HTMLAWED Simple Example Settings
The behavior of the htmLawed HTML filter can be affected by configuring its settings through the
$config and
$spec parameters. Some simple examples are shown below. In some cases only one of many settings that all result in equivalent or similar effects are shown. Refer to
htmLawed documentation for more details and options.
0.
Safest, allowing only 'safe' HTML markup
Using the config parameter '
safe'
$config = array('safe'=>1);
$out = htmLawed($in, $config);
1.
Simplest, allowing all valid HTML markup except uncommon URL schemes like 'whatsapp:'
$out = htmLawed($in);
2.
Simplest, allowing all valid HTML markup except uncommon URL schemes like 'whatsapp:', and prettying-up the HTML
Using the config parameter '
tidy'
$config = array('tidy'=>1);
$out = htmLawed($in, $config);
3.
Allowing all valid HTML markup including uncommon URL schemes like 'whatsapp:'
Using the config parameter '
schemes'
$config = array('schemes'=>'*:*');
$out = htmLawed($in, $config);
4.
Allowing only 'safe' HTML and the elements 'a', 'em', and 'strong'
Using the config parameters '
safe' and '
elements'
$config = array('safe'=>1, 'elements'=>'a, em, strong');
$out = htmLawed($in, $config);
5.
Not allowing elements 'script' and 'object'
Using the config parameter '
elements'
$config = array('elements'=>'* -script -object');
$out = htmLawed($in, $config);
6.
Not allowing attributes 'id' and 'style'
Using the config parameter '
deny_attribute'
$config = array('deny_attribute'=>'id, style');
$out = htmLawed($in, $config);
7.
Permitting only attributes 'title' and 'href'
Using the config parameter '
deny_attribute'
$config = array('deny_attribute'=>'* -title -href');
$out = htmLawed($in, $config);
8.
Remove bad/disallowed tags altogether instead of converting them to entities
Using the config parameter '
keep_bad'
$config = array('keep_bad'=>0);
$out = htmLawed($in, $config);
9.
Allowing attribute 'title' only in 'a' and not allowing attributes 'id', 'style', or scriptable on* attributes like 'onclick'
Using '
spec' and the config parameter '
deny_attribute'
$config = array('deny_attribute'=>'title, id, style, on*');
$spec = 'a=title';
$out = htmLawed($in, $config, $spec);
10.
As above (#9) but additionally allowing only these but no other custom data-* atributes in 'a' – 'data-name_first' and 'data-name_last' data-* attributes
Using '
spec' and the config parameter '
deny_attribute'
$config = array('deny_attribute'=>'title, id, style, on*, data*');
$spec = 'a=title, data-name_first, data-name_last';
$out = htmLawed($in, $config, $spec);
11.
Allowing a custom attribute, 'vFlag', in 'img' and permitting custom use of the standard attribute, 'rel', in 'input'
Using '
spec'
$spec = 'img=vFlag; input=rel';
$out = htmLawed($in, $config, $spec);
12.
Ensure compliance as XHTML (XML-compliant HTML)
Using the config parameter '
valid_xhtml'
$config = array('valid_xhtml'=>1);
$out = htmLawed($in, $config);