Firefox PHP

Module: HTML Purifier

Posted by Ambush Commander 
All files from this thread

File Name File Size   Posted by Date  
phorum-htmlpurifier-4.0.0.zip 25.4 KB open | download Ambush Commander 07/10/2009 Read message
phorum-htmlpurifier-4.0.0.tar.gz 19.8 KB open | download Ambush Commander 07/10/2009 Read message
Module: HTML Purifier
January 13, 2008 06:39AM
Filter Your HTML the Standards-Compliant Way!

Note: PHP5 only!

The HTML Purifier Phorum Module is a module that enables raw HTML input into the forums. "Now wait!" you may be thinking, "Doesn't that pose a security risk?" Normally, yes, it would, but we are using a spiffy library (written by me) called HTML Purifier that has bullet-proof XSS protection due to its whitelist implementation. With HTML Purifier protecting your user-data, you are sure to be safe.

For plain-textarea users, we offer auto-paragraphing and linkification, so editing raw HTML is much more pleasant than normal. However, the real important thing is that HTML Purifier will enable you to embed a WYSIWYG editor with impunity! This functionality doesn't come preloaded, since I don't know what WYSIWYG editor you want to use, but that's where this library really shines. Users will be able to post lists and tables with HTML Purifier enabled!

Be sure to follow the instructions in htmlpurifier/migrate.bbcode.php to migrate your Phorum database to HTML.

Download:
- HTML Purifier Phorum Mode 4.0.0 (ZIP)
- HTML Purifier Phorum Mode 4.0.0 (TAR.GZ)

Demo: This mod is enabled on HTML Purifier's forums, you can test it out anonymously in the special Test forum

HTML Purifier, standards-compliant HTML filtering



Edited 2 time(s). Last edit at 07/10/2009 03:25AM by Ambush Commander.
Attachments:
open | download - phorum-htmlpurifier-4.0.0.zip (25.4 KB)
open | download - phorum-htmlpurifier-4.0.0.tar.gz (19.8 KB)
Re: Module: HTML Purifier
May 21, 2009 12:54PM
Hello Phorum forum,

I would love to use this module but unfortunately I have been using the built-in "HTML Phorum Mod" (to enable full HTML) with Inline Attachments for years and this module will not honor old HTML. When htmlpurifier is enabled all existing HTML is simply displayed instead of rendered.

My goal is to sanitize all future HTML input, but to leave existing HTML (especially auto-embedded <img src> tags) intact.

Has any encountered this obstacle?

I appreciate your time.

- Cary
Re: Module: HTML Purifier
May 21, 2009 06:03PM
What did you use as your migration file?

HTML Purifier, standards-compliant HTML filtering
Re: Module: HTML Purifier
July 10, 2009 03:25AM
Updated to be compatible with HTML Purifier 4.0.0. Some other user-friendly changes too!

HTML Purifier, standards-compliant HTML filtering
Re: Module: HTML Purifier
February 20, 2010 01:17PM
Hello everybody here i have installed Phorum5 but i have a problem with making the html visible in the postings.

The html wont transform into the real thing.

Here in this forum its also not working I've made a print screen of it as an example.

Please could somebody give a solution to solve this problem i would be very great full if somebody could help me.

Here the original html so everybody can try it out for themselves:

