Re: HTML Purifier or Sanitize core library
Thanks for all the answers -- Mark, do you use Markdown or textile at mark-story.com to write blog posts? Just curious since it seems you have lots of HTML in there. Thanks again, Loic On Wed, Oct 6, 2010 at 1:16 PM, mark_story wrote: > HTML purifier is miles better than the Sanitize. I would recommend > escaping and using a text processor like markdown or textile. > However, if you need to accept html from the unwashed masses, use > HTMLPurifier. > > -Mark > > On Oct 4, 1:02 pm, Loic Duros wrote: > > Hello, > > > > I'm currently building a blog with CakePHP, and I would like to > > sanitize/filter my posts before they are displayed on screen to prevent > > cross-site scripting. However, I would still like to allow for a great > deal > > of HTML markup and attributes in the HTML. I have tried using the > Sanitize > > Core Library but, as far as I know, it doesn't allow for filtering some > tags > > while keeping others. As a result, I'm looking into HTML Purifier ( > http://htmlpurifier.org/) to do the job in my controller and/or view > > template files. I found the following Brita Component in the Bakery: > http://bakery.cakephp.org/articles/view/brita-component-with-html-pur... > > > > I wonder however if anyone has implemented such a filtering/sanitizing > > solution for their site and if I'm missing something obvious I should be > > using to secure my site on that end. > > > > Thank you, > > > > Loic > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.comFor > more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > -- Loic J. Duros - www.lduros.net Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
HTML Purifier or Sanitize core library
Hello, I'm currently building a blog with CakePHP, and I would like to sanitize/filter my posts before they are displayed on screen to prevent cross-site scripting. However, I would still like to allow for a great deal of HTML markup and attributes in the HTML. I have tried using the Sanitize Core Library but, as far as I know, it doesn't allow for filtering some tags while keeping others. As a result, I'm looking into HTML Purifier ( http://htmlpurifier.org/) to do the job in my controller and/or view template files. I found the following Brita Component in the Bakery: http://bakery.cakephp.org/articles/view/brita-component-with-html-purifier I wonder however if anyone has implemented such a filtering/sanitizing solution for their site and if I'm missing something obvious I should be using to secure my site on that end. Thank you, Loic Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: About Auth and ACL Components
Why not create a groups table and model? Then give the Group Model a hasMany users? :-) You can then set the groups to work as aros. I think it's in the cookbook; the ACL tutorial includes a groups table and model: http://book.cakephp.org/view/1544/Preparing-our-Application Loic On Wed, Sep 8, 2010 at 10:50 AM, Synue Cunioci wrote: > I've been reading about Auth and ACL Components and, following what > I've seen in the cookbook, it seems that I should have tables called > users, acos, aros and aros_acos to handle Auth and ACL. My question > is: how do I handle (in the database) two or three kinds of users (as > visitors, authors and administrators)? > > Since the data I should store in the database are different for each > kind of user I don't know exactly what I should do. > > Thanks in advance > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.comFor > more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en