Log in

Stats

  • Category: Third Party integrations
  • License: GNU General Public License (GPL) version 2
  • Updated: 2013-7-17
  • Downloads: 1148
  • Recommendations: 2

Releases


Previous releases:

Other Projects

View Evan Winslow's plugins

HTML Purifier for Elgg 1.8

Provides alternative support to HTMLawed for filtering user input

Last updated 1066 days ago

 

This plugin provides alternative support to HTMLawed for filtering user input.  It is supposedly more secure, but also probably slower.  That means you should be able to safely disable the HTMLawed plugin as long as you enable this one.  Of course, it would be wise to TEST THIS PLUGIN BEFORE RELYING ON IT to make sure I didn't make a mistake that leaves your site vulnerable.

This plugin ships with the default configuration of HTMLPurifier. If you'd like to customize this configuration in an upgrade-safe way, you can use the provided plugin hook like so:

elgg_register_plugin_hook_handler('config', 'htmlpurifier', 'foo');

function foo($hook, $type, $config) {    $config->set(...);     return $config; }

See http://htmlpurifier.org for details about configuring HTML Purifier as well as comparisons with other filtering tools.

Features

 

  • Discourage spam by adding rel=nofollow to links
  • Protect your site by filtering user input for XSS and other attacks
  • Clean up user input to keep your pages HTML valid

Release Notes:

Now configured by default to add rel=nofollow to links.

Comments

  • Stumpy 780 days ago

    JUst curious, does HTMLawed not protect agains XSS attacks too?

  • Steve Clay 579 days ago

    @Stumpy Yes, Htmlawed removes XSS attacks, but is inferior in theory due it not being a full parser. Google for more. It's fine in practice though, and Htmlawed has a significant performance advantage to consider.