Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Codeigniter stripping HTML ?
Codeigniter stripping HTML ?
  • El Forum
    Guest
  •  
#1
08-09-2011, 01:41 PM

[eluser]brucebat[/eluser]
Hey all,

I am trying to get to the bottom of a problem im having with a blog maker.

I am using TinyMCE to construct my content in a blog post
http://www.tinymce.com/

However after asking around there it seems that the problem may be codeigniter.

I have XSS filtering on but not validation being done on the my blog maker.

The HTML in the editor is fine, but when it goes to the database it gets stripped.

Anyway I can fix this?

Thanks
  • El Forum
    Guest
  •  
#2
08-09-2011, 06:15 PM

[eluser]Twisted1919[/eluser]
Text editors insert allot of style="anything" and the xss_clean() method will strip those.
Use html purifier for your editor content and xss_clean() for all the other fields.
  • El Forum
    Guest
  •  
#3
08-10-2011, 08:52 PM

[eluser]pickupman[/eluser]
Also keep in mind that you need to configure TinyMCE allowed elements in your [url="http://www.tinymce.com/wiki.php/Configuration:valid_elements"]init()[/url] loading it. It setup to only allow certain html elements to be saved. The editor by default will strip all but basic tags (p, a, img). It should be POSTing a htmlentities() string to your controller which should be affected by XSS. If you echo your POST, with XSS clean off, do you still see the proper html out of curiosity?




Theme © iAndrew 2016 - Forum software by © MyBB