The answer to this is easy actually, you can avoid the whole autoloader thing if you just get the standalone version. I was just too tired yesterday..
As there's not much documentation on this topic in general, I though I'd just post my way of implementing HTMLPurifier. Perhaps somebody has a better way.
I just dropped in HTMLpurifier.standalone.php under mysite/thirdparty/ (it could be anywhere really), then created a class Purifier.php:
<?php
class Purifier
{
//put your code here
public static function purify($content)
{
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', 'span,p,br,a,h1,h2,h3,h4,h5,strong,em,u,ul,li,ol,hr,blockquote,sub,sup,p[class],img');
$config->set('HTML.AllowedElements', array('span','p','br','a','h1','h2','h3','h4','h5','strong','em','u','ul','li','ol','hr','blockquote','sub','sup','img'));
$config->set('HTML.AllowedAttributes', 'style,target,title,href,class,src,border,alt,width,height,title,name,id,align,valign');
$config->set('CSS.AllowedProperties', 'text-align,font-weight,text-decoration');
$config->set('AutoFormat.RemoveEmpty', true);
$config->set('Attr.ForbiddenClasses', array('MsoNormal'));
$purifier = new HTMLPurifier($config);
return $cleanCode = $purifier->purify($content);
}
}
No you can call Purifier::purify($content) from anywhere.
I also tried the class in the CMS and that worked as well:
$purifier = HTMLCleaner::inst();
$cleanhtml = $purifier->cleanHTML($content);
But this is without the config then.