Language: HTML
<script src="http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/translatemypage.xml&up_source_language=en&w=160&h=60&title=&border=&output=js"></script>     <iframe width="425" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.nl/maps?hl=nl&amp;q=utrecht&amp;ie=UTF8&amp;hq=&amp;hnear=Utrecht&amp;z=11&amp;ll=52.091262,5.122748&amp;output=embed"></iframe><br /><small><a href="http://maps.google.nl/maps?hl=nl&amp;q=utrecht&amp;ie=UTF8&amp;hq=&amp;hnear=Utrecht&amp;z=11&amp;ll=52.091262,5.122748&amp;source=embed" style="color:#0000FF;text-align:left">Grotere kaart weergeven</a></small>   <a title="View Pécs 2010 openingsceremonie en jaarkalender on Scribd" href="http://www.scribd.com/doc/24482800/Pecs-2010-openingsceremonie-en-jaarkalender" style="margin: 12px auto 6px auto; font-family: Helvetica,Arial,Sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 14px; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; display: block; text-decoration: underline;">Pécs 2010 openingsceremonie en jaarkalender </a> <object codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" id="doc_76462081804648" name="doc_76462081804648" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" align="middle" height="500" width="100%" > <param name="movie" value="http://d1.scribdassets.com/ScribdViewer.swf?document_id=24482800&access_key=key-9zgujiin6ql59pw5won&page=1&version=1&viewMode=list"> <param name="quality" value="high"> <param name="play" value="true"> <param name="loop" value="true"> <param name="scale" value="showall"> <param name="wmode" value="opaque"> <param name="devicefont" value="false"> <param name="bgcolor" value="#ffffff"> <param name="menu" value="true"> <param name="allowFullScreen" value="true"> <param name="allowScriptAccess" value="always"> <param name="salign" value=""> <param name="mode" value="list"> <embed src="http://d1.scribdassets.com/ScribdViewer.swf?document_id=24482800&access_key=key-9zgujiin6ql59pw5won&page=1&version=1&viewMode=list" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" play="true" loop="true" scale="showall" wmode="opaque" devicefont="false" bgcolor="#ffffff" name="doc_76462081804648_object" menu="true" allowfullscreen="true" allowscriptaccess="always" salign="" type="application/x-shockwave-flash" align="middle" mode="list" height="500" width="100%"> </embed> </object>   <object width="445" height="364"><param name="movie" value="http://www.youtube.com/v/SR6Z0X9ALgA&hl=nl_NL&fs=1&color1=0x006699&color2=0x54abd6&border=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/SR6Z0X9ALgA&hl=nl_NL&fs=1&color1=0x006699&color2=0x54abd6&border=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="445" height="364"></embed></object>

Greetings from Hungary, arnold de Keijzer.

Hereunder the print screen of all the things that don't work.





Edited 2 time(s). Last edit at 02/20/2010 02:49PM by Arnold.
Re: Module: HTML Purifier
February 20, 2010 02:45PM
our forums don't have html enabled at all so it will never work. you should check that you got an html module installed and enabled in your forums.
Btw. I doubt that javascripts are working as at least the original phorum html module filters all scripts for the sake of security.


Thomas Seifert
Phorum Development Team / Mysnip-Solutions.de
Custom Phorum and general software development
worry-free Phorum Hosting
Re: Module: HTML Purifier
February 21, 2010 10:53AM
Hello Thomas I've installed two html modules one of them is the HTML Purifier I visited the website of the HTML Purifier
to get an explanation of how the HTML Purifier is working the explanation that they give over there is much to difficult for me to understand..........

Then i saw that you are also hosting free forums witch are made with Phorum5 I tried my html out in one of those forums the "ATCNET-Forum - Forum über Flugsicherung und Luftfahrt" and practically all of the html that I put in over there worked.

Here a link to that forum: ATCNET-Forum - Forum über Flugsicherung und Luftfahrt

I've made a screen shot of how it looks like: Klick here for the screen shot

Two things are not working over there, Windows media player and the Google translation module.

Here the html of the Google translation module:

Language: HTML
<script src="http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/translatemypage.xml&up_source_language=en&w=160&h=60&title=&border=&output=js"></script>

In my old forum all the html was working perfectly, here you can see it on my old forum: Click here for my old forum

Here my new forum witch is made with Phorum5: Click here for my new forum

Thomas could you please point me in the right direction of the string of html that I need to change to make this html workable?

Here the two html modules that I've installed



Greatings from Hungary, Arnold
Re: Module: HTML Purifier
February 21, 2010 11:12AM
If more html is working in my forums then you are lucky because of the old version there.
But I'll be switching to a more recent version in the future which will be more restrictive.
And thats all off-topic in this thread.


Thomas Seifert
Phorum Development Team / Mysnip-Solutions.de
Custom Phorum and general software development
worry-free Phorum Hosting
Sorry, only registered users may post in this forum.

Click here to login