You say: "According to the documentation you have to add definitions like this".
Unless something fundamental has changed since the last time I checked the library (a year ago, about), that's not quite true - that part exists for if you want to teach HTML Purifier new attributes that it isn't natively aware of. For example, if you wanted to teach your HTML Purifier to accept non-standard <font>
attributes, like align=""
, you'd need to alter the raw HTML definition.
However, if your whitelist consists purely of regular HTML elements (and yours does!), you just need to use the $config
object:
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.AllowedElements', array(
'strong','a','p'
));
$config->set('HTML.AllowedAttributes', array(
'a.href'
));
$purifier = new HTMLPurifier($config);
That should work. Are you running into problems with that constellation?
(Check out this document, too: http://htmlpurifier.org/live/INSTALL )