Question on style, it's threat and text alignment
| Project: | HTML Purifier |
| Version: | 6.x-2.0 |
| Component: | Documentation |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Ok, i'm sorry if I'm just really tired, or just really stupid. But I've just spent two hours doing what I thought would be really simple and I just don't seem to get it. I can't find anything that seems to click, so i'll ask here. Feel free to yell at me, but can someone provide a simple, plain answer to this??
Can you get HTML purify to allow p style="text-align: right;"> or other text align attributes without any major security risk??
I've seen this question around a lot tonight, trying to get the safest way to use TinyMCE and FCeditor and still allow some sort of text alignment. the Answers are either "it's answered here" where it isn't answered at all beyond "go read this" which never really answers the question.
Maybe i'm just being dense. When I tried to allow style in HTML purifier in allowed HTML, it just blew up and stopped allowing any of the tags in the allow list. Once i went to defaults again, i can do just about all I need to allow regular users to do,
#1
arg, and forgot to code this grrrr. and no edit
<p> <strike> <strong> <u> <blockquote> <hr> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>#2
By default, HTML Purifier should allow CSS, and thus should allow text-align:right. Try it!
#3
it's not allowing anything. So, sorry to suck up time, but let me ask this, start from the begining and see if I have this right. Something weird is going on, maybe you all can help me grasp this. Seems like it should be simple but i'm just being thick headed for some reason. So...
Input Format = User
Filter Ordering: (only three filters enabled)
URL filter
HTML Purifier (basic version / defaults)
HTML corrector
Results in this:
<p><strong>test</strong></p><p style="text-align: center;"><em>test</em></p><p style="text-align: right;"><u>test</u></p><ul><li>test</li><li>test</li><li>test</li><li>test</li></ul><p>test</p>Output as: testtesttesttesttesttesttesttest
I've tried a bunch of different combos, and when using the drupal html filter, I can get what I want save for the styles. I wanted to do html purifier because it sounded more secure, but whenever I enable it, seems with any settings at all, it strips all tags.
#4
Get rid of "HTML corrector". You don't need it anymore.
#5
Ok, so seems i'm making progress. Thanks ezyang!!
I don't really know what the deal is, but removing html corrector didn't help either so i finally just made a new input filter, made it identical to the old one and it all works. Something went wrong somewhere. But, it's working now so whatever!
One last question? If you'd be so kind. Looks like purifier will do that, but i've not figured out how yet.
Let's say, I wish to not allow tables and divs. Is there a way to take td and rewrite it to
? same with div? I have some imported content and it's in table format, so purifier is working well in removing the tables, but they are all inline now. Seems the filter part should do that, but i'm just not grasping it. I'll learn though, now that its working!
#6
seems like tidy will do a tag transform, but i can't figure out the array to send it. I know i'm asking for something complicated, and I can probably figure it out on my own, but any ideas?? the HTML Purifier site is well documented, if you are writing your own code, and poking around the library seems very expandable. Just hoping it's as simple as sticking in tidy add something like (td,p)
Seems like it's already doing something like this, but it's creating empty p tags, then of course, if I turn on "remove empty" it takes them out and we are right back where we started.
#7
Hmm, why can't you just allow tables? No one has done what you want to do before, so there's no easy option to get this behavior; you'll have to write a smidge of code.
#8
I found another way to do it, so I can just use the defaults and allow tables.
Thanks again ezyang, I really appreciate your help. Great support and great module. I look forward to playing with it more. Thanks for keeping us all safer!!