DEVHIDE
Login Or Sign up

Best Settings for Html purify

1.1k Views Asked by At

I would like to use PHP-based tool HTML Purifier on a textbox to prevent xss but I would like to allow the following:

  1. basic tags like <b>,<i>,<u>
  2. links
  3. images

I would like to block all CSS and JavaScript. I just tried HTML Purifier and it failed on this case. Just see this example. How can I take care of this?

Also I would want all words of the form #abcd and @abcd to be replaced with custom html (as you would have guessed it a link). Is it possible with this or do I have to do my own replace?

php html htmlpurifier
Original Q&A
3

There are 3 best solutions below

1
SergeS On

Regular expressions and e modifier


function checkTag( $tag ) {
  $tag = removeslashes( $tag );

  ...

  return $secureTag;
}

$html = preg_replace( "/<[^>]+>/e", " checkTag( '\$0' )", $input );
3
gnur On

PHP has a built-in function that seems to do exactly what you want.

http://php.net/manual/en/function.strip-tags.php

It even has a whitelist feature so it can allow some tags.

For the #abcd and the @abcd part I think you will have to use a preg_replace() for that. I have used a similar function and it does the @abcd part very well :).

$sClickText = preg_replace("/\@([a-zA-Z0-9_])+/",' <a href="#reply" onClick="reply(\'' . "$0" . '\')">' . "$0" . '</a>',$sInputText);
1
Edward Z. Yang On

Set HTML.Allowed to something like b,i,u,a[href],img[src|alt]

See here.

Related Questions in PHP

Related Questions in HTML

Related Questions in HTMLPURIFIER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.