laurent
Advices for some allowed charactersFebruary 05, 2009 08:19AM |
Hi guys,
I am currently working on a web application that uses HTML Purifier. We created a class that altready filtered attacks from our forms but we wanted to add another tool more efficient. That's the reason why we recently installed your package of classes.
The problem is that there's a behaviour we would like to remove, the encoding of "some" characters.
Ex. we have a form with an input type="text". The customer wants to write "this is < my text" He validate is data by submitting. Using you class to filter the data, when we want to display the data there's written: "this is my text"
How can we control this behaviour? I notice that the encoding happened at this sentence: $this->strategy->execute( $lexer->tokenizeHTML( $html, $config, $context), $config, $context )
We really don't know how to allows "<" ">" in the context of sentences, words...
If you could help us?
Regards
Edited 1 time(s). Last edit at 02/05/2009 10:15AM by Ambush Commander.
Re: Advices for some allowed characters February 05, 2009 09:40AM |
Registered: 11 years ago Posts: 204 |
Re: Advices for some allowed characters February 05, 2009 10:15AM |
Admin Registered: 12 years ago Posts: 3,123 |
laurent
Re: Advices for some allowed charactersFebruary 06, 2009 02:53AM |
Re: Advices for some allowed characters February 06, 2009 04:08PM |
Admin Registered: 12 years ago Posts: 3,123 |
laurent
Re: Advices for some allowed charactersFebruary 09, 2009 08:08AM |
Hi,
I'm sorry but this is not what I am asking...
Basically we want to control and filter naughty html tags whereas we don't want to encode it!
For example if I write on an input of a form this text "this is < my text " I want that the class Purify checks if the string is correct and not, in other words if there isn't a script into the input or something that can cause damage.
We only want to know if it is possible to remove the html entities when filter by the class.
Re: Advices for some allowed characters February 09, 2009 10:56AM |
Admin Registered: 12 years ago Posts: 3,123 |
laurent
Re: Advices for some allowed charactersFebruary 10, 2009 09:26AM |
Hi,
take a look a this scenario.
http://img15.imageshack.us/img15/4808/formca2.jpg
Do you understand now? Is it possible to do what I want? It is possible to configure purify class to do what I want?
Let me know
Re: Advices for some allowed characters February 10, 2009 10:25AM |
Admin Registered: 12 years ago Posts: 3,123 |
Re: Advices for some allowed characters February 13, 2009 04:46PM |
Registered: 11 years ago Posts: 204 |
HTML Purifier is for HTML only..
if you're filtering plaintext fields such as name & email, then don't use Purifier because it's wasting resources of the server because it's not actually needed when you can use other methods with less overhead.
instead you can use PHP 5 native filters such as filter_var($text, FILTER_SANITIZE_EMAIL) & then filter_var($text, FILTER_VALIDATE_EMAIL) for email fields.
let HTMLPurifier be used for what it's designed for :)
ps. sorry for jumping in on the thread, i was just as confused as ambush by your follow up and image of what you require.
laurent
Re: Advices for some allowed charactersFebruary 18, 2009 11:36AM |