Welcome! » Log In » Create A New Profile

Advices for some allowed characters

Posted by laurent 
laurent
Advices for some allowed characters
February 05, 2009 08:19AM

Hi guys,

I am currently working on a web application that uses HTML Purifier. We created a class that altready filtered attacks from our forms but we wanted to add another tool more efficient. That's the reason why we recently installed your package of classes.

The problem is that there's a behaviour we would like to remove, the encoding of "some" characters.

Ex. we have a form with an input type="text". The customer wants to write "this is < my text" He validate is data by submitting. Using you class to filter the data, when we want to display the data there's written: "this is &nbsp; my text"

How can we control this behaviour? I notice that the encoding happened at this sentence: $this->strategy->execute( $lexer->tokenizeHTML( $html, $config, $context), $config, $context )

We really don't know how to allows "<" ">" in the context of sentences, words...

If you could help us?

Regards

Edited 1 time(s). Last edit at 02/05/2009 10:15AM by Ambush Commander.

Re: Advices for some allowed characters
February 05, 2009 09:40AM

you should only be using html purifier for HTML not for normal text.

Re: Advices for some allowed characters
February 05, 2009 10:15AM

Do you mean   or <?

laurent
Re: Advices for some allowed characters
February 06, 2009 02:53AM

Hi guys,

yes I'm sorry i mean if the customer write this text "this is < my text" when we use purify method the output becomes "this is

&lt;

".

How could I change this behaviour? I mean I would like to allow customer to write this character "<" o this one ">" without encodes it...

Re: Advices for some allowed characters
February 06, 2009 04:08PM
laurent
Re: Advices for some allowed characters
February 09, 2009 08:08AM

Hi,

I'm sorry but this is not what I am asking...

Basically we want to control and filter naughty html tags whereas we don't want to encode it!

For example if I write on an input of a form this text "this is < my text " I want that the class Purify checks if the string is correct and not, in other words if there isn't a script into the input or something that can cause damage.

We only want to know if it is possible to remove the html entities when filter by the class.

Re: Advices for some allowed characters
February 09, 2009 10:56AM

Can you post some sample inputs and what you would like to see happen with those inputs? It sounds like you're looking for a validator, but I'm not sure.

laurent
Re: Advices for some allowed characters
February 10, 2009 09:26AM

Hi,

take a look a this scenario.

http://img15.imageshack.us/img15/4808/formca2.jpg

Do you understand now? Is it possible to do what I want? It is possible to configure purify class to do what I want?

Let me know

Re: Advices for some allowed characters
February 10, 2009 10:25AM

I still don't understand. By the letter of your example, that's what HTML Purifier already does. However, you shouldn't be using HTML Purifier for author and email fields.

Re: Advices for some allowed characters
February 13, 2009 04:46PM

HTML Purifier is for HTML only..

if you're filtering plaintext fields such as name & email, then don't use Purifier because it's wasting resources of the server because it's not actually needed when you can use other methods with less overhead.

instead you can use PHP 5 native filters such as filter_var($text, FILTER_SANITIZE_EMAIL) & then filter_var($text, FILTER_VALIDATE_EMAIL) for email fields.

let HTMLPurifier be used for what it's designed for :)

ps. sorry for jumping in on the thread, i was just as confused as ambush by your follow up and image of what you require.

laurent
Re: Advices for some allowed characters
February 18, 2009 11:36AM

Thanks you for advices...

You're true, we were misusing your classes.

We're looking for phpids, do you know? It seems to be a good filter.

Laurent

Sorry, you do not have permission to post/reply in this forum.