You can use:
Code: Select all
$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'EscapeInvalidTags', true);
$purifier = new HTMLPurifier($config);
See
http://hp.jpsband.org/live/configdoc/pl ... nvalidTags for more details.
However, there's a really cool feature of HTML Purifier that should be preferred. Just write the post like this:
Code: Select all
<pre><![CDATA[<script>alert('message');</script>]]></pre>
...and HTML Purifier will automatically escape everything in between the CDATA sections. This is an XML construct that is not normally supported by HTML, but I kept it around because it's pretty darn useful.
There are a few things that I have to add to make composing HTML by hand easier:
- Automatic URL linkification
- Paragraph from doublespace
- Smileys
However, you may also want to consider giving users a WYSIWYG editor. Raw HTML is somewhat less user friendly than Textile or BBCode.
How broad is your knowledge pal?
That's a difficult question to answer.