I'm using HTMLPurifier to sanitize some HTML I'm getting from a form. However when I call getHTMLDefinition() on my config it causes HTMLPurifier->purify() to throw a warning.
Here's my setup:
$HPConfig = HTMLPurifier_Config::createDefault();
$HPConfig->set('Cache.SerializerPath', APPLICATION_ROOT.'/forums/cache/HtmlPurifier');
$HPConfig->set('HTML.Doctype', 'XHTML 1.0 Transitional');
$HPConfig->set('HTML.AllowedElements', ['p','br','img','i','b']);
$HPConfig->set('HTML.AllowedAttributes', ['href','style']);
$HPConfig->set('CSS.AllowedProperties', 'text-align');
$HPConfig->set('HTML.DefinitionID', 'myapp-text.html');
$HPConfig->set('HTML.DefinitionRev', 2);
$def = $HPConfig->getHTMLDefinition(true);
$HtmlPurifier = new HTMLPurifier($HPConfig);
$text = $HtmlPurifier->purify($text);
When I use the above code my script throws this warning:
Warning: Global attribute 'href' is not supported in any elements (for information on implementing this, see the support forums) in /var/...
However, if I simply remove the $def = $HPConfig->getHTMLDefinition(true); line the warning disappears. What does the getHTMLDefinition() method do that causes HTMLPurifier's behaviour to change? and is there a way to prevent it from happening?
