On Feb 1, 6:51 am, "R. Rajesh Jeba Anbiah"
<[EMAIL PROTECTED]> wrote:
> On Jan 31, 5:55 pm, AD7six <[EMAIL PROTECTED]> wrote:
> <snip>> Cake automatically escapes data in db queries - you are already
> > protected against sql injection. xss etc is a different matter, and is
> > an example of where sanitize fits in.
>
> <snip>
>
> Having checked your codes in UploadBehavior and impressed with
> your tricks, may I know how do you handle HTML inputs? I know, cake's
> default scaffolding add, edit interfaces handle HTML inputs; but not
> view and index.
I'm not sure what aspect of accepting html you are asking about.
How to store it? html in the db
How to avoid malicious content? Sanitize::stripScripts (or other as
appropriate) beforeSave
How to display it? echo $html->clean($stuff) *
The last 2 should have the same effect: preventing displaying
undesired js. The first makes sure it doesn't get into the db in the
first place and the second removes it before display even if it does.
hth,
AD
*
https://trac.cakephp.org/browser/branches/1.2.x.x/cake/libs/view/helper.php?rev=6356#L207
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
