[TYPO3-project-formidable] Stripping HTML tags from user input before DB insertion

Leopold Mayr leo at sprinkesnirg.de
Wed Feb 25 13:08:48 CET 2009 

Hi Jerome,

First of all: thanks for this great extension, it saved me a lot of  
time and hassle!


I was looking for some sort of flag that could be set on each  
renderlet individually, for example:

<renderlet:TEXT name="example" stripHtmlTags="true" />

However I am not quite sure if it would make sense to put a flag like  
that here...


Another feature I can imagine to be useful is to allow certain tags  
for input (for text formatