+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Codeigniter stripping HTML ? (/showthread.php?tid=44264)
Codeigniter stripping HTML ? - El Forum - 08-09-2011
[eluser]brucebat[/eluser]
Hey all,
I am trying to get to the bottom of a problem im having with a blog maker.
I am using TinyMCE to construct my content in a blog post
http://www.tinymce.com/
However after asking around there it seems that the problem may be codeigniter.
I have XSS filtering on but not validation being done on the my blog maker.
The HTML in the editor is fine, but when it goes to the database it gets stripped.
Anyway I can fix this?
Thanks
Codeigniter stripping HTML ? - El Forum - 08-09-2011
[eluser]Twisted1919[/eluser]
Text editors insert allot of style="anything" and the xss_clean() method will strip those.
Use html purifier for your editor content and xss_clean() for all the other fields.
Codeigniter stripping HTML ? - El Forum - 08-10-2011
[eluser]pickupman[/eluser]
Also keep in mind that you need to configure TinyMCE allowed elements in your [url="http://www.tinymce.com/wiki.php/Configuration:valid_elements"]init()[/url] loading it. It setup to only allow certain html elements to be saved. The editor by default will strip all but basic tags (p, a, img). It should be POSTing a htmlentities() string to your controller which should be affected by XSS. If you echo your POST, with XSS clean off, do you still see the proper html out of curiosity?