How to use HtmlPurifier in Yii2. Currently my form inputs are not being html encoded which opens a chance for CSS attacks.
Any examples?
Edit
I have a detail view like this.
<?php echo DetailView::widget([
'model' => $model,
'attributes' => [
//'p_id',
//'user_id',
'first_name:ntext',
'last_name:ntext',
[
'label' => 'Company',
'value' => $model->user->c->name,
],
'address:ntext',
'job_designation:ntext',
'about:ntext',
],
]); ?>
Rules
public function rules()
{
return [
[['user_id', 'first_name', 'last_name', 'address', 'job_designation'], 'required'],
[['user_id'], 'integer'],
[['first_name', 'last_name', 'address', 'job_designation', 'about'], 'string']
];
}
I gave <script>prompt(‘some question’)</script> as firstname and last name. Upon taking the view page,it is prompting for the same.But job_designation is not prompting when I test that field.
But view page source is giving as,
<td><script>prompt(08888)</script></td></tr>
What is happening here and how to fix it?