I am using htmlpurifier to clean up user content. I am trying to remove inline style attributes like
<div style="float:left">some text</div>
I want to remove the whole style attribute.
How to do it using htmlpurifier?
You can tweak the AllowedProperties configuration by passing it an array of valid css attributes that should not be removed (white-list approach).
However, the following should remove all css attributes
$config->set('CSS.AllowedProperties', array());
See this online demo of purifying your input html
Related
I am working on mpdf and it is a good library to convert html page to pdf, but when I put block element e.g <div><p> inside table cell it doesn't behave like a block element, it behaves like inline element.
code:
<td><div>Block Element</div></td>
or
<td><p>Block Element</p></td>
Is there a way to make it block element?
Or should I use other library?
Thanks in advance.
Looking for solutions to the same problem I just realized that according to the documentation, it's not a bug, it's a feature limitation:
Block-level tags (DIV, P etc) are ignored inside tables, including any
CSS styles - inline CSS or stylesheet classes, id etc. To set text
characteristics within a table/cell, either define the CSS for the
table/cell, or use in-line tags e.g. <SPAN style=”…“>
Seems like there's currently no way around it.
In my case I had to use s to indent (fake-center) a <h4> headline.
See https://mpdf.github.io/tables/tables.html
I am using CK Editor 4.5 as text editor in my form.
I have pasted my html code including "style" tags to the editor. But when saving the data it automatically removes the style tags from the code.
I have tried to turn off Automatic Content Filtering by add this to config file
config.allowedContent = true;
But it still remove the style tags. The editor also removes the text color, text align styles added.
How can i add style tags using CK Editor.?
My apologies. Its not the issue of ckeditor.
I am using codeigniter for server scripts. It removes inline style on form submit.
I'm using Rails and met the same issue, it turns out that I'm using sanitize to render content, which will remove the inline styles.
I have a Wordpress site which displays the post's content using
<?php the_content(); ?>
there are images and text in the content which all get outputted in < p > tags
I want to style the margins/padding of the images and text differently. I can target the images but when I apply styles to the text, they affect the images as well.
The only options I can think of are using - margins (but that will cause problems later) and putting all text in block quotes but that will remove that functionality for future use.
can i 'pull out' the images and/or text out of the_content and display them another way?
HTML - currently
<div class="row">
<?php the_content(); ?>
</div><!-- /row -->
You can do it in several ways:
My prefered one is the follow:
Let's say that you have a div with a css class (i.e.: content wrapper)
So it will look like this:
<div class="contentWrapper">
My amazing conent <img src="amazing.jpg"/> <p>testing paragraph</p>
</div>
So in this example you can use simple css selectors to make any change that you want for the elements under contentWrapper i.e.:
.contentWrapper img, .contentWrapper p{
margin-right: 5px;
}
Another - but much dirtier way is using regex to replace some tags.
It's not a good practice at all, so I don't thing there is a point of an example.
Good luck!
Basically two sane ways to go about this:
Modify the existing CSS and tune it to target both the elements and the classes more precisely. That's the easier way.
Capture the output of the_content(); into a variable and then use preg_replace() etc. to modify the content. Or use a proper DOM parser in PHP to do the same. More work here.
(Use Javascript to modify the DOM after it's loaded. Less elegant approach.)
Use preg_replace to pull the images, remove the <p> tags and replace them with something else.
function filter_content_images($content) {
return preg_replace('/<p>\\s*?(<a .*?><img.*?><\\/a>|<img.*?>)?\\s*<\\/p>/s', '<div class="content-image">\1</div>', $content);
}
add_filter('the_content', 'filter_content_images');
This will remove them and replace with which you can then mini
I am using ckeditor for codeigniter project, when i try to add span tags it's getting replaced with p tag.
Is there any way to add span tag using ckeditor?
Do you have XSS filter turned on in the config file? It removes some "illegal" tags from your POST input.
Try this
I am using CKEditor to let the user post their comments. I thought to use the htmlpurifier to secure my html. But when I tried it, it actually removes all the formatting done by CKEditor.
The CKEditor generated the following html
<div class="originalpost"><span style="color:#B22222;">
<em><u><strong><span style="font-size:250%;">
This is Pakistan</span></strong></u></em></span></div>
After purifying with htmlpurifier the html became like this
<div class=""originalpost""><span><em><u><strong>
<span>This is Pakistan</span></strong></u></em></span></div>
It actually removes all the inline css styles and also class=""originalpost"" is not understand able.
I have used the following way to purify the html with htmlpurifier
require_once("path\HTMLPurifier.auto.php");
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$html = "xyzhtml";
$clean_html = $purifier->purify($html);
I want to keep the user formatting, How can I configure htmlpurifier to keep the user formatting also don't change the inline css.
It actually removes all the inline css styles
Inline styles are indeed dangerous - JavaScript can be injected into them using url(), IE's dodgy expression() and browser-specific behavioural extensions.
HTMLPurifier can parse inline styles and filter the dangerous properties and values. You can turn this on by including style in your whitelisted attributes.
$config->set('HTML.AllowedAttributes', '*.style, ...');
style is not included in the default attribute list because parsing styles is a lot of extra complexity (with accompanying chance of bugs) and most applications don't need it.
You can configure the properties that are permitted using %CSS.AllowedProperties if you wish.
I can't reproduce the " problem but certainly ensuring PHP's magic_quotes_gpc option is turned off is an all-round good thing...
I bet that you need to turn off Sybase quotes.