Advices for some allowed characters

Hi guys,

I am currently working on a web application that uses HTML Purifier. We created a class that altready filtered attacks from our forms but we wanted to add another tool more efficient. That's the reason why we recently installed your package of classes.

The problem is that there's a behaviour we would like to remove, the encoding of "some" characters.

Ex. we have a form with an input type="text". The customer wants to write "this is < my text" He validate is data by submitting. Using you class to filter the data, when we want to display the data there's written: "this is &nbsp; my text"

How can we control this behaviour? I notice that the encoding happened at this sentence: $this->strategy->execute( $lexer->tokenizeHTML( $html, $config, $context), $config, $context )

We really don't know how to allows "<" ">" in the context of sentences, words...

If you could help us?

Regards

Edited 1 time(s). Last edit at 02/05/2009 10:15AM by Ambush Commander.

you should only be using html purifier for HTML not for normal text.

Do you mean   or <?

Hi guys,

yes I'm sorry i mean if the customer write this text "this is < my text" when we use purify method the output becomes "this is

<

".

How could I change this behaviour? I mean I would like to allow customer to write this character "<" o this one ">" without encodes it...

Seems to work for me.

Hi,

I'm sorry but this is not what I am asking...

Basically we want to control and filter naughty html tags whereas we don't want to encode it!

For example if I write on an input of a form this text "this is < my text " I want that the class Purify checks if the string is correct and not, in other words if there isn't a script into the input or something that can cause damage.

We only want to know if it is possible to remove the html entities when filter by the class.

Can you post some sample inputs and what you would like to see happen with those inputs? It sounds like you're looking for a validator, but I'm not sure.

Hi,

take a look a this scenario.

http://img15.imageshack.us/img15/4808/formca2.jpg

Do you understand now? Is it possible to do what I want? It is possible to configure purify class to do what I want?

Let me know

I still don't understand. By the letter of your example, that's what HTML Purifier already does. However, you shouldn't be using HTML Purifier for author and email fields.

HTML Purifier is for HTML only..

if you're filtering plaintext fields such as name & email, then don't use Purifier because it's wasting resources of the server because it's not actually needed when you can use other methods with less overhead.

instead you can use PHP 5 native filters such as filter_var($text, FILTER_SANITIZE_EMAIL) & then filter_var($text, FILTER_VALIDATE_EMAIL) for email fields.

let HTMLPurifier be used for what it's designed for :)

ps. sorry for jumping in on the thread, i was just as confused as ambush by your follow up and image of what you require.

Thanks you for advices...

You're true, we were misusing your classes.

We're looking for phpids, do you know? It seems to be a good filter.

Laurent