1 Topic by RottDoggie

  • RottDoggie
  • Member
  • Offline

Topic: Almost working...but still setup-specific link stripping

Hey all...quick config question.

I'm using 1.1.8 and having a little problem that's driving me nuts.  I am cleaning input from a SPAW editor instance in the admin area of a custom CMS.  That is...this is not for a public forum, so I am only needing to clean up the html from the data-entry folks.  Essentially, I just need to remove all styles and class attributes, but leave all other tags in place.

I've got htmLawed removing styles and class fine. I can't seem to get it to leave any URLs intact.  Currently the best I can get is:

<a href="www.site.com" target="_blank">site</a>

to process as:

<a target="\" href="/">site</a>

I've tried $processed = htmLawed($content, $config,'a=*')...as well as just about everything I could find in the $config array. 

htmLawedTest.php renders it just fine using the following config:

Array
(
  [abs_url] => 0
  [anti_link_spam] => 0
  [anti_mail_spam] => 0
  [anti_mail_spam1] => NO@SPAM
  [balance] => 1
  [base_url] => 0
  [clean_ms_char] => 0
  [deny_attribute] => Array
    (
      [style] => 0
      [class] => 1
    )

  [elements] => Array
    (
      [p] => 0
      [a] => 1
      [b] => 2
    )

  [hexdec_entity] => 1
  [hook] => 0
  [hook_tag] => 0
  [keep_bad] => 6
  [lc_std_val] => 1
  [named_entity] => 1
  [no_deprecated_attr] => 1
  [parent] => div
  [safe] => 0
  [schemes] => Array
    (
      [href] => Array
        (
          [aim] => 0
          [feed] => 1
          [file] => 2
          [ftp] => 3
          [gopher] => 4
          [http] => 5
          [https] => 6
          [irc] => 7
          [mailto] => 8
          [news] => 9
          [nntp] => 10
          [sftp] => 11
          [ssh] => 12
          [telnet] => 13
        )

      [*] => Array
        (
          [file] => 0
          [http] => 1
          [https] => 2
        )

    )

  [tidy] => 0
  [unique_ids] => 1
  [show_setting] => hlcfg
  [and_mark] => 0
  [cdata] => 3
  [comment] => 3
  [css_expression] => 0
  [make_tag_strict] => 1
  [style_pass] => 0
  [xml:lang] => 0
)

2 Reply by patnaik

  • patnaik
  • Administrator
  • Offline

Re: Almost working...but still setup-specific link stripping

The problem is specific to your site-setup. Could it be a 'stripslashes' issue? Refer to this post. Otherwise, could some other piece of code be affecting the input to htmLawed? Can you 'echo' the text right before as well as immediately after the code calling htmLawed to look into that?

The 'config' value you posted is, I assume, not actually specified at that detail in your code since just this would work to deny 'class' and 'style':

$out = htmLawed($in, array('deny_attribute'=>'class, style'));

3 Reply by RottDoggie (edited by RottDoggie 2009-06-11 14:42:32)

  • RottDoggie
  • Member
  • Offline

Re: Almost working...but still setup-specific link stripping

That did it.  Arrgh...

When I was using stripslashes earlier (with a few more parameters passed in $config), I was getting either no response or everything stripped out of my post (leaving only text).  BTW: You are correct in that I was just posting the settings detail from htmLawedTest.php above.

Makes me think of a feature request for htmLawedTest.php...

How difficult would it be to create a "ConfigGenerator" function that would output the appropriate config array -- dependant on the selections made in "Settings" options?  I added "nl2br(htmlspecialchars(var_export($GLOBALS['hlcfg']['config'], true)))" to the View settings line (#547) to get a more useable output, but obviously it contains all of the defaults in addition to my revised settings. 

Someting that stripped out all the defaults and left you with just the correct config array() code to use in the htmLawed() function would be fantastic.  It would allow developers to test the various settings on live code and cut/paste the config array() of the winning combination.  I'm guessing the display could just be added to the View Settings div.

Thoughts?

4 Reply by RottDoggie

  • RottDoggie
  • Member
  • Offline

Re: Almost working...but still setup-specific link stripping

Sorry...

I also meant to say "Thank you, patnaik for your quick and helpful reply!"

Where are my manners today?!?   ;-)

5 Reply by patnaik

  • patnaik
  • Administrator
  • Offline

Re: Almost working...but still setup-specific link stripping

The config generator sounds like a good idea.

The 'finalized settings' view in the htmLawedTest.php test-page is actually meant to help with fixing bugs/issues.

Even if I don't get time for the config generator I will add a form-field to directly enter config value (instead of using the detailed settings form).