Extension:HTMLPurifier
 Release status: beta |
|
|---|---|
| Implementation | Tag |
| Description | Allows users to input raw HTML by using HTML Purifier to sanitize it. |
| Author(s) | Sophivorustalk |
| Latest version | 1.0 (2022-09-19) |
| MediaWiki | 1.35+ |
| PHP | 7+ |
| Database changes | No |
| License | GNU General Public License 3.0 or later |
| Download | |
| Example | [1] |
| Quarterly downloads | 11 (Ranked 164th) |
| Translate the HTMLPurifier extension if it is available at translatewiki.net | |
The HTMLPurifier extension allows users to input raw HTML by using HTML Purifier to sanitize it.
Installation[edit]
- Download and place the file(s) in a directory called
HTMLPurifierin yourextensions/folder. - Only when installing from Git, run Composer to install PHP dependencies, by issuing
composer install --no-devin the extension directory. (See task T173141 for potential complications.) - Add the following code at the bottom of your
LocalSettings.php:wfLoadExtension( 'HTMLPurifier' );
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Usage[edit]
Once installed, users will be able to use the <html> tag to input HTML in any page, like so:
<html>This <a href="https://example.com/">link</a> was done with HTML rather than wikitext!</html>
To avoid security risks, all HTML is passed through HTML Purifier, a mature and thoroughly audited PHP library that strips off all malicious and suspect code.
Configuration[edit]
The only configuration option is an associative array that controls the configuration of HTML Purifier itself. For example:
$wgHTMLPurifierConfig = [
'Cache.SerializerPath' => $wgCacheDirectory, // Use the MediaWiki cache directory for HTML Purifier
'Attr.EnableID' => true, // Allow ID attributes
'CSS.Trusted' => true, // Allow inline styling
];
See also[edit]
- HTML restriction - Other extensions that allow users to input raw HTML securely.
- Manual:$wgRawHtml - Config option to allow raw HTML.