I am trying to use htmlpurifier that comes with the framework for additional XSS security measures but am unable to understand how to use it. I am using it as a widget and what I’ve done is declared all the body content of my layout file to be in the purifier widget. The result is all my forms are gone and a few scripts don’t work. Can someone provide an example of how to use the html purifier properly.
I was looking at it too… is there any documentation how to use? I would like it to use in a comment form only allowing some common html link / code blocks
there is an extension that accommodates the use of htmlpurifier however its been behaving very unpredictably. I turned on $_POST purifying and now my posts don’t work. I will try to directly use samdark’s example. Thanks for that samdark.