Allow custom url's in src for image in htmlpurifier

Question

I am having a problem with HTMLPurifier settings.

In my case the HTML that i am trying to purify contains img tags. To allow this I added:

$config->set('HTML.Allowed', 'p[align|style],strong,a[href|title|mailto],em,table[class|width|cellpadding],td,tr,h3,h4,h5,hr,br,u,ul,ol,li,img[src|width|height|alt|class],span[class],strike,sup,sub');

to my config.

But the problem is that the src value for my images begin and end with %%abc%% %%xyz%% respectively. I use these strings later in my code to identify the image urls and do some stuff.

But HTMLPurifier is not allowing these types of url.

I tried adding a custom URI schema, but I am not able to get it to work. Any help is appreciated .

Answer 1

Hmmm... yeah, you're probably kind of out of luck, unless you regex out the custom values and leave a unique identifier in its place, and then splat them back in at the end. Percent signs are particularly bad, because they normally have different meaning in URLs.

Answer 2

You should be able to overwrite the attribute definition/validation as follows:

class ParameterURIDef extends \HTMLPurifier_AttrDef_URI
{
    public function validate($uri, $config, $context)
    {
        if(preg_match('/^\{[a-zA-Z0-9]+\}$/', $uri)) {
            return true;
        }

        return parent::validate($uri, $config, $context);
    }
}

 $config = HTMLPurifier_Config::createDefault();
 $def =   $config->getHTMLDefinition(true);
 $def->addAttribute('img', 'src', new ParameterURIDef());