• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Codeigniter stripping HTML ?

#1
[eluser]brucebat[/eluser]
Hey all,

I am trying to get to the bottom of a problem im having with a blog maker.

I am using TinyMCE to construct my content in a blog post
http://www.tinymce.com/

However after asking around there it seems that the problem may be codeigniter.

I have XSS filtering on but not validation being done on the my blog maker.

The HTML in the editor is fine, but when it goes to the database it gets stripped.

Anyway I can fix this?

Thanks

#2
[eluser]Twisted1919[/eluser]
Text editors insert allot of style="anything" and the xss_clean() method will strip those.
Use html purifier for your editor content and xss_clean() for all the other fields.

#3
[eluser]pickupman[/eluser]
Also keep in mind that you need to configure TinyMCE allowed elements in your [url="http://www.tinymce.com/wiki.php/Configuration:valid_elements"]init()[/url] loading it. It setup to only allow certain html elements to be saved. The editor by default will strip all but basic tags (p, a, img). It should be POSTing a htmlentities() string to your controller which should be affected by XSS. If you echo your POST, with XSS clean off, do you still see the proper html out of curiosity?


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.