1 Topic by Lemanyak

  • Lemanyak
  • Member
  • Offline

Topic: $spec doesnt work at all ?

$config = array(
    'safe'=>1, // Dangerous elements and attributes thus not allowed
    'elements'=>'* -table -tr -td -th -tfoot -thead -col -colgroup -caption', // All except table-related are OK
    'deny_attribute'=>'class, id, style' // None of the allowed elements can have these attributes
);
$spec = 'a = title, href;' // The 'a' element can have only these attributes

// The filtering
$out = htmLawed($in, $config, $spec);

im just using the example code in your page.

$spec = 'a = title, href;'

but it doesnt ignore other attributes at all.

I just used spec like above but I can use name,id.

I want it to remove all except title and href, so what to do ?

Sorry for topic ;\

2 Reply by patnaik

  • patnaik
  • Administrator
  • Offline

Re: $spec doesnt work at all ?

I am looking into this... will get back soon.

3 Reply by Lemanyak

  • Lemanyak
  • Member
  • Offline

Re: $spec doesnt work at all ?

thank you im waiting for your reply.

4 Reply by patnaik

  • patnaik
  • Administrator
  • Offline

Re: $spec doesnt work at all ?

Trying following input on the htmLawed demo page:

<a title="t" id="i" href="h">link</a>

This is what I get with different $spec values:

  • a=-title,-href; (title/href not permitted)
    <a id="i">link</a>

  • a=title,-href; (href not permitted)
    <a title="t" id="i">link</a>

  • a=-href; (href not permitted)
    <a title="t" id="i">link</a>

  • a=-*; (nothing permitted)
    <a>link</a>

  • a=*; (all permitted)
    <a title="t" id="i" href="h">link</a>

  • a=-*, id; (none except id permitted)
    <a id="i">link</a>

It seems to me that the $spec implementation in htmLawed is OK. I think the code you cited in your post, probably from this page, is actually wrong [I've corrected it now].