Element 'fieldset' is not supported

[agluh]

Hi!

I've installed latest version of purifier and your extension via composer

"ezyang/htmlpurifier": "^4.11",
"xemlock/htmlpurifier-html5": "^0.1.11"

The following code:

$text = '<fieldset><legend>Some title</legend><div><p>Some content</p></div></fieldset>';
$config = \HTMLPurifier_HTML5Config::createDefault();
$config->set('HTML.Allowed', 'fieldset');
$purifier = new \HTMLPurifier($config);
$purifier->purify($text);

throws an error:
Element 'fieldset' is not supported (for information on implementing this, see the support forums)

I've try also another approach:

$text = '<fieldset><legend>Some title</legend><div><p>Some content</p></div></fieldset>';
$config = \HTMLPurifier_HTML5Config::create([
    'HTML.Allowed' => 'fieldset'
]);
$purifier = new \HTMLPurifier($config);
$purifier->purify($text);

but got the same error.

I thought this extension adds support of some HTML5 tags including fieldset for HTMLPurifier. Did i missed something?

Regards, Alex

[agluh]

Forgot to mention: without set HTML.Allowed the fieldset tag is simply getting cut off from the text, and this is unacceptable for me.

[xemlock]

Hi @alexg-nn,

<fieldset> element belongs to Forms module, which is considered unsafe. In order to allow it you have to set HTML.Trusted to true. This is how it works in original HTML Purifier (see this thread).

The drawback of switching to trusted mode is that <script> tags will be allowed (among others), so I'd recommend adding script to HTML.ForbiddenElements, like so:

$text = '<fieldset><legend>Some title</legend><div><p>Some content</p></div></fieldset>';
$config = \HTMLPurifier_HTML5Config::create([
    'HTML.Trusted' => true,
    'HTML.ForbiddenElements' => ['script'],
]);
$purifier = new \HTMLPurifier($config);
echo $purifier->purify($text);

[agluh]

Yes, now it works. Thank you @xemlock.