Jim Higson wrote:
So far I'm allowing color face and size, are there
any others the php parser
allows (or should allow?)
Here's what the HTML sanitizer code in 1.5 currently allows:
Common attributes:
'id', 'class', 'lang', 'dir', 'title',
'style'
Specific to <font>:
'size', 'color', 'face'
The <=1.4 code is more permissive as it has only a global attribute
whitelist, and will thus allow attributes that don't actually apply to
the <font> element.
-- brion vibber (brion @
pobox.com)