search

xemlock / htmlpurifier-html5

HTML5 support for HTMLPurifier
https://packagist.org/packages/xemlock/htmlpurifier-html5
MIT License
101 stars 12 forks source link

Add module toggles #32

Closed xemlock closed 4 years ago

xemlock commented 5 years ago

Currently toggling modules is not granular enough - there is only one switch (HTML.Trusted) which enables all unsafe modules. And there is no way of enabling Forms module without also enabling Scripting. You can do something like the following, but it's not convenient and seems like a dirty override:

$config = new HTMLPurifier_HTML5Config::create([
    'HTML.Trusted' => true,
    'HTML.ForbiddenElements' => ['script', 'noscript'],
]);

Related to ezyang/htmlpurifier#213.

bytestream commented 4 years ago

It's cumbersome but you can do this using HTML.AllowedModules. List all the modules you want to allow and any not listed will be removed.

xemlock commented 4 years ago

Closing, as %HTML.Forms config flag is sufficient for now.