<![CDATA[ Sanitising HTML - MODX Community Forums]]> https://forums.modx.com/thread/?thread=43190 <![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249349
I am allowing users to submit text in a textarea and I want to restrict the code that is allowed in the textarea.  I would like to use this purify plugin but it’s not doing anything for me...

I have a textarea and I put <div>TEST</div> in the form and submitted, the code was sent and saved but not purified.  Any idea why that would be and if this plugin is suitable? 

Thanks!

EDIT : How can I stop any HTML elements being input in to forms completely.  Allowing the user to input HTML tags is causing my pages to loose shape if the user input incorrect tags or doesn’t close them]]>
rossco Mar 31, 2009, 06:42 PM https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249349
<![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249348
I’ll sure have a use for it, combined with FrondEndDocumentManager (a.k.a FDM) and those rich text areas grin]]>
davidm Jun 18, 2008, 05:56 AM https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249348
<![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249347 http://modxcms.com/HTML-Purifier-for-Forms-Plugin-2096.html

No Jot hackery needed.

-sD-
Dr. Scotty Delicious, DFPA.]]>
ScottyDelicious Jun 18, 2008, 05:52 AM https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249347
<![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249346 http://svn.modxcms.com/jira/secure/ForgotPassword!default.jspa but you’ll have to recall your username.]]> rethrash Jun 17, 2008, 07:58 PM https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249346 <![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249345 Quote from: rthrash at Jun 17, 2008, 12:27 PM

Feel free to modify Jot to your heart’s content. Armand is letting the community take over the 096x release and making it more functional for the tens of thousands of sites that will still be running that version will be greatly appreciated. You might want to head on over to the JIRA install and start committing to the project itself, too, once you get it sorted to your liking. smiley
Yeah, no problem.

Well... small problem. I got my Crucible and Fisheye username and password a long time ago. I don’t have a clue what it is. can it be reset?

-sD-
Dr. Scotty Delicious, DFPA.]]>
ScottyDelicious Jun 17, 2008, 06:42 PM https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249345
<![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249344 ]]> rethrash Jun 17, 2008, 07:27 AM https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249344 <![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249343 Quote from: Ambush at Jun 17, 2008, 01:35 AM

Hello Dr. Scotty Delicious,

It’s great to see that someone else has stepped up to the plate to have an updated plugin of HTML Purifier for Modx. There is a plugin, but it’s somewhat untested as I don’t use Modx, and it has problems with HTML Purifier 3.1 (I’ve got an updated version pending for that).

Would you like me to link to your plugin for Jot on the HTML Purifier home page?

Cheers,
Edward

Sure, but it would be good to specifically note that it is not a system wide plugin, but merely a modification of the Jot snippet with a class for purifying the HTML that is passed in by Jot’s $comment[’content’] variable.

I think what I may do is make another modification of the jot.class.inc.php file to invoke the OnBeforeDocFormSave system event so that a plugin like yours will work with comments. I might also try to put together a plugin that can purify any form submitted on the front end. That might be better for the Jot upgrade path and also a bit more universal so it can be used with the eForm snippet (or any form in the front end).

-sD-
Dr. Scotty Delicious, DFPA.]]>
ScottyDelicious Jun 16, 2008, 10:45 PM https://forums.modx.com/thread/43190/sanitising-html?page=2#dis-post-249343
<![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html#dis-post-249342
It’s great to see that someone else has stepped up to the plate to have an updated plugin of HTML Purifier for Modx. There is a plugin, but it’s somewhat untested as I don’t use Modx, and it has problems with HTML Purifier 3.1 (I’ve got an updated version pending for that).

Would you like me to link to your plugin for Jot on the HTML Purifier home page?

Cheers,
Edward]]>
Ambush Commander Jun 16, 2008, 08:35 PM https://forums.modx.com/thread/43190/sanitising-html#dis-post-249342
<![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html#dis-post-249341 Quote from: davidm at Jun 16, 2008, 01:46 PM

There is a HTML purifier plugin for MODx, and it has been developped by the author of HTML purifier [...]

That’s true, but it only fires on OnBeforeDocFormSave.
The trouble is, the appropriate events for purifying HTML only seem to be fired in the Manager
I guess what I should try is invoking OnBeforeDocFormSave from Jot.

Quote from: tuatara at Jun 16, 2008, 09:16 PM

Thanks Scotty ;-). I have some modifications of my own to Jot so I’ll need to merge the two; it’ll take me a week or so (I’m taking a break) but I shall report back!

Cheers
Matt
No problem Matt. I put this together when I was redesigning my site. I thought I was going to provide a WYSIWYG RTE for comments, but I find that HTML Purifiers AutoFormat.AutoParagraph and AutoFormat.Linkify work great, so at this point I am on the fence about adding an RTE.

-sD-
Dr. Scotty Delicious, DFPA.
]]>
ScottyDelicious Jun 16, 2008, 05:44 PM https://forums.modx.com/thread/43190/sanitising-html#dis-post-249341
<![CDATA[Re: Sanitising HTML]]> https://forums.modx.com/thread/43190/sanitising-html#dis-post-249340 Quote from: Dr. at Jun 16, 2008, 09:36 AM

I have modified jot.class.inc.php to include my class and use it as a filter. Additionally, I have modified the jot class to send notifications as HTML instead of as plain text. This gives you a greater deal of flexibility in your notification templates.

Thanks Scotty ;-). I have some modifications of my own to Jot so I’ll need to merge the two; it’ll take me a week or so (I’m taking a break) but I shall report back!

Cheers
Matt]]>
tuatara Jun 16, 2008, 04:16 PM https://forums.modx.com/thread/43190/sanitising-html#dis-post-249340