiles and the biography information is a nightmare. This should clean it up nicely. 1
nurkka Posted February 18, 2016 Posted February 18, 2016 Hi,how is it possible to modify the settings of the html purifier instance that is used by InputfieldCKEditor?How can I get the correct instance $purifier? $purifier->set('Attr.AllowedFrameTargets', array('_blank','_top')); My goal is to allow link target "_top" *without* having to disable html purifier ...
Soma Posted May 26, 2016 Posted May 26, 2016 Hi, how is it possible to modify the settings of the html purifier instance that is used by InputfieldCKEditor? How can I get the correct instance $purifier? $purifier->set('Attr.AllowedFrameTargets', array('_blank','_top')); My goal is to allow link target "_top" *without* having to disable html purifier ... I wonder why nobody/Ryan answers here.... No it's not possible. I also ran into it. InputfieldCKEditor.module does configure purifier hardcoded with the allowing the target _blank. Nothing else. But the thing is we can configure the Link Editor to use different targets. But when adding a new one like "_parent", it won't allow it as it's hardcoded. In my opinion the InputfieldCKEditor.module should recognize the target config of Link Editor and add those to the allowed targets. 3
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now