Yii Framework Forum: chtmlpurifier to purify tinymce output - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

chtmlpurifier to purify tinymce output Rate Topic: -----

#1 User is offline   vpk369 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 08-August 11
  • Location:NYC

Posted 26 September 2011 - 03:39 PM

I would like to implement chtmlpurifier on all pages that has tinymce with default config on input. Can any one tell me which is the best way to attach this feature (as behavior,as an extension to tinymce,as an event ...)?
0

#2 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 27 September 2011 - 06:11 AM

AFAIK, TinyMCE already does this - so no need to do it again.
"Less noise - more signal"
0

#3 User is offline   vpk369 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 08-August 11
  • Location:NYC

Posted 27 September 2011 - 09:18 AM

View Postjacmoe, on 27 September 2011 - 06:11 AM, said:

AFAIK, TinyMCE already does this - so no need to do it again.


Thanks Jacmoe.. Do you have any code snippet that you would like to share to implement this functionality?
0

#4 User is offline   dckurushin 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 392
  • Joined: 16-March 11
  • Location:Israel

Posted 27 September 2011 - 09:31 AM

jacmoe It does nothing, turn of javascript, and you will get XSS

read documentation
http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier

you can use it as filter
1

#5 User is offline   vpk369 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 08-August 11
  • Location:NYC

Posted 28 September 2011 - 12:43 PM

View Postdckurushin, on 27 September 2011 - 09:31 AM, said:

jacmoe It does nothing, turn of javascript, and you will get XSS

read documentation
http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier

you can use it as filter


Thank you.
0

#6 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 28 September 2011 - 01:09 PM

Heh - I am actually doing this myself by means of a simple behavior:
<?php

class CSafeContentBehavior extends CActiveRecordBehavior
{
   public $attributes =array();
   protected $purifier;

   function __construct(){
  	$this->purifier = new CHtmlPurifier;
   }

   public function beforeSave($event)
   {
   	foreach($this->attributes as $attribute){
     	$this->getOwner()->{$attribute} = $this->purifier->purify($this->getOwner()->{$attribute});
  	}
   }
}


Then in my model(s):
	public function behaviors()
	{
		return array(
	    	'CSafeContentBehavior'=>array(
	        	'class' => 'application.models.behaviors.CSafeContentBehavior',
                	'attributes' => array('content', 'intro', 'title'),
	    	),

It is so transparent that I forgot that I used it! :lol:
"Less noise - more signal"
0

#7 User is offline   vpk369 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 08-August 11
  • Location:NYC

Posted 03 October 2011 - 12:42 PM

Thanks a bunch Jacmoe, This is exactly what i am looking for.


View Postjacmoe, on 28 September 2011 - 01:09 PM, said:

Heh - I am actually doing this myself by means of a simple behavior:
<?php

class CSafeContentBehavior extends CActiveRecordBehavior
{
   public $attributes =array();
   protected $purifier;

   function __construct(){
  	$this->purifier = new CHtmlPurifier;
   }

   public function beforeSave($event)
   {
   	foreach($this->attributes as $attribute){
     	$this->getOwner()->{$attribute} = $this->purifier->purify($this->getOwner()->{$attribute});
  	}
   }
}


Then in my model(s):
	public function behaviors()
	{
		return array(
	    	'CSafeContentBehavior'=>array(
	        	'class' => 'application.models.behaviors.CSafeContentBehavior',
                	'attributes' => array('content', 'intro', 'title'),
	    	),

It is so transparent that I forgot that I used it! :lol:

0

#8 User is offline   dckurushin 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 392
  • Joined: 16-March 11
  • Location:Israel

Posted 03 October 2011 - 05:42 PM

dont reinvent the wheel when you dont need to, this is what framework is all about...
you have a filter, a good one, you dont need to create for this behavior, you can, but it is waste of time
0

#9 User is offline   Nacesprin 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 71
  • Joined: 04-April 10
  • Location:San Fernando - Cadiz - Spain

Posted 29 March 2012 - 03:33 AM

View Postdckurushin, on 03 October 2011 - 05:42 PM, said:

you have a filter, a good one, you dont need to create for this behavior, you can, but it is waste of time


Do you refer to this?

array('text','filter','filter'=>array($obj=new CHtmlPurifier(),'purify')),
0

#10 User is offline   Abdulrhman A 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 5
  • Joined: 12-October 11

Posted 13 May 2012 - 11:54 PM

I think dckurushin means

class PostController extends CController
{
    ......
    public function filters()
    {
        return array(
            'postOnly + edit, create',
            array(
                'application.filters.PerformanceFilter - edit, create',
                'unit'=>'second',
            ),
        );
    }
}

:rolleyes:
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users