👀 Views: 0 💬 Answers: 1 📅 Created: 2025-06-12

php html-purifier sanitization PHP

I've been researching this but I'm sure I'm missing something obvious here, but I'm sure I'm missing something obvious here, but I'm currently integrating HTML Purifier into my PHP application to sanitize user input, but I've run into an scenario where nested tags are being removed unexpectedly. I'm using HTML Purifier version 4.13.0 with the following configuration: ```php $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.Allowed', 'p,b,a[href],ul,ol,li,strong,em'); $config->set('HTML.Nested', true); $purifier = new HTMLPurifier($config); ``` When I run the following code: ```php $dirty_html = '<p>This is a <strong>sample</strong> text with <ul><li>item1</li><li>item2</li></ul></p>'; $clean_html = $purifier->purify($dirty_html); ``` I expect to get the full structure back, but the output is: ```html <p>This is a <strong>sample</strong> text with </p> ``` The unordered list is completely removed, and I can’t seem to understand why. I've tried changing the `HTML.Allowed` setting to include `ul` and `li`, and I've also set `HTML.Nested` to `true`, but nothing seems to change. I've looked through the HTML Purifier documentation and even checked some online forums, but I haven't found a solution. Is there a specific way to handle nested lists that I'm missing, or does HTML Purifier have a limitation that I need to be aware of? Any insights would be greatly appreciated! Is there a better approach? This is part of a larger service I'm building. How would you solve this? Thanks in advance! This is part of a larger service I'm building.