Links and strip_unsafe_html


I would like to get href link working in an article abstract, but it doesn’t work. As far as I understand the cause for that is the “strip_unsafe_html” that is used in the statement:


If I remove it, the link works. Can you please explain to me what is the purpose of the “strip_unsafe_html”?

Further on I have read the PKP forum and verified the PHP “allowed_html” variable:

  • in the config.php.ini and in php.ini it is set and includes href

  • but if I verify variables in OJS using System information" and “Extended PHP Information” that variable is not listed there.

Regards, Primož

The Smarty modifier strip_unsafe_html calls String::stripUnsafeHtml, which uses HTMLPurifier according to the ‘allowed_html’ rules in The configuration set in won’t show up in the “Extended PHP Information”. The configuration is the application configuration, and “Extended PHP Information” is phpinfo(), the PHP configuration.

What exactly is your “alllowed_html” line, and what version of OJS are you using?

Hi @ctgraham,

thank you for really quick answer. Currently I am using OJS 2.4.4.-1 on Windows, but I have noticed same behavior on some other versions as well.

The allowed_html is like <a href|target> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <b> <i> <u> <img src|alt> <sup> <sub> <br> <p>

Any idea how to solve this?

Regards, Primož

That seems like it ought to work. The allowed_html line in is not “commented out” with a semicolon in front of it, correct?

What does your link look like as it is stored in the database? (See database table article_settings.setting_value for the setting_name of “abstract”.)

What does your link look like when it is presented in HTML? (The browser’s HTML inspector will help here.)

Hi @ctgraham,

The allowed_html is not commented out.

The link in the DB looks like:
'2', 'sl_SI', 'abstract', '<a href=\"\">Povzetek</a>', 'string'

The HTML code of the link (using HTML editor in OJS) looks like:
<a href="">Povzetek</a>

As far as I understand everything looks OK :frowning:

Any idea?

Regards, Primož

What is the HTML result in the final display? That is, what part is stripped?

Hi @ctgraham,

I am really confused now: It works!

What I did was cleaning the cache and restarting the Apache server, after that the HTML code continued the link and it works. Verified several time.

Sorry for this and thank you very much for help.

Regards, Primož