We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 7923
    • 4,213 Posts
    log in to the manager, then go to resources > manage resources > plugins tab > new plugin


      "He can have a lollipop any time he wants to. That's what it means to be a programmer."
      • 1341
      • 20 Posts
      Hmm... this is quite frustrating.

      I’ve tried this:

      $e = &$modx->Event;
      
      $e = &$modx->Event;
      
      // Only on this event
      if ($e->name == 'OnDocFormSave') {
          set_include_path('/Documents and Settings/Edward/My Documents/My Webs/htmlpurifier/library'
      . PATH_SEPARATOR . get_include_path());
          include_once('HTMLPurifier.php');
          $purifier = new HTMLPurifier();
          $_POST['tvcontent'] = $purifier->purify($_POST['tvcontent']);
      }
      
      return $purifier;


      But it doesn’t seem to work. A good test of HTMLPurifier is assigning a lang attribute to one of the elements. It should be copied over to xml:lang as per XHTML compatibility guidelines. I’m not getting this behavior, so I have to assume that the plugin isn’t working.

      Plus, the thing itself is extremely hacky: what if input comes in from another vector? To be quite honest, I don’t know what I should be doing. If someone else wants to take a stab at it, be my guest, but I am stumped.

      A few details about my library for anyone who wants to step up to the plate: It’s extremely easy to use, add the directory containing the library files to your path, include HTMLPurifier.php, instantiate an HTMLPurifier object, and then call purify() on whatever you need. The above code shows the theoretical flow pattern.

      HTMLPurifier will remove anything that’s not in its list of allowed elements, but the notable ones are OBJECT, EMBED, IFRAME and FORM (I like to call these defective by design). It will remove anything not in allowed attributes, which means that any scripting added on later on will be removed if you process to late.

      It’s not meant to process complete documents (because, of course, other parts of the document may need scripting and forms and etc). So it shouldn’t be run on complete pages.

      Finally, the library currently only supports UTF-8. I am working to also allow other major charsets (notably iso-8859-1), but if you don’t switch to UTF-8, expect some weird char encoding issues.
        • 6726
        • 7,075 Posts
        *Bump*

        Anyone can answer Ambush there ?

        I’d really LOVE to have the HTML purifier integrated with MODx !
          .: COO - Commerce Guys - Community Driven Innovation :.


          MODx est l'outil id
          • 22815
          • 1,097 Posts
          Looks like he came very close with the last posting, but he seems to have
          a) assumed that the content is called "tvcontent".
          b) assumed that you can write to $_POST[’tvcontent’] (which I’ve never seen done before).
            No, I don't know what OpenGeek's saying half the time either.
            MODx Documentation: The Wiki | My Wiki contributions | Main MODx Documentation
            Forum: Where to post threads about add-ons | Forum Rules
            Like MODx? donate (and/or share your resources)
            Like me? See my Amazon wishlist
            MODx "Most Promising CMS" - so appropriate!
            • 22815
            • 1,097 Posts
            EDIT: Version 3, edited with fuller instructions, and actually tested and working:

            Right. It’s academic whether you can write to $_POST, as the content has already been transferred to $content by the time the plugin point comes around. While I don’t actually have the HTML Purifier code (I can’t get to the site), I have tested the basic principle of the plugin by creating a test snippet that tinkered with the content before saving. The following should therefore work.

            Save the HTML Purifier stuff in "assets/plugins/htmlpurifier".

            Create a plugin. Name doesn’t matter, but call it HTMLPurifier. Use this code:

            $e = &$modx->Event;
            if ($e->name == 'OnBeforeDocFormSave') {
                set_include_path('../assets/plugins/htmlpurifier/library/');
                include_once('HTMLPurifier.php');
                $purifier = new HTMLPurifier();
                global $content;
                $content = $purifier->purify($content);
            }
            


            Make sure OnBeforeDocFormSave is ticked on the System Events tab.

            Save.

            Try editing documents; deliberately put crappy HTML in and form tags, see if they disappear on saving.
              No, I don't know what OpenGeek's saying half the time either.
              MODx Documentation: The Wiki | My Wiki contributions | Main MODx Documentation
              Forum: Where to post threads about add-ons | Forum Rules
              Like MODx? donate (and/or share your resources)
              Like me? See my Amazon wishlist
              MODx "Most Promising CMS" - so appropriate!
              • 1341
              • 20 Posts
              Hmm... it doesn’t work... (at least for me, anyway). And yes, I did check the proper system event (the heading for that set of events was greyed, if that means anything).

              What troubles are you having getting to the site?
                • 22815
                • 1,097 Posts
                Am now able to get to your site, so I’m testing it and find that there’s an issue with the include.
                New code:
                $e = &$modx->Event;
                if ($e->name == 'OnBeforeDocFormSave') {
                    set_include_path('../assets/plugins/htmlpurifier/library/');
                    include_once('HTMLPurifier.php');
                    $purifier = new HTMLPurifier();
                    global $content;
                    $content = $purifier->purify($content);
                }
                


                Ambush, if your plugin wasn’t erroring on save, then something else is wrong. Yes, there’s gray text, I don’t know what it means.

                Works with my basic test; having something in bold and some form tags. Bold tags stay, form tags vanish. Woo!
                (I’m sure there’s more to HTMLPurifier than that, but it proves that something is happening).
                  No, I don't know what OpenGeek's saying half the time either.
                  MODx Documentation: The Wiki | My Wiki contributions | Main MODx Documentation
                  Forum: Where to post threads about add-ons | Forum Rules
                  Like MODx? donate (and/or share your resources)
                  Like me? See my Amazon wishlist
                  MODx "Most Promising CMS" - so appropriate!
                  • 1341
                  • 20 Posts
                  Even with the fixed include path it doesn’t work.
                    • 22815
                    • 1,097 Posts
                    There was a ); missing in one version - please make sure that you’ve repasted the whole thing, and that OnBeforeDocFormSave is checked, not OnDocFormSave.

                    When you say "it doesn’t work", are you getting an error message when you save a document?
                      No, I don't know what OpenGeek's saying half the time either.
                      MODx Documentation: The Wiki | My Wiki contributions | Main MODx Documentation
                      Forum: Where to post threads about add-ons | Forum Rules
                      Like MODx? donate (and/or share your resources)
                      Like me? See my Amazon wishlist
                      MODx "Most Promising CMS" - so appropriate!
                      • 1341
                      • 20 Posts
                      Nope. Doesn’t work as in nothing happens. Is it working on your end?