HTMLPurifier causes a 500 Internal Server Error
https://stackoverflow.com/questions/11921870
-
25-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have setup HTMLPurifer using the default configuration found here
All seems to be working ok apart from when I pass text containing something like <script></script>. Instead of filtering this out as an XSS attack, I receive an internal server error.
I've tried other html like <b></b> and this works ok, so It must be something to do with the script tag specifically. Any idea? Thanks.
Edit: Ok so I've tried all kinds of things to enable error logging. I've deliberately creating PHP errors to test that errors are being written to the log and this is ok. However no matter what I do I can't get the 500 error to log its cause.
Solution
My psychic debugging skills tell me you should turn off mod_security.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
