I know that I can set the allowed tags and eventually attributes in HTML Purifier with something like:
$cfg->set('HTML.Allowed', 'a[href|title],'b','em','i','strike');
but how can I also disallow any attribute values that do not match certain predefined values?
For example I may want to allow the div + class tag:
$cfg->set('HTML.Allowed', 'div[class],a[href|title],'b','em','i','strike');
but only if the class is abc, def or xyz
Set Attr.AllowedClasses. to limit only those classes you would like to allow.