Welcome! » Log In » Create A New Profile

basics - filter input or escape output?

Posted by jbawarren 
basics - filter input or escape output?
November 26, 2010 09:22PM

How is this library used? Is it better to filter data before saving it to the database or escape output instead? I would likely use it to filter input - is this common practice?

Re: basics - filter input or escape output?
November 27, 2010 06:34AM

Since HTML Purifier is big and slow, the best practice is to filter on input but save the original input too. See http://htmlpurifier.org/docs/enduser-slow.html

ted
Re: basics - filter input or escape output?
December 01, 2010 03:20PM
Sorry, you do not have permission to post/reply in this forum.