-
Feb 25th, 2012, 12:44 AM
#1
Thread Starter
Hyperactive Member
CKEditor And HTMLPurifier
Hi! I'm using HTMLPurifier to filter output of CKEditor. I want all format created by CKEditor remains, but without Malicious codes! I used following:
Code:
function cleanhtml($htmltext){
include_once('../include/htmlpurifier/library/HTMLPurifier.auto.php');
$config = HTMLPurifier_Config::createDefault();
//$config->set('HTML.TidyLevel', 'medium');
$config->set('Core.Encoding', 'UTF-8');
$config->set('HTML.Doctype', 'HTML 4.01 Transitional');
// Block images coming from remote host
$config->set('URI.DisableExternalResources', true);
$config->set('HTML.Trusted', 'true');
// Purify html
$purifier = new HTMLPurifier($config);
// get the purified html
$html = $purifier->purify($htmltext);
return $html;
}
But It removes formatting totally! I want all formats created by CKEditor Preserved (Not Removed). Tables, Spans, Fonts, color...etc
Thank's in advance
-
Feb 25th, 2012, 12:47 AM
#2
Thread Starter
Hyperactive Member
Re: CKEditor And HTMLPurifier
I tried appending this line:
$config->set('HTML.Allowed','span[style],table,font');
but all formats still removed even in:
<span style="background-color: rgb(255, 0, 0);">
background color removed!
-
Feb 28th, 2012, 01:05 PM
#3
Thread Starter
Hyperactive Member
Re: CKEditor And HTMLPurifier
If anybody have any other method to use CKEditor and the same time protect the website from XSS. Please, tell me the way!
Thank's in advance
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|