Security Question

[Dave]

I am trying to figure out the best way to sanitize and clean data and have
it safe, readable and as easy as possible.
 
In my controller I have:
 
$clean = new Sanitize();
$this->data = $clean->clean($this->data);
 
Basic simple clean method. But if a user enters <script> <php echo
$something ?> 
 
When its time to edit they see 
&lt;script&gt;&lt;?php debug&#40;$award&#41;; ?&gt;
which is completely unreadable
 
so in the edit form I have 
 
<?php echo
$form->input("description",array("value"=>html_entity_decode($this->data["Ev
ent"]["description"])));?> which converts the crazy characters back to
normal readable characters.
 
What are the security issues with this? Saved data is &lt;script&gt;&lt;?php
debug&#40;$award&#41;; ?&gt; but when its time to edit the record they can
read it.
 
Thanks,
 
Dave

--

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-...@googlegroups.com.
To unsubscribe from this group, send email to 
cake-php+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=.