while reading the Security-Section on yiiframework.com I came across the question, if I automatically can use CHtmlPurifier to validate user input?
Using CHtmlPurifier directly in the view file is according to the performance not that good and so it would be great to use it before, so that malicious input gets not saved in the database.
If you’ll add this validator (which is not actually a validator) to your model then the “text” field will be purified and inserted into a database without malicious code.
Just as I believe the OP is looking for a "catch all" solution to this, so am I.
While the provided method is great for sanitizing single input fields (like the ‘text’ field in the above case), why not automatically purify ALL inputs? After all, client input is not to be trusted!
Can we use filters for this purpose? If so, how is it done? (Documentation on filters is a bit thin…)
True, but then I would have to manually iterate through the fields. Using the validator, albeit a bit ad hoc, is perhaps a cleaner way. I still have a feeling that using filters might be the best solution (for me), but I still don’t fully grasp how they work, yet…
Edit: I read up on behaviours. That might be the way to go. Thanks!