Give better information about what HTML is allowed [#925300]

Comment #1

ezyang commented 19 January 2011 at 15:01

Version:

6.x-2.3

» 7.x-2.x-dev

Log in or register to post comments

Comment #2

aanjaneyam commented 24 January 2011 at 19:54

Hi, I am totally new to html purifier and the way it works. I just installed html purifier on my site for the first time. I am using ckeditor with wysiwyg module. After installing and editing some exiting content I found that there are lots unnecessary stuff (particularly empty divs and

) - during editing I pasted some stuff and also used remove format button of ckedior to remove formatting of the source of data. After removing these stuff the existing layout was still intact. So it meant the lines deleted were unnecessary. Why didn't it get removed by remove format button. Shouldn't htmlpurifier have sanitised them.

The above was just an idea of what's happening and what's going on in my mind. My actual question is as below:

The readme.text and other webpages like http://drupal.ckeditor.com/filters?page=6 suggest the following allowed tags for ckeditor:

<a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol>
<li> <dl> <dt> <dd> <table> <caption> <tbody> <tr> <td> <em> <b> <u> <i> <strong> <del> <ins>
<sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <param> <strike>

and then they go on to suggest that with above tag list we wshould use htmlpurifier as html filter instead of default html filter.

when using the above allowed tag list with drupal default HTML filter most garbage was getting stripped. I started using htmlpurifier because I wanted to use inline styles. Now how to implement the above tag list in htmlpurifier. Sould I just put them in "Allowed" box on text format settings page. When putting the above list will other tags get stripped. Is there any other thing that can be done to cleanup. Also htmlprurifier website states the format of using allowed list as a,p,code,span,div,..... would this work in htmlpurifier drupal module.

Like the list stated above is there any other suggest or recommended list of allowed tags to be used in the scenario of drupal +ckeditor+htmlpurifier module. If yes what is that how it should be implemented.

Thanks

Log in or register to post comments

Comment #3

bryancasler commented 26 January 2011 at 07:35

subscribe

Log in or register to post comments

Comment #4

aanjaneyam commented 11 February 2011 at 12:03

Could we please have some input on the issue.

Log in or register to post comments

Comment #5

Donaldd commented 23 February 2011 at 16:16

subscribing

Log in or register to post comments

Comment #6

ADrupalUser commented 15 March 2011 at 22:04

subscribing

Log in or register to post comments

Comment #7

epiphanydigital commented 19 May 2011 at 18:48

I'd love to see a way to add the "scope" attribute for 508 compliance to tds and th.

Log in or register to post comments

Comment #8

temaruk commented 1 September 2011 at 13:20

I added this list to the AllowedElements box under HTML, formatted according to http://htmlpurifier.org/live/configdoc/plain.html#HTML.AllowedElements .

After saving the configuration I receive these warnings:

User warning: Element 'map' is not supported (for information on implementing this, see the support forums) in HTMLPurifier_HTMLDefinition->setupConfigStuff() (line 265 of /var/www/datasift/sites/all/libraries/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php).
User warning: Element 'area' is not supported (for information on implementing this, see the support forums) in HTMLPurifier_HTMLDefinition->setupConfigStuff() (line 265 of /var/www/datasift/sites/all/libraries/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php).
User warning: Element 'quote' is not supported (for information on implementing this, see the support forums) in HTMLPurifier_HTMLDefinition->setupConfigStuff() (line 265 of /var/www/datasift/sites/all/libraries/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php).
User warning: Element 'embed' is not supported (for information on implementing this, see the support forums) in HTMLPurifier_HTMLDefinition->setupConfigStuff() (line 265 of /var/www/datasift/sites/all/libraries/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php).
User warning: Element 'object' is not supported (for information on implementing this, see the support forums) in HTMLPurifier_HTMLDefinition->setupConfigStuff() (line 265 of /var/www/datasift/sites/all/libraries/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php).
User warning: Element 'param' is not supported (for information on implementing this, see the support forums) in HTMLPurifier_HTMLDefinition->setupConfigStuff() (line 265 of /var/www/datasift/sites/all/libraries/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php).

?

Log in or register to post comments

Comment #9

ezyang commented 28 January 2012 at 20:24

temaruk, that is a different issue, please file a different bug.

Log in or register to post comments

Comment #10

alauddin commented 8 January 2014 at 13:20

Hi,

To configure html purifier you can follow these steps for say 'filtered text' format in drupal

1) disable - limit allowed html tags

<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>

2) Now enable html purifier and configure 'allowed' html elements using a comma separated list

like so

a[href|title],em,strong,cite,blockquote,code,ul,ol,li,dl,dt,dd,*[style],p,br

3) make sure html purifier is at the bottom of your overall enabled filters for this drupal text format.

you can see my blog post here for screenshot of settings page.
http://ilovedrupal.com/blog/html-purifier-configuration-drupal-7-ckeditor

Take care.