Allowing full html to be parsed in HTMLPurifier

Question

This is a problem I've had for a long time - I currently accept a full html page from the user as input and want to filter / clean it out. the problem with HTMLpurifier is that it removes the head , html , and body tags - as well as the styles in the head. I've google , looked at the forums , tried implementing what was written , and to no luck. Can someone help ?

What I want : To keep the HTML , HEAD , STYLE , BODY TAGS

What I have done :

$config->set('HTML.DefinitionID', 'test');
    $config->set('HTML.DefinitionRev', 1);
    $config->set('HTML.AllowedElements', array('html','head', 'body', 'style', 'div', 'p'));    

    if ($def = $config->maybeGetRawHTMLDefinition()) {
        $def->addElement('html', 'Block', 'Inline', 'Common', array());
        $def->addElement('head', 'Block', 'Inline', 'Common', array());
        $def->addElement('style', 'Block', 'Inline', 'Common', array());
        $def->addElement('body', 'Block', 'Inline', 'Common', array());

    }

You basically need to change the whitelist to allow more stuff. Have you read htmlpurifier.org/docs#toclink1? — deceze♦
The purifier strips out several things but you don't say what you want to strip with it and what you expect the outcome to be. Please clarify your question and show us what you have tried. — Jay Blanchard

MilanG MilanG · Accepted Answer · 2014-07-01T14:13:57

Why not use strip_tags? It supports list of allowed tags.

http://www.php.net/manual/en/function.strip-tags.php

Allowing full html to be parsed in HTMLPurifier

3 Answers