Yii 1.1: esanitizer

ESanitizer - uses HTMLPurifier to sanitize all user input

This extension sanitizes all user input ($_POST, $_GET, $_COOKIE,$_FILES) with html purifier to protect against XSS



  • Yii 1.0 or above


  • Extract the release file under protected/extensions


Add the following to your config file.

    // application components
            'sanitizer' => array(
                    "class" => 'ESanitizer',
                    'sanitizeGet' =>false,
                    'sanitizePost' => true,
                    'sanitizeCookie' => true,

Change Log

September 10,2009

Update: added support for sanitizing $_FILES (enabled by default) added support for nofollowing links (enabled by default) added support for opening links in new windows (disabled by default)

September 9, 2009

  • Initial release.

Total 2 comments

#3479 report it
oldblues10 at 2011/04/14 02:46pm
Question about $_FILES sanitization

Why are you populating $_COOKIE from the $_FILES sanitization. This is a bug. It should populate to $_FILES. Am i missing something here?

#2345 report it
pcs2112 at 2010/12/15 03:44pm
How to use?

How you use this plugin?


Leave a comment

Please to leave your comment.

Create extension
  • Yii Version: 1.1
  • License: Other Open Source License
  • Developed by: YorkSEO
  • Category: Security
  • Votes: +2 / -1
  • Downloaded: 928 times
  • Created on: Sep 9, 2009
  • Last updated: Sep 10, 2009