Results 1 to 3 of 3

Thread: CKEditor And HTMLPurifier

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2005
    Posts
    265

    CKEditor And HTMLPurifier

    Hi! I'm using HTMLPurifier to filter output of CKEditor. I want all format created by CKEditor remains, but without Malicious codes! I used following:
    Code:
    function cleanhtml($htmltext){
    	include_once('../include/htmlpurifier/library/HTMLPurifier.auto.php');
    	$config = HTMLPurifier_Config::createDefault();
    	//$config->set('HTML.TidyLevel', 'medium'); 
    	$config->set('Core.Encoding', 'UTF-8');
    	$config->set('HTML.Doctype', 'HTML 4.01 Transitional');
    	// Block images coming from remote host 
    	$config->set('URI.DisableExternalResources', true);
    	$config->set('HTML.Trusted', 'true');
    	
    	// Purify html 
    	$purifier = new HTMLPurifier($config);
    	// get the purified html 
    	$html = $purifier->purify($htmltext);
    	return $html;
    }
    But It removes formatting totally! I want all formats created by CKEditor Preserved (Not Removed). Tables, Spans, Fonts, color...etc

    Thank's in advance

  2. #2

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2005
    Posts
    265

    Re: CKEditor And HTMLPurifier

    I tried appending this line:
    $config->set('HTML.Allowed','span[style],table,font');

    but all formats still removed even in:
    <span style="background-color: rgb(255, 0, 0);">

    background color removed!

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2005
    Posts
    265

    Re: CKEditor And HTMLPurifier

    If anybody have any other method to use CKEditor and the same time protect the website from XSS. Please, tell me the way!
    Thank's in advance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width