HTMLPurifier removes target="_blank"

About

Asked 21/6, 2011 at 19:45 Answered 15/1, 2016 at 12:25

I'm using HTMLPurifier and even thou I have :

$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');

it removes all 'target' attribues from the links.

Any idea why is it doing it?

Peep answered 21/6, 2011 at 19:45 Comment(2)

Sure you got the latest purifier? Also, sure your HTML is valid? :) – Barrault 21/6, 2011 at 19:47

Yes - all valid and version downloaded yesterday. – Peep 21/6, 2011 at 19:50

The list of allowed frame targets is not enabled by default. You have to enable it manually.

Edmon answered 21/6, 2011 at 19:55 Comment(2)

That was exactly this - I've used the following: $config->set('Attr.AllowedFrameTargets', array('_blank')); and it works! Thanks a lot! – Peep 21/6, 2011 at 20:1

Ah thanks, I thought CKEditor was responsible for this. With YML configurations you need to define an array like this (child of html_purifier -> config): Attr.AllowedFrameTargets: [ '_blank', '_top', '_self', '_parent' ] – Misunderstanding 6/7, 2015 at 7:59

In a Yii2 application, inside of a DetailView, I configured HtmlPurifier as follows:

[
    'label' => 'Document PDF',
    'format'=> 'raw',
    'value' => HtmlPurifier::process(DocumentFunctions::viewDocumentPdfInView($model->document_id), [
    'Attr.AllowedFrameTargets' => ['_blank'],
    ]),
],

Here is a simpler way I found:

[
    'label' => 'Document PDF',
    'format'=> ['html', 'config' => ['Attr.AllowedFrameTargets' => ['_blank']]],
    'value' => DocumentFunctions::viewDocumentPdfInView($model->document_id),
]

Appel answered 15/1, 2016 at 12:25 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags