Config of HTML Purifier

Yes. HTML Purifier is designed to work out-of-the-box and be safe.

Great, thanks!

the default setup is disallowing img tags for me. What's the easy way to allow it? As far as I understand, 'allowed elements' require full list of valid tags + all their attributes, that's rather big list and I don't know where I can get prepared one. And I need just to add one img to html purifier setup.

Images should be allowed by default. Do you have any alternate modules turned on?

Hi! I'm trying to configure HTML Purifier to allow some of the elements that TinyMCE (unfortunately) utilizes, namely "a name=" anchors, and "a target=" for opening links in new windows (despite their deprecated status) and am having a bear of a time getting it to work. The advanced HTML Purifier setting allows for a whole bunch of config options but I seem to be unable to make it do what I'd like. I did search the HTML Purifier forum itself, but their method of configuring filters involves calling methods directly on an instantiated htmlpurifier object.

I did see that there is a spot for config files in modules/htmlpurifier/config ... I assume from the comments that I'd just copy the sample.php to, say, 1.php and then call my various $config->set(...) functions in the htmlpurifier_config_N($config) method. It's unclear to me though whether these config changes even take effect -- or if and how they intermingle with the changes made using the GUI. If somebody who's done this can shed some light on the process it would be greatly appreciated. Thanks in advance!

Additionally, using the GUI, I've added both AllowedFrameTargets (_blank, _self, _parent, etc) and below it, AllowedRel (external) and despite this, both seem to be stripped out during the filtering of the page. Doctype is set to XHTML 1.0 transitional.

Do you have any other filters enabled? Have you tried clearing the cache? It should work.

No other filters are enabled, and I've cleared the cache a number of times -- is it possible as mentioned above to override the settings in the GUI with a configuration file (filter #).php ?

I'd still like to see some documentation as per the initial request. For instance, it's hard for me to figure out whether or not I need to put both opening and closing tags in the ForbiddenAttributes box. For instance, I want to disable the font tag.

Do I put

Do I separate by commas, spaces, or carriage returns? It's not working anyway I do it, but I can't figure out if that's because I don't know how to use it or its broken. Yes, I cleared the cache.

What are the values of HTML.Allowed, HTML.AllowedAttributes and HTML.AllowedElements?

I got it working by putting quotes like this

Don't know which did the trick. I'll follow up later. Also, clearing the cache didnt' clear the filter cache. Resaving the node, however, did.

For the record, font w/o the double-quotes should be the correct value. I'm reclassifying this as a bug and seeing if I can reproduce.

BTW, Drupal probably maintains a cache separate from HTML Purifier's. I should probably clarify this.

I've got that question exactly #6 - htmlpurifier is removing some of my id="blah" tags from my images. i too have found the $cofig stuff and sample.php, but haven't been able to work out how/where/what and when. Have you solved your issues?