Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices Insert Clean data using text editor
Insert Clean data using text editor
  • Offline rmcdahal
    Junior Member
  • **
  • Posts: 37
    Threads: 11
    Joined: Jan 2018
    Reputation: 2
#1
05-04-2018, 08:15 AM

Hello folks,
Why this types of html code are inserted in my db table ? 


My Model code is 
Code:
public function create_post()
   {
       $data = array(
           'title' =>$this->input->post('title'),
           'body' =>$this->input->post('post_body'),
           'category_id' => $this->input->post('cat_select')
       );
       return $this->db->insert('posts', $data);
   }

My Controller code is 
Code:
public function create()
   {

       $data['page_heading'] = "Add New Post";
       $data['categories'] = $this->Category_m->getAllCategory();
       $this->form_validation->set_rules('title', 'Post Title', 'trim|required');
       $this->form_validation->set_rules('post_body', 'Post Body', 'required');


if ($this->form_validation->run() === FALSE) {
   $data['content_view'] = 'Posts/Create';
       $this->templates->admin_themes($data);
} else {
  $this->Post_m->create_post();
  redirect('posts/index','refresh');
}
   }
Create View Is With TinyMCE
Code:
<div class="form-group row">
                   <div class="col-12">
                       <textarea class="form-control" id="post_body" name="post_body"></textarea>
                   </div>
               </div>

   
Reply
  • Offline kilishan
    CI Project Lead
  • *******
  • Posts: 1,461
    Threads: 90
    Joined: Oct 2014
    Reputation: 120
#2
05-04-2018, 12:19 PM

You're using a rich text editor - TinyMCE - which generates HTML. If you want to restrict what it creates, either use a strip_tags call in the model, or, better yet, look at TinyMCE's options to get it like you want it there.
Support Development •  CodeIgniter 4 Foundations • Practical CodeIgniter 3  • CodeIgniter Tutorials
Reply
  • Offline jreklund
    Administrator
  • *******
  • Posts: 1,408
    Threads: 3
    Joined: Aug 2017
    Reputation: 42
#3
05-04-2018, 12:24 PM
(This post was last modified: 05-04-2018, 12:26 PM by jreklund.)

Remove Full Page Plugin
https://www.tinymce.com/docs/plugins/fullpage/

And add HTML Purifier so that you don't get vulnerable to XSS attacks
http://htmlpurifier.org/
Reply
  • Offline qury
    Member
  • ***
  • Posts: 86
    Threads: 5
    Joined: Feb 2015
    Reputation: 4
#4
05-09-2018, 02:02 PM

I had issues with html code generated by rich text editors as well, so now i use medium editor with markdown plugin to give my users a bit of formatting capabilities and also allow easily readable extracts to be generated from the database (into xlsx)

When displaying the markdown from the database i use http://parsedown.org to convert the markdown test back to nice html.

http://ionicabizau.github.io/medium-edit...n/example/
Reply




Theme © iAndrew 2016 - Forum software by © MyBB