HTMLPurifier

high-quality, standards-compliant, open-source

Created by: laetzer, Last modification: 09 Mar 2010 (22:42 UTC) by spiderr

About

This filter uses Open Source Software HTMLPurifier to cleanup the HTML submitted to your site and ensure that it is standards compliant and does not contain anything malicious. It is also used to ensure that the various places that input is split for previews does not cause bad markup to break the page. This filter is highly recommended if you are allowing HTML but is still good for sites that are not using thse formats for the ability to cleanup markup which has been split for preview properly though this may disable certain plugins that insert non standards compliant code. See also HTMLPurifier Filter Options.

Installation

You can either
  • Install HTML Purifier using PEAR. Normally, PEAR modifies your php.ini to include all libraries installed with PEAR. If you install HTML Purifier via PEAR you don't have to do anything extra.
    
    pear channel-discover htmlpurifier.org;
    pear install hp/HTMLPurifier;
  • Or download HTML Purifier from htmlpurifier.org and unpack it somewhere on your server. You must then make sure that the library is in your include_path. Two methods are described below. In short, you can either
    • modify your server's php.ini,
    • or modify your bitweaver's config_inc.php, assuming your php.ini allows using ini_set.

Including the library

Modifying php.ini

One option is to edit your php.ini file (often /etc/php.ini but location will vary based on your server). Inside that file is a directive section for Paths and Directories. By default include_path is set to ".:/usr/local/lib/php". Modify that line to include the path to where you installed HTML Purifier

php.ini


<?php
include_path 
= .:/usr/local/lib/php:/path/to/HTMLPurifier
// the above must be entered all on one line, with no linebreaks.
?>


Modifying config_inc.php

The other option is to add an ini_set to your kernel/config_inc.php to modify this path at runtime:

kernel/config_inc.php


<?php
ini_set
("include_path"ini_get("include_path").":/path/to/HTMLPurifier");
?>


More Info

This may or may not work depending on the configurations in your php.ini. See ini.php for more information.