Reply to Re: How do you secure a WYSIWYG editor?

Your name:

Reply:


Posted by Spocke on 01/18/08 19:18

Use: http://htmlpurifier.org/
It's way more secure than strip_tags.

On Jan 17, 11:06 pm, firewood...@yahoo.com wrote:
> On Wed, 16 Jan 2008 05:36:09 -0800 (PST), "C.
>
>
>
> (http://symcbean.blogspot.com/)" <colin.mckin...@gmail.com> wrote:
> >On 15 Jan, 19:38, a...@spamcop.net (axlq) wrote:
> >> In article <vl1qo3did9p695cr8sck2gpfejo4h03...@4ax.com>,
>
> >> <firewood...@yahoo.com> wrote:
> >> >I usetinyMCEto provide a formattable textarea for the users of my
> >> >website. How do I filter data so complex as that?
>
> >> What do you want to filter? WithTinyMCEyou can control the
> >> features that a user puts into the text. If the user tries to
> >> insert some HTML tags you don't allow (use any of the regexp
> >> functions or stristri()), simply warn the user and redisplay the
> >> text until the user fixes it.
>
> >!
>
> >Maybe its possible to configure the editor but thats client-side even
> >if it is configured not to allow certain tags to be entered, the
> >receiving PHP script should sanitize the input.
>
> >RTFM for strip_tags()
>
> >C.
>
> Ah RTFM. I've see I've found the perfect place to avoid
> enlightenment.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация