HTML Purifier
Warning: This plugin has't been updated in over 11 years. It may no longer be maintained.
What you can do to help:
- Submit a pull request to update the plugin code
- Request to become the new maintainer of the plugin
Provides alternative support to HTMLawed for filtering user input
| Elgg | Release | Download | Date | Links |
| 1.8 | 1.1 | () | 2011-May-24 | |
| 1.7 | 1.0 | () | 2011-May-23 |
This plugin provides alternative support to HTMLawed for filtering user input. It is supposedly more secure, but also probably slower. That means you should be able to safely disable the HTMLawed plugin as long as you enable this one. Of course, it would be wise to TEST THIS PLUGIN BEFORE RELYING ON IT to make sure I didn't make a mistake that leaves your site vulnerable.
This plugin ships with the default configuration of HTMLPurifier. If you'd like to customize this configuration in an upgrade-safe way, you can use the provided plugin hook like so:
elgg_register_plugin_hook_handler('config', 'htmlpurifier', 'foo');
function foo($hook, $type, $config) { $config->set(...); return $config; }
See http://htmlpurifier.org for details about configuring HTML Purifier as well as comparisons with other filtering tools.
Features
- Discourage spam by adding rel=nofollow to links
- Protect your site by filtering user input for XSS and other attacks
- Clean up user input to keep your pages HTML valid
Evan Winslow
Project Info
Stats
- Category: Third Party integrations
- License: GNU General Public License (GPL) version 2
- Updated: 2014-11-17
- Downloads: 2001
- Recommendations: 3
Other Projects
View Evan Winslow's plugins