Sanitising HTML - My Forums

Re: Sanitising HTML

rossco — Mar 31, 2009, 06:42 PM

I know this is an old post but I’m needing a way to purify text that is submitted by a webuser...

I am allowing users to submit text in a textarea and I want to restrict the code that is allowed in the textarea. I would like to use this purify plugin but it’s not doing anything for me...

I have a textarea and I put

TEST

in the form and submitted, the code was sent and saved but not purified. Any idea why that would be and if this plugin is suitable?

Thanks!

EDIT : How can I stop any HTML elements being input in to forms completely. Allowing the user to input HTML tags is causing my pages to loose shape if the user input incorrect tags or doesn’t close them

Re: Sanitising HTML

davidm — Jun 18, 2008, 05:56 AM

Great Scotty !!!

I’ll sure have a use for it, combined with FrondEndDocumentManager (a.k.a FDM) and those rich text areas

Re: Sanitising HTML

ScottyDelicious — Jun 18, 2008, 05:52 AM

I posted a full featured plugin here: http://modxcms.com/HTML-Purifier-for-Forms-Plugin-2096.html

No Jot hackery needed.

-sD-
Dr. Scotty Delicious, DFPA.

Re: Sanitising HTML

rethrash — Jun 17, 2008, 07:58 PM

Yes indeed: http://svn.modxcms.com/jira/secure/ForgotPassword!default.jspa but you’ll have to recall your username.

Re: Sanitising HTML

ScottyDelicious — Jun 17, 2008, 06:42 PM

Quote from: rthrash at Jun 17, 2008, 12:27 PM

Feel free to modify Jot to your heart’s content. Armand is letting the community take over the 096x release and making it more functional for the tens of thousands of sites that will still be running that version will be greatly appreciated. You might want to head on over to the JIRA install and start committing to the project itself, too, once you get it sorted to your liking.

Yeah, no problem.

Well... small problem. I got my Crucible and Fisheye username and password a long time ago. I don’t have a clue what it is. can it be reset?

-sD-
Dr. Scotty Delicious, DFPA.

Re: Sanitising HTML

rethrash — Jun 17, 2008, 07:27 AM

Feel free to modify Jot to your heart’s content. Armand is letting the community take over the 096x release and making it more functional for the tens of thousands of sites that will still be running that version will be greatly appreciated. You might want to head on over to the JIRA install and start committing to the project itself, too, once you get it sorted to your liking.

Re: Sanitising HTML

ScottyDelicious — Jun 16, 2008, 10:45 PM

Quote from: Ambush at Jun 17, 2008, 01:35 AM

Hello Dr. Scotty Delicious,

It’s great to see that someone else has stepped up to the plate to have an updated plugin of HTML Purifier for Modx. There is a plugin, but it’s somewhat untested as I don’t use Modx, and it has problems with HTML Purifier 3.1 (I’ve got an updated version pending for that).

Would you like me to link to your plugin for Jot on the HTML Purifier home page?

Cheers,
Edward

Sure, but it would be good to specifically note that it is not a system wide plugin, but merely a modification of the Jot snippet with a class for purifying the HTML that is passed in by Jot’s $comment[’content’] variable.

I think what I may do is make another modification of the jot.class.inc.php file to invoke the OnBeforeDocFormSave system event so that a plugin like yours will work with comments. I might also try to put together a plugin that can purify any form submitted on the front end. That might be better for the Jot upgrade path and also a bit more universal so it can be used with the eForm snippet (or any form in the front end).

-sD-
Dr. Scotty Delicious, DFPA.

Re: Sanitising HTML

Ambush Commander — Jun 16, 2008, 08:35 PM

Hello Dr. Scotty Delicious,

It’s great to see that someone else has stepped up to the plate to have an updated plugin of HTML Purifier for Modx. There is a plugin, but it’s somewhat untested as I don’t use Modx, and it has problems with HTML Purifier 3.1 (I’ve got an updated version pending for that).

Would you like me to link to your plugin for Jot on the HTML Purifier home page?

Cheers,
Edward

Re: Sanitising HTML

ScottyDelicious — Jun 16, 2008, 05:44 PM

Quote from: davidm at Jun 16, 2008, 01:46 PM

There is a HTML purifier plugin for MODx, and it has been developped by the author of HTML purifier [...]

That’s true, but it only fires on OnBeforeDocFormSave.
The trouble is, the appropriate events for purifying HTML only seem to be fired in the Manager
I guess what I should try is invoking OnBeforeDocFormSave from Jot.

Quote from: tuatara at Jun 16, 2008, 09:16 PM

Thanks Scotty ;-). I have some modifications of my own to Jot so I’ll need to merge the two; it’ll take me a week or so (I’m taking a break) but I shall report back!

Cheers
Matt

No problem Matt. I put this together when I was redesigning my site. I thought I was going to provide a WYSIWYG RTE for comments, but I find that HTML Purifiers AutoFormat.AutoParagraph and AutoFormat.Linkify work great, so at this point I am on the fence about adding an RTE.

-sD-
Dr. Scotty Delicious, DFPA.

Re: Sanitising HTML

tuatara — Jun 16, 2008, 04:16 PM

Quote from: Dr. at Jun 16, 2008, 09:36 AM

I have modified jot.class.inc.php to include my class and use it as a filter. Additionally, I have modified the jot class to send notifications as HTML instead of as plain text. This gives you a greater deal of flexibility in your notification templates.

Thanks Scotty ;-). I have some modifications of my own to Jot so I’ll need to merge the two; it’ll take me a week or so (I’m taking a break) but I shall report back!

Cheers
Matt