forked from extern/egroupware
8f797be836
- can be used via html class like: $clean_html = html::purify($html); - using it now in eTemplate to remove malicious code from html: a) when displaying "formatted text" b) when "formatted text" get's input by the user
19 lines
696 B
Plaintext
Executable File
19 lines
696 B
Plaintext
Executable File
HTML.AllowedElements
|
|
TYPE: lookup/null
|
|
VERSION: 1.3.0
|
|
DEFAULT: NULL
|
|
--DESCRIPTION--
|
|
<p>
|
|
If HTML Purifier's tag set is unsatisfactory for your needs, you
|
|
can overload it with your own list of tags to allow. Note that this
|
|
method is subtractive: it does its job by taking away from HTML Purifier
|
|
usual feature set, so you cannot add a tag that HTML Purifier never
|
|
supported in the first place (like embed, form or head). If you
|
|
change this, you probably also want to change %HTML.AllowedAttributes.
|
|
</p>
|
|
<p>
|
|
<strong>Warning:</strong> If another directive conflicts with the
|
|
elements here, <em>that</em> directive will win and override.
|
|
</p>
|
|
--# vim: et sw=4 sts=4
|