Yii Framework Forum: HtmlPurifier - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

HtmlPurifier 1.1 Rate Topic: -----

#1 User is offline   bettor 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 752
  • Joined: 02-February 09

Posted 10 July 2010 - 04:24 AM

I am trying to use htmlpurifier that comes with the framework for additional XSS security measures but am unable to understand how to use it. I am using it as a widget and what I've done is declared all the body content of my layout file to be in the purifier widget. The result is all my forms are gone and a few scripts don't work. Can someone provide an example of how to use the html purifier properly.

Cheers,
bettor
0

#2 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,778
  • Joined: 17-January 09
  • Location:Russia

Posted 10 July 2010 - 05:04 AM

That is not a good solution because it's very bad to use htmlpurifier on every request in terms of performance. Try using it only on saving your data.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#3 User is offline   bettor 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 752
  • Joined: 02-February 09

Posted 11 July 2010 - 11:46 AM

View Postsamdark, on 10 July 2010 - 05:04 AM, said:

That is not a good solution because it's very bad to use htmlpurifier on every request in terms of performance. Try using it only on saving your data.


Hi Samdark,

Thanks for your advise.

Best,
bettor
0

#4 User is offline   mech7 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 220
  • Joined: 26-March 09

Posted 11 July 2010 - 11:46 AM

I was looking at it too... is there any documentation how to use? I would like it to use in a comment form only allowing some common html link / code blocks
0

#5 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,778
  • Joined: 17-January 09
  • Location:Russia

Posted 11 July 2010 - 01:32 PM

$p = new CHtmlPurifier();
$p->options = array('URI.AllowedSchemes'=>array(
  'http' => true,
  'https' => true,
  'mailto' => true,
  'ftp' => true,
  'nntp' => true,
  'news' => true,
  )
);
$text = $p->purify($text);


Will add this to API docs for next release.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#6 User is offline   bettor 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 752
  • Joined: 02-February 09

Posted 12 July 2010 - 05:34 AM

Hi,

there is an extension that accommodates the use of htmlpurifier however its been behaving very unpredictably. I turned on $_POST purifying and now my posts don't work. I will try to directly use samdark's example. Thanks for that samdark.

Regards,
bettor
0

#7 User is offline   allankliu 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 09-July 10

Posted 15 July 2010 - 05:25 PM

Addtionally, the merge PHP file is about 500+ KB, it is too large to upload.
0

#8 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,778
  • Joined: 17-January 09
  • Location:Russia

Posted 16 July 2010 - 03:32 AM

You are uploading it only once. So it does not really matter if it takes one or maybe five minutes.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users