HTMLPurify - Disable Javascript

I use HTMLPurify for disabling JavasSript in a textarea.

My problem is:

$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier();
$va = $purifier->p开发者_StackOverflow社区urify($va);

This removes script tags, but does not remove [a href='javascript:...']link[/a]

What should I do to remove the bad links and retain good links?

Try setting the AllowedSchemes whitelist.

The live demo is indeed filtering both href="javascript:... and onclick. You can see the demo here.

Maybe you are using an older version?

Use regular expressions to scan the textareas content for invalid / unwanted tags.