Hello, I'm currently building a blog with CakePHP, and I would like to sanitize/filter my posts before they are displayed on screen to prevent cross-site scripting. However, I would still like to allow for a great deal of HTML markup and attributes in the HTML. I have tried using the Sanitize Core Library but, as far as I know, it doesn't allow for filtering some tags while keeping others. As a result, I'm looking into HTML Purifier ( http://htmlpurifier.org/) to do the job in my controller and/or view template files. I found the following Brita Component in the Bakery: http://bakery.cakephp.org/articles/view/brita-component-with-html-purifier
I wonder however if anyone has implemented such a filtering/sanitizing solution for their site and if I'm missing something obvious I should be using to secure my site on that end. Thank you, Loic Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
