PHP Labware internal utilities / htmLawed

HTMLAWED Simple Example Settings

The behavior of the htmLawed HTML filter can be affected by configuring its settings through the $config and $spec parameters. Some simple examples are shown below. In some cases only one of many settings that all result in equivalent or similar effects are shown. Refer to htmLawed documentation for more details and options.

0. Safest, allowing only 'safe' HTML markup

Using the config parameter 'safe'
$config = array('safe'=>1);
$out = htmLawed($in, $config);


1. Simplest, allowing all valid HTML markup except uncommon URL schemes like 'whatsapp:'
$out = htmLawed($in);


2. Simplest, allowing all valid HTML markup except uncommon URL schemes like 'whatsapp:', and prettying-up the HTML

Using the config parameter 'tidy'
$config = array('tidy'=>1);
$out = htmLawed($in, $config);


3. Allowing all valid HTML markup including uncommon URL schemes like 'whatsapp:'

Using the config parameter 'schemes'
$config = array('schemes'=>'*:*');
$out = htmLawed($in, $config);


4. Allowing only 'safe' HTML and the elements 'a', 'em', and 'strong'

Using the config parameters 'safe' and 'elements'
$config = array('safe'=>1, 'elements'=>'a, em, strong');
$out = htmLawed($in, $config);


5. Not allowing elements 'script' and 'object'

Using the config parameter 'elements'
$config = array('elements'=>'* -script -object');
$out = htmLawed($in, $config);


6. Not allowing attributes 'id' and 'style'

Using the config parameter 'deny_attribute'
$config = array('deny_attribute'=>'id, style');
$out = htmLawed($in, $config);


7. Permitting only attributes 'title' and 'href'

Using the config parameter 'deny_attribute'
$config = array('deny_attribute'=>'* -title -href');
$out = htmLawed($in, $config);


8. Remove bad/disallowed tags altogether instead of converting them to entities

Using the config parameter 'keep_bad'
$config = array('keep_bad'=>0);
$out = htmLawed($in, $config);


9. Allowing attribute 'title' only in 'a' and not allowing attributes 'id', 'style', or scriptable on* attributes like 'onclick'

Using 'spec' and the config parameter 'deny_attribute'
$config = array('deny_attribute'=>'title, id, style, on*');
$spec = 'a=title';
$out = htmLawed($in, $config, $spec);


10. As above (#9) but additionally allowing only these but no other custom data-* atributes in 'a' – 'data-name_first' and 'data-name_last' data-* attributes

Using 'spec' and the config parameter 'deny_attribute'
$config = array('deny_attribute'=>'title, id, style, on*, data*');
$spec = 'a=title, data-name_first, data-name_last';
$out = htmLawed($in, $config, $spec);


11. Allowing a custom attribute, 'vFlag', in 'img' and permitting custom use of the standard attribute, 'rel', in 'input'

Using 'spec'
$spec = 'img=vFlag; input=rel';
$out = htmLawed($in, $config, $spec);


12. Ensure compliance as XHTML (XML-compliant HTML)

Using the config parameter 'valid_xhtml'
$config = array('valid_xhtml'=>1);
$out = htmLawed($in, $config);


htmLawed | PHP Labware home | visitors since Sept 2017