Topic: How to allow attribute style="text-align: center"
I would like to allow p element to have attribute style="text-align: center", for example:
<p style="text-align: center">This is centered</p>
How to do that in latest htmLawed?
Re: How to allow attribute style="text-align: center"
Can you clarify a little? E.g., is it that you want to permit 'style' in 'p' only if it has 'text-align: center'?
3 2019-01-17 12:12:48 (edited by dvh 2019-01-17 12:12:59)
Re: How to allow attribute style="text-align: center"
Yes, I want to deny all attributes, but for p I want to allow style="text-align: center", here is my current code:
$allowed_elements = 'a,b,blockquote,br,div,em,h1,h2,i,img,legend,li,ol,p,span,strike,strong,sub,sup,#text,ul,h6';
$ok = htmLawed($aHtml, array('safe' => 1, 'elements' => $allowed_elements, 'deny_attribute' => '* -title -href -alt -src -width -height -datetime', 'keep_bad' => 0));
Re: How to allow attribute style="text-align: center"
To allow 'style' within 'p' only, and only if value of 'style' is 'text-align: center', you can try using htmLawed's spec parameter:
$spec = 'p=style(match=%"text-align:\s+center;?"%)';
$ok = htmLawed($aHtml, $spec, array('safe' => 1...);Re: How to allow attribute style="text-align: center"
It now allows all attributes, including style="color: red"
<?php
// Test
require_once __DIR__."/lib/htmLawed-1.2.4.1.php";
$allowed_elements = 'h1,h2,img,p';
$html = '
<h1 style="color: red">This title must not be RED!</h1>
<p>Left aligned paragraph</p>
<p style="text-align: center">Center aligned paragraph</p>';
echo '<h1>Without spec</h1>';
echo htmLawed(
$html,
array(
'safe' => 1,
'elements' => $allowed_elements,
'deny_attribute' => '* -title -href -alt -src -width -height -datetime',
'keep_bad' => 0
)
);
echo '<h1>With spec</h1>';
$spec = 'p=style(match=%"text-align:\s+center;?"%)';
echo htmLawed(
$html,
$spec,
array(
'safe' => 1,
'elements' => $allowed_elements,
'deny_attribute' => '* -title -href -alt -src -width -height -datetime',
'keep_bad' => 0
)
); Re: How to allow attribute style="text-align: center"
I tested these settings with htmLawed 1.2.4.1 at htmLawed's test-page. They work as expected; 'style="color: red" of 'h1' gets removed.
Re: How to allow attribute style="text-align: center"
Weird. I use PHP Version 7.0.32-0 on ubuntu 16.04 and I see red H1. Even did fresh download.
Re: How to allow attribute style="text-align: center"
I suspect that this is because of some odd thing in the test code that you used. Try my test code, with which htmLawed's $spec works as expected.
$text = '
<h1 style="color: red">Red H1 - should be black</h1>
<span style="color: red">Red SPAN - should be black and without tag</span>
<p>Non-aligned P</p>
<p style="text-align: right">Right-aligned P - should be left-aligned</p>
<p style="text-align: center">Center-aligned P</p>
';
$config = array(
'safe' => 1,
'elements' => 'h1, h2, img, p',
'deny_attribute' => '* -title -href -alt -src -width -height -datetime',
'keep_bad' => 0
);
$spec = 'p=style(match=%"text-align:\s+center;?"%)';
echo htmLawed($text, $config, $spec);
echo '<h2 style="color: red">Input HTML</h2>';
echo nl2br(htmlspecialchars($text));
echo '<h2 style="color: red">Output HTML</h2>';
echo nl2br(htmlspecialchars(htmLawed($text, $config, $spec)));Re: How to allow attribute style="text-align: center"
Found it. I copied your code:
$spec = 'p=style(match=%"text-align:\s+center;?"%)';
$ok = htmLawed($aHtml, $spec, array('safe' => 1...);
Spec is in 2nd argument. Putting it on third fixes the issue.