Skip to content Skip to sidebar Skip to footer
Home / Htmlpurifier / Php

Allowing Data-* Attributes With Htmlpurifier

Post a Comment
Currently I am using this code with HTMLPurifier to allow data-* HTML tag attributes: $def = $config->getHTMLDefinition(true); $def->addAttribute('div', 'data-aaa', '

Solution 1:

It's not a full solution, but I was able to globally white-list individual data- attributes with the follow code, allowing them to be placed on any element without having to itemize each element type for each attribute.

$def = $config->getHTMLDefinition(true);
$def->info_global_attr['data-aaa-xxx'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-bbb-yyy'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-ccc-zzz'] = new HTMLPurifier_AttrDef_Text;

Solution 2:

Nope, it's not possible without modifying the validate attributes strategy.

Solution 3:

This coded can be improved, but I altered the AttrValidator.php I added the following function:

/*=======================================
    ==--    LLS start wildcard handling
    ==--
    ==--    data-*          ^data-(((?![\s=]).)+)
    =========================================*/privatefunctioncheckWildCardAttributes($deflist, $attr_key, $value, $config, $context) {
        $result = false;
        foreach ($deflistas$def_key => $def_value) {
            if (strpos($def_key, '*') !== FALSE) {
                // found a wildcard// does wildcard match this attr$re = implode('(((?![\s=]).)+)',explode("*",$def_key));
                preg_match('#^'.$re.'#',$attr_key,$wcout);
                if (count($wcout)>0) {
                    // the attribute matched against the wildcard definition$result = $deflist[$attr_key]->validate(
                        $value,
                        $config,
                        $context
                    );
                    break;
                }
            }
        }
        return$result;
    }

in the function validateToken find the following line:

// put the results into effect

Just before this line add this:

/*=======================================
                ==--    start wildcard handling
                =========================================*/if (!$result) {
                    // definitions$result = $this->checkWildCardAttributes($defs, $attr_key, $value, $config, $context);
                    if (!$result) {
                        // global definitions$result = $this->checkWildCardAttributes($d_defs, $attr_key, $value, $config, $context);
                    }   
                }   
                //=======================================// put the results into effectif ($result === false || $result === null) {

After this you can use * wildcards in your attribute definition. example:

// See: AttrValidator.php in the HTMLPurifier for the wildcard addition$def->info_global_attr['data-*'] = new HTMLPurifier_AttrDef_Text;

Like i said, it can be improved... but it does the job :)

Have fun....

Post a Comment for "Allowing Data-* Attributes With Htmlpurifier"