Comments (5)
I can see no reason to store HTML chars in your db, you're supposed to use that at output, not all the time.
from core.
Yes, as @kemo has said, you're supposed to use HTML::chars when outputting unsafe strings not before inserting them into the database. Having encoded strings in your database causes problems such not being able to search the strings in your database properly. Also, what if you wanted to put your data into a JSON file, you would have lots of unwanted HTML encoding in it.
from core.
great, I did!
My idea is to clean the data before storing in the database.
Aka @feketegy in http://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/
it looks like "HTML Purifier" is better for this.
from core.
Use HTML Purifier if you want to preserve HTML in your content, otherwise strip all tags out from it.
from core.
otherwise strip all tags out from it
even if you strip tags, output should be escaped.
from core.
Related Issues (20)
- Use of mikey179/vfsStream for Log tests breaks module builds HOT 3
- 3.4.0 current status HOT 49
- Change detecting urls starting with //
- Improvements on website HOT 10
- 1 repo to rule them all HOT 12
- .git files in modules release for 3.3.5 HOT 4
- 4.0.0 release HOT 16
- Ubuntu packages HOT 9
- modules and composer - play together nicer HOT 2
- Should we remove 'action', 'controller', 'directory' from request params? HOT 4
- Implementation of external requests in Minion Task HOT 5
- [Security] Encrypt HOT 34
- Issues with PHP 7.0.6 and ORM HOT 3
- Use Route:url in Minion Task HOT 1
- ERROR: Kohana_Exception [ 0 ]: Directory APPPATH/cache must be writable HOT 8
- "content-length" -header calculation in Response
- Server Upgraded to PHP7 Error: __toString() must not throw an exception HOT 4
- Error en Core Handle
- Function Valid::date for timestamp HOT 1
- [Proposal] Make middlewares HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from core.