Extension:HTMLPurifier
 Release status: beta |
|
|---|---|
| Implementation | Tag |
| Description | Allows users to input raw HTML by using HTML Purifier to sanitize it. |
| Author(s) | Sophivorustalk |
| Latest version | 1.0 (2022-09-19) |
| MediaWiki | 1.35+ |
| PHP | 7+ |
| Database changes | No |
| License | GNU General Public License 3.0 or later |
| Download | |
| Example | [1] |
| Quarterly downloads | 9 (Ranked 170th) |
| Translate the HTMLPurifier extension if it is available at translatewiki.net | |
The HTMLPurifier extension allows users to input raw HTML by using HTML Purifier to sanitize it.
InstallationEdit
- Download and place the file(s) in a directory called
HTMLPurifierin yourextensions/folder. - Only when installing from Git, run Composer to install PHP dependencies, by issuing
composer install --no-devin the extension directory. (See task T173141 for potential complications.) - Add the following code at the bottom of your
LocalSettings.php:wfLoadExtension( 'HTMLPurifier' );
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
UsageEdit
Once installed, users will be able to use the <html> tag to input HTML in any page, like so:
<html>This <a href="https://example.com/">link</a> was done with HTML rather than wikitext!</html>
To avoid security risks, all HTML is passed through HTML Purifier, a mature and thoroughly audited PHP library that strips off all malicious and suspect code.
ConfigurationEdit
The only configuration option is an associative array that controls the configuration of HTML Purifier itself. For example:
$wgHTMLPurifierConfig = [
'Cache.SerializerPath' => $wgCacheDirectory, // Use the MediaWiki cache directory for HTML Purifier
'Attr.EnableID' => true, // Allow ID attributes
'CSS.Trusted' => true, // Allow inline styling
];
See alsoEdit
- HTML restriction - Other extensions that allow users to input raw HTML securely.
- Manual:$wgRawHtml - Config option to allow raw HTML.