You are not logged in. Please login or register.
PHP Labware forum → htmLawed → Allow rel attribute
Is there a way to allow the rel attribute? In searching the readme, I couldn't find it. Only thing I found is something about the rel="nofollow".
I'm trying to allow non-symantic rel's. Or, a custom attribute. ie <element foo="bar">. Those get stripped too.
Even though they aren't symantic, javascript can parse the attributes.
htmLawed permits 'rel' in the 'a' element, as the standards specify, but not others. To have 'rel' allowed in others (all or specific ones), and for custom attributes, one has to modify the htmLawed code (the static arrays at the beginning of the 'hl_tag' function). If you provide me more details, I can suggest the code changes. You can also check this post.
In the near future, htmLawed will have an option to bypass the checking of attribute name-value pairs, and an option to allow custom attributes.
Thanks for the quick response!
I looked at 'hl_tag' and the arrays are just tags. Not sure what I'd do with that.
Searching for 'rel' I saw static $aN which looks like it specifics what attributes are allowed in what tags.
It looks like 'attr'=>1 means it's allowed in all. 'rel' was 'rel'=>array('a'=>1). I tried changing it to 'rel'=>1 but it seems to still strip them. I also tried commenting out all code that has 'rel' in it but I still have rel stripped from something like <div rel="500">
There are two static and multidimensional arrays in that section of the code. $aN defines specific array-attribute pairs using key-value pairs like 'rel'=>array('a'=>1) which indicates that 'rel' is allowed only in 'a'. To allow in 'div' as well, one will modify it to 'rel'=>array('a'=>1, 'div'=>1). To allow in all elements, modify instead the $aNU array which specifies universal attributes and possible exceptions. Thus, to allow 'rel' in all but 'script' elements, one would use 'rel'=>array('script'=>1).
To allow custom, non-standard attributes, the rules are similarly defined. htmLawed identifies attribute names using a particular regex pattern, so unless that is modified, custom attribute names have to start with an alphabet, contain at least two characters, and can only have alphabets, colons (:) and hyphens (-).
Ah! I see. My trying to change to 'rel'=>1 in $aN was saying to disallow it in all elements.
Works now. Thanks very well, and thanks for making a nice script. I really like how you set the config, it's easier to configure than the other html sanitizers I tried prior.
Thanks and good luck on the future updates.
PHP Labware forum → htmLawed → Allow rel attribute