HTML Purifier

Warning: This plugin has't been updated in over 54 years. It may no longer be maintained.

What you can do to help:

Provides alternative support to HTMLawed for filtering user input

Last updated

 

This plugin provides alternative support to HTMLawed for filtering user input.  It is supposedly more secure, but also probably slower.  That means you should be able to safely disable the HTMLawed plugin as long as you enable this one.  Of course, it would be wise to TEST THIS PLUGIN BEFORE RELYING ON IT to make sure I didn't make a mistake that leaves your site vulnerable.

This plugin ships with the default configuration of HTMLPurifier. If you'd like to customize this configuration in an upgrade-safe way, you can use the provided plugin hook like so:

elgg_register_plugin_hook_handler('config', 'htmlpurifier', 'foo');

function foo($hook, $type, $config) {    $config->set(...);     return $config; }

See http://htmlpurifier.org for details about configuring HTML Purifier as well as comparisons with other filtering tools.

Features

 

  • Discourage spam by adding rel=nofollow to links
  • Protect your site by filtering user input for XSS and other attacks
  • Clean up user input to keep your pages HTML valid

Evan Winslow

Software Engineer at Google. Elgg enthusiast. I wrote the Javascript and CSS frameworks for 1.8.

Stats

  • Category: Third Party integrations
  • License: GNU General Public License (GPL) version 2
  • Updated: 1970-1-1
  • Downloads: 2006
  • Recommendations: 3

Other Projects

View Evan Winslow's plugins