special-charactershtmlpurifier

How to escape special charcters?


I am using a html purifier package for purifying my rich text from any xss before storing in database.

But my rich text allows for Wiris symbols which uses special character as → or  .

Problem is the package does not allow me to escape these characters. It removes them completely. What should I do to escape them ??

Example of the string before purifying

<p><math xmlns="http://www.w3.org/1998/Math/MathML"><msup><mi>x</mi><mn>2</mn></msup><mo>&#160;</mo><mo>+</mo><mo>&#160;</mo><mmultiscripts><mi>y</mi><mprescripts/><none/><mn>2</mn></mmultiscripts><mo>&#160;</mo><mover><mo>&#8594;</mo><mo>=</mo></mover><mo>&#160;</mo><msup><mi>z</mi><mn>2</mn></msup><mo>&#160;</mo></math></p>

After purifying

<p><math xmlns="http://www.w3.org/1998/Math/MathML"><msup><mi>x</mi><mn>2</mn></msup><mo> </mo><mo>+</mo><mo> </mo><mmultiscripts><mi>y</mi><mprescripts></mprescripts><none><mn>2</mn></mmultiscripts><mo> </mo><mover><mo>→</mo><mo>=</mo></mover><mo> </mo><msup><mi>z</mi><mn>2</mn></msup><mo> </mo></math></p>


Solution

  • I solved the problem by setting key Core.EscapeNonASCIICharacters to true

    under my default key in my purifier.php file and the problem has gone.