Don't know about that component. We implemented behavior that repair and sanitize user HTML with HTML Purifier library before save to DB. In this case expensive purifing is done only once, on save, instead of every time, on view.
On 5 окт, 00:02, Loic Duros <loic.du...@gmail.com> wrote: > Hello, > > I'm currently building a blog with CakePHP, and I would like to > sanitize/filter my posts before they are displayed on screen to prevent > cross-site scripting. However, I would still like to allow for a great deal > of HTML markup and attributes in the HTML. I have tried using the Sanitize > Core Library but, as far as I know, it doesn't allow for filtering some tags > while keeping others. As a result, I'm looking into HTML Purifier > (http://htmlpurifier.org/) to do the job in my controller and/or view > template files. I found the following Brita Component in the > Bakery:http://bakery.cakephp.org/articles/view/brita-component-with-html-pur... > > I wonder however if anyone has implemented such a filtering/sanitizing > solution for their site and if I'm missing something obvious I should be > using to secure my site on that end. > > Thank you, > > Loic Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
