目錄

Ckeditor + Htmlpurifier allow attribute

目錄

Allow the attribute as you want.

I created a page manager in the backstage, and it edit by the ckeditor. Also, I use Htmlpurifier to defense the xss injection. But Htmlpurifier will block the attribute like Bootstrap tabs plugins. So the way I used to allow attribute while using Htmlpurifier.

Here is the document.

For example, I want to purify the html below.

1
<div class="bootstrap-tabs" data-tab-set-title="Program Introduction"></div>

If you use the simple purifier like this,

1
2
3
4
5
function xss_filter($content){
    $purifier = new HTMLPurifier($config);
    $cleanContent = $purifier->purify($content);
    return $cleanContent;
}

You will get the output below,

1
<div class="bootstrap-tabs"></div>

The data-tab-set-title is disabled. So, add the code below and you will get what you want.

1
2
3
$config = HTMLPurifier_Config::createDefault(); 
$def = $config->getHTMLDefinition(true);
$def->addAttribute('div', 'data-tab-set-title', 'CDATA');

Hope it will help !