BaseHtmlPurifier config can now be a closure

framework/helpers/BaseHtmlPurifier.php

@@ -20,17 +20,39 @@ class BaseHtmlPurifier
     /**
      * Passes markup through HTMLPurifier making it safe to output to end user
      * 
-     * @param string $content
-     * @param array|null $config
-     * @return string
+     * @param string $content The HTML content to purify
+     * @param array|\Closure|null $config The config to use for HtmlPurifier.
+     * If not specified or `null` the default config will be used.
+     * You can use an array or an anonymous function to provide configuration options:
+     *
+     * - An array will be passed to the `HTMLPurifier_Config::create()` method.
+     * - An anonymous function will be called after the config was created.
+     *   The signature should be: `function($config)` where `$config` will be an
+     *   instance of `HTMLPurifier_Config`.
+     *
+     *   Here is a usage example of such a function:
+     *
+     *   ~~~
+     *   // Allow the HTML5 data attribute `data-type` on `img` elements.
+     *   $content = HtmlPurifier::process($content, function($config) {
+     *     $config->getHTMLDefinition(true)
+     *            ->addAttribute('img', 'data-type', 'Text');
+     *   });
+     * ~~~
+     *
+     * @return string the purified HTML content.
      */
     public static function process($content, $config = null)
     {
-        $configInstance = \HTMLPurifier_Config::create($config);
+        $configInstance = \HTMLPurifier_Config::create($config instanceof \Closure ? null : $config);
         $configInstance->autoFinalize = false;
         $purifier=\HTMLPurifier::instance($configInstance);
         $purifier->config->set('Cache.SerializerPath', \Yii::$app->getRuntimePath());
         
+        if ($config instanceof \Closure) {
+            call_user_func($config, $configInstance);
+        }
+
         return $purifier->purify($content);
     }
 }