[vpk369]

I would like to implement chtmlpurifier on all pages that has tinymce with default config on input. Can any one tell me which is the best way to attach this feature (as behavior,as an extension to tinymce,as an event ...)?

[jacmoe]

AFAIK, TinyMCE already does this - so no need to do it again.

[vpk369]

jacmoe, on 27 September 2011 - 06:11 AM, said:

AFAIK, TinyMCE already does this - so no need to do it again.

Thanks Jacmoe.. Do you have any code snippet that you would like to share to implement this functionality?

[dckurushin]

jacmoe It does nothing, turn of javascript, and you will get XSS

read documentation
http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier

you can use it as filter

[vpk369]

dckurushin, on 27 September 2011 - 09:31 AM, said:

jacmoe It does nothing, turn of javascript, and you will get XSS

read documentation
http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier

you can use it as filter

Thank you.

[jacmoe]

Heh - I am actually doing this myself by means of a simple behavior:

<?php

class CSafeContentBehavior extends CActiveRecordBehavior
{
   public $attributes =array();
   protected $purifier;

   function __construct(){
  	$this->purifier = new CHtmlPurifier;
   }

   public function beforeSave($event)
   {
   	foreach($this->attributes as $attribute){
     	$this->getOwner()->{$attribute} = $this->purifier->purify($this->getOwner()->{$attribute});
  	}
   }
}

Then in my model(s):

	public function behaviors()
	{
		return array(
	    	'CSafeContentBehavior'=>array(
	        	'class' => 'application.models.behaviors.CSafeContentBehavior',
                	'attributes' => array('content', 'intro', 'title'),
	    	),

It is so transparent that I forgot that I used it!

[vpk369]

Thanks a bunch Jacmoe, This is exactly what i am looking for.

jacmoe, on 28 September 2011 - 01:09 PM, said:

Heh - I am actually doing this myself by means of a simple behavior:

<?php

class CSafeContentBehavior extends CActiveRecordBehavior
{
   public $attributes =array();
   protected $purifier;

   function __construct(){
  	$this->purifier = new CHtmlPurifier;
   }

   public function beforeSave($event)
   {
   	foreach($this->attributes as $attribute){
     	$this->getOwner()->{$attribute} = $this->purifier->purify($this->getOwner()->{$attribute});
  	}
   }
}

Then in my model(s):

	public function behaviors()
	{
		return array(
	    	'CSafeContentBehavior'=>array(
	        	'class' => 'application.models.behaviors.CSafeContentBehavior',
                	'attributes' => array('content', 'intro', 'title'),
	    	),

It is so transparent that I forgot that I used it!

[dckurushin]

dont reinvent the wheel when you dont need to, this is what framework is all about...
you have a filter, a good one, you dont need to create for this behavior, you can, but it is waste of time

[Nacesprin]

dckurushin, on 03 October 2011 - 05:42 PM, said:

you have a filter, a good one, you dont need to create for this behavior, you can, but it is waste of time

Do you refer to this?

array('text','filter','filter'=>array($obj=new CHtmlPurifier(),'purify')),

[Abdulrhman A]

I think dckurushin means

class PostController extends CController
{
    ......
    public function filters()
    {
        return array(
            'postOnly + edit, create',
            array(
                'application.filters.PerformanceFilter - edit, create',
                'unit'=>'second',
            ),
        );
    }
}