About HTML Purifier (Core)

HTML sanitization and validation for ProcessWire. Serves as a front-end to the HTML Purifier software.

Category 1Markup Generation
Markup modules that are called upon to generate or parse markup (like HTML). Markup modules are most often used on the front-end of a site (rather than admin).
Category 2Core Modules
Core modules are those already included with the ProcessWire core, but not necessarily installed. Most modules listed here can be installed by going to the modules screen and clicking "install" next to the module name.
Release StateStable
Should be safe for use in production environments. *
Authorryan
Module Version1.0.3
Class NameMarkupHTMLPurifier
Compatibility2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0
Date AddedMarch 8, 2013
Recommended ByNew recommendations may take up to 1 day to appear.

Details

"HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications."htmlpurifier.org

Usage

Code:
$purifier = $modules->get('MarkupHTMLPurifier');$cleanHTML = $purifier->purify($dirtyHTML);

To specify custom settings to HTML Purifier, perform set() calls before calling purify(). For example, UTF-8 encoding is assumed, so if you wanted ISO-8859-1 instead, you'd do:
Code:
$purifier->set('Core.Encoding', 'ISO-8859-1');

Full list of HTML Purifier config options

Updates

The version number of this module represents the version number of HTML Purifier. I will do my best to keep this module up-to-date with the HTML Purifier version. But before installing this module, you may want to check if a newer version of the HTML Purifier software is available from the HTML Purifier downloads page.

We are using the standalone distribution of HTML Purifier. To update it, download the latest standalone distribution and replace the htmlpurifier directory with the new version you downloaded.

Instructions

This is a core module and thus is already included with ProcessWire. Assuming you are running the latest version of ProcessWire, you can install this module by going to the Modules admin screen and clicking the "install" button next to this module.

README

HTML Purifier module for ProcessWire

HTML sanitization and validation for ProcessWire. Serves as a front-end to the HTML Purifier software.

From htmlpurifier.org:

"HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications."

Usage

$purifier = $modules->get('MarkupHTMLPurifier');
$cleanHTML = $purifier->purify($dirtyHTML);

To specify custom settings to HTML Purifier, perform set() calls before calling purify(). For example, UTF-8 encoding is assumed, so if you wanted ISO-8859-1 instead, you'd do:

$purifier->set('Core.Encoding', 'ISO-8859-1'); 

Full list of HTML Purifier config options

Install

  • Place the files from this module in /site/modules/MarkupHTMLPurifier/
  • In ProcessWire Admin > Modules, click check for new modules, and click install.

Updates

The version number of this module represents the version number of HTML Purifier. I will do my best to keep this module up-to-date with the HTML Purifier version. But before installing this module, you may want to check if a newer version of the HTML Purifier software is available from the HTML Purifier downloads page.

We are using the standalone distribution of HTML Purifier. To update it, download the latest standalone distribution and replace the htmlpurifier directory with the new version you downloaded.


HTML Purifier by Edward Z. Yang (http://htmlpurifier.org)

ProcessWire module by Ryan Cramer (http://processwire.com)

Comments

No comments yet. Be the first to post!

Post a Comment

Your e-mail is kept confidential and not included with your comment. Website is optional.