The Elgg Community: HTML Purifier for Elgg 1.8

toolbar_logo graphic

Tools

Log in

Home Plugins Groups Discussion

Project Info

Stats

Category: Third Party integrations
License: GNU General Public License (GPL) version 2
Updated: 2011-5-24
Downloads: 533

Releases

Author Recommended: 1.1 (359 days ago)

Previous releases:

1.0 (360 days ago)

Other Projects

Evan Winslow's plugins:

back to plugins

HTML Purifier for Elgg 1.8

Evan Winslow

by Evan Winslow
First uploaded 360 days ago

security, filtering, input, validation, xss, htmlpurifier, validation, spam, nofollow

0

Recommendations

Summary:

Provides alternative support to HTMLawed for filtering user input

Full description:

This plugin provides alternative support to HTMLawed for filtering user input. It is supposedly more secure, but also probably slower. That means you should be able to safely disable the HTMLawed plugin as long as you enable this one. Of course, it would be wise to TEST THIS PLUGIN BEFORE RELYING ON IT to make sure I didn't make a mistake that leaves your site vulnerable.

This plugin ships with the default configuration of HTMLPurifier. If you'd like to customize this configuration in an upgrade-safe way, you can use the provided plugin hook like so:

elgg_register_plugin_hook_handler('config', 'htmlpurifier', 'foo');

function foo($hook, $type, $config) { $config->set(...); return $config; }

See http://htmlpurifier.org for details about configuring HTML Purifier as well as comparisons with other filtering tools.

Features

Discourage spam by adding rel=nofollow to links
Protect your site by filtering user input for XSS and other attacks
Clean up user input to keep your pages HTML valid

Download plugin

Release notes:

Now configured by default to add rel=nofollow to links.

Compatible Elgg Version: 1.8

Stumpy

JUst curious, does HTMLawed not protect agains XSS attacks too?

Stumpy 73 days ago

| About | Terms | Privacy |

Powered by Elgg, the leading open source social networking platform