Due to the illuminate/support": "4.*" requirement in composer.json, this package doesn't work with laravel 5 :-( Mind adding support to it?

Hey @mewebstudio ,

Laravel 9 is just around the corner (due in 5 days). I thought we'd get ahead of this thing, and provide support before it's out. Tested this package against L9 and... what do you know, everything still works great 🎉 So it only needs a dependency version bump to support L9. That's what this PR does.

Again, thanks for a great package. Cheers!

PS. My only concern in terms of breaking changes was this one but it seems it's all fine, clean(null) works jus as well as clean(''). So we're good 💪

Hello, just upgraded to Laravel version 5.0.17 and now Purifier seems not to work. I get the error "Call to undefined method [package]"

Hope this can be solved soon, thanks :+1:

I removed call of HTMLPurifier_Config::inherit() because inherited config object doen't use custom definitions from parent one.

Also creating of config object for purifier was heavilly refactored. All related stuff moved to separate class. Another problem is that HTMLPurifier library ignore any custom elements if HTML.Allowed or HTML.AllowedElements provided in config. So we need to duplicate each custom element name in this properties. I made this to be done automatically. So now if there is a custom elements defined in cofig - they will be appended to the list of HTML.Allowed or HTML.AllowedElements depending of which is provided.

Also creating of config object moved to clean() method if custom config provided. This makes posible to use custom elements even with dynamic configuration.

Fixed old tests and added some new ones.

Please review and let me know if something must be fixed.

P.S. Sorry for my english, I'm just studying it.

No matter what I do Purifier strips "target" attribute for <a>. My code looks like this

return [

    'encoding' => 'UTF-8',
    'finalize' => true,
    'preload'  => false,
    'cachePath' => null,
    'settings' => [
        'default'          => [
            'HTML.Doctype'             => 'HTML 4.01 Transitional',
            'Attr.AllowedFrameTargets' => '_blank',
            'Attr.AllowedRel'          => 'nofollow',

            'HTML.Allowed'             => 'h2,strike,blockquote,u,div,b,strong,i,em,a[href|title|target|rel],ul,ol,li,p,br,span,img[width|height|alt|src]',
            'CSS.AllowedProperties'    => 'font,font-weight,font-style,text-decoration,padding-left,text-align',
            'AutoFormat.AutoParagraph' => false,
            'AutoFormat.RemoveEmpty'   => true,
        ],
        'test' => [
            'Attr.EnableID' => true
        ],
        "youtube" => [
            "HTML.SafeIframe" => 'true',
            "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/)%",
        ],
    ],

];

What am I doing wrong? I have gone through all the open and closed issues and tried everything that I thought would work, but no luck. Any help will be super greatly appreciated

I can't find the preload config option referenced anywhere in the code, other than in the example config file. Was it intended for a future feature? Seems like it should be removed.

Added this package to my project, with no config, attempted to test the results and it produced an error.

Using Laravel 4.1

Here's my code in my controller: $template->template = Purifier::clean(Input::get('template'));

I use ckEditor, I went into view source and added some malicious code found on the HTMLPurifier site located at http://htmlpurifier.org/demo.php?html=%3Cimg+src%3D%22javascript%3Aevil%28%29%3B%22+onload%3D%22evil%28%29%3B%22+%2F%3E

When I attempted to see if HMLPurifier would remove it, it produced the error: Directory "/var/www/project/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable, please chmod to 777"

The section of code it's failing on is: /var/www/speakeasy/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php (line 272) // need to give global permissions $chmod = $chmod | 0777; } trigger_error( 'Directory ' . $dir . ' not writable, ' . 'please chmod to ' . decoct($chmod), E_USER_WARNING ); } else { // generic error message

Not sure why it is attempting to write to the folder under "vendor". Is this something that can be fixed?

It looks like HTMLPurifier_Config::inherit($config) that used when creating purifier instance, doesn't use custom definitions from parent config object.

I changed it to use config object directly.

Hi @mewebstudio , I this that's worth noticing that actually automated tests cannot be run. In composer.json neither Laravel nor Lumen are required so that tests all error. Cause is here: #34

Solution could be to create two separate packages, one for Laravel and the other for Lumen. Another way is to customize the scripts before the tests to require Laravel.

What do you think?

Just added an special option "definitions" in the config which allows to set custom HTML definitions, in order to add support of elements and attributes, like:

This is an automated pull request from Shift to update your package code and dependencies to be compatible with Laravel 9.x.

Before merging, you need to:

• Checkout the l9-compatibility branch
• Review all comments for additional changes
• Thoroughly test your package

If you do find an issue, please report it by commenting on this PR to help improve future automation.

Can you update the mews/purifier package to support the 8.2 php version?

Current issue:

 Problem 1
    - mews/purifier[3.3.0, ..., 3.3.2] require php ^7.2 -> your php version (8.2.0RC7) does not satisfy that requirement.
    - mews/purifier[3.3.3, ..., 3.3.6] require illuminate/config ^5.8|^6.0|^7.0|^8.0 -> found illuminate/config[v5.8.0, ..., 5.8.x-dev, v6.0.0, ..., 6.x-dev, v7.0.0, ..., 7.x-dev, v8.0.0, ..., 8.x-dev] but these were not loaded, likely because it conflicts with another require.
    - mews/purifier[3.3.7, ..., 3.3.8] require ezyang/htmlpurifier 4.13.* -> found ezyang/htmlpurifier[v4.13.0] but it conflicts with your root composer.json require (^4.16).
    - Root composer.json requires mews/purifier ^3.3 -> satisfiable by mews/purifier[3.3.0, ..., 3.3.8].

Can you upgrade ezyang/htmlpurifier version? Your package currently incompatible with php 8.1

Problem 1
    - mews/purifier[3.3.0, ..., 3.3.2] require php ^7.2 -> your php version (8.1.12) does not satisfy that requirement.
    - mews/purifier[3.3.3, ..., 3.3.6] require illuminate/config ^5.8|^6.0|^7.0|^8.0 -> found illuminate/config[v5.8.0, ..., 5.8.x-dev, v6.0.0, ..., 6.x-dev, v7.0.0, ..., 7.x-dev, v8.0.0, ..., 8.x-dev] but these were not loaded, likely because it conflicts with another require.
    - mews/purifier[3.3.7, ..., 3.3.8] require ezyang/htmlpurifier 4.13.* -> found ezyang/htmlpurifier[v4.13.0] but the package is fixed to v4.16.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
    - Root composer.json requires mews/purifier ^3.3 -> satisfiable by mews/purifier[3.3.0, ..., 3.3.8].

I have a field in database, i.e. html_content. The field is nullable and by default is null, but it may contain some HTML content.

Model casts this field using CleanHtml class and the result of $model->html_content when html_content is null is an empty string, instead of null value.

Isn't it supposed to return null value, because null value may indicate certain things when rendering pages on the front-end, etc.?

Which also uses "ezyang/htmlpurifier": "^4.13"

Using version ^3.3 for mews/purifier

Your requirements could not be resolved to an installable set of packages.

Problem 1 - mews/purifier[3.3.0, ..., 3.3.8] require ezyang/htmlpurifier 4.13.* -> found ezyang/htmlpurifier[v4.13.0] but the package is fixed to v4.14.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command. - Root composer.json requires mews/purifier ^3.3 -> satisfiable by mews/purifier[3.3.0, ..., 3.3.8].

Is it intended that version 3.3.8 of mews/purifier still uses old version of ezyang/htmlpurifier (4.13.0)? Version 4.14.0 was released in December 2021.