Forget to say I am storing both raw and cleaned date. Very good tip from AD7six via nuts-and-bolts-of-cakephp.com
On Tue, Sep 14, 2010 at 7:05 PM, Andrei Mita <[email protected]> wrote: > Hello, > > I want to save some html formatted text (bold, italic and underline only) > while preventing XSS. > > I have developed a method but I'm not sure if it's OK and I would like your > input on this. > > First of all I allow any kind of imput through TinyMCE. In the controller I > replace all allowed tags like <b> and <i> with some bb tags like [b]. I then > remove all html tags with Sanitize and replace the bb tags with html tags. > > Is this the proper way to do it? > > Thanks, > Andrei > Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
