Personally I use htmlpurifier.org to clean my html, its designed to do exactly what you describe and is maintained to provide max security. You could then create your own filter to do this.
2009/3/30 lightflowmark <[email protected]>: > > Hi, > I'm using the Dojo editor element in my forms, but have a security concern > about it. Because it converts markup as HTML (, etc.), you can't escape the > output without losing the benefits of the formatting. > > How, then, do you ensure your users don't insert anything malicious into > your page? (striptags appears to be disabled on this form element, in order > for it to work at all) > > > -- > View this message in context: > http://www.nabble.com/Zend_Form_Dojo-Editor-security-concern-%28escaping-output%29-tp22782919p22782919.html > Sent from the Zend Framework mailing list archive at Nabble.com. > > -- ---------------------------------------------------------------------- [MuTe] ----------------------------------------------------------------------
