Re: Decode, transcode, sanitize, filter, escape

From:	Ferenc Kovacs	Date:	Thu, 20 Sep 2012 13:13:53 +0000
Subject:	Re: Decode, transcode, sanitize, filter, escape
References:	1 2 3 4	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On Thu, Sep 20, 2012 at 3:09 PM, Leigh <[email protected]> wrote:

> > My whole point here is identifying WHAT needs 'escaping'. You can't
> simply
> > 'escape' the output stream, you still want html tags to get out?
>
> This problem is specific to YOU, because (as far as I understood your
> previous post) you decided to store big chunks of HTML in your data
> store. It is not a problem with this proposal, or a problem in
> general.
>
>
more specifically: accepting HTML, but trying to allow some of the tags but
still filtering most of it.
HTMLPurifier is the tool for this kind of job, but most people would
recommend using some kind of alternative markup format, like
BBCode<http://en.wikipedia.org/wiki/BBCode>
.

-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu


   

Thread (8 messages)

• Lester CaineThu, 20 Sep 2012 10:10:31 +0000
  • Ferenc KovacsThu, 20 Sep 2012 10:25:22 +0000
  • Pádraic BradyThu, 20 Sep 2012 11:31:00 +0000
    • Lester CaineThu, 20 Sep 2012 12:55:38 +0000
      • LeighThu, 20 Sep 2012 13:09:43 +0000
        • Ferenc KovacsThu, 20 Sep 2012 13:13:53 +0000
          • Pádraic BradyThu, 20 Sep 2012 13:44:54 +0000
          • Lester CaineThu, 20 Sep 2012 14:05:13 +0000