HtmlPurifier
[Text]
Cleans HTML and removes malicious code. More...
Classes |
|
| class | ConverterHtmlPurifier |
| Convert HTML to purified HTML. More... |
|
| class | ConverterHtmlPurifierAutoParagraph |
| Convert HTML to purified HTML, automatically
inserting paragraphps. More... |
|
| class | DBFieldTextHtmlPurified |
| A DB Text field
holding HTML that automatically gets purified before it is written
to DB. More... |
|
Detailed Description
Cleans HTML and removes malicious code.
Installation
On install, this module created directories
- htmlpurifier/CSS
- htmlpurifier/HTML
- htmlpurifier/URI
in the application's temp directory with permissions set to 777. These directories must be writable by the web server.
Usage
$clean = ConverterFactory::encode($dirty, CONVERTER_HTMLPURIFIER);
You may pass HtmlPurifier specific parameters like this:
$clean = ConverterFactory::encode($dirty, CONVERTER_HTMLPURIFIER, array('HTML.TidyLevel' => 'heavy'));
For a list of possible values see http://htmlpurifier.org/live/configdoc/plain.html
There is already a preconfigured converter solving the common problem to convert HTML without paragraphs like created by most CMS into valid HTML. This not only uses the AutoFormat.AutoParagraph configuration directive but tries to normalize line breaks before. This converter ias available as CONVERTER_HTMLPURIFIER_AUTOPARAGRAPH.
$clean = ConverterFactory::encode($dirty, CONVERTER_HTMLPURIFIER_AUTOPARAGRAPH);
Of course you may also pass additional parameters.
The module comes with a DBField that purifies its content before storing it in the database. This is deprecated in favour of the more flexible DBFieldTextHtml that comes with the text.html package.
The module sets the edit fallback conversion of HtmlRules to purifing without tidying, and storage and output conversion to default Purifier.
Additional notes
HTML Purifier is released under GNU Lesser General Public License.
The version contained within this module is 4.2
- See also:
- http://htmlpurifier.org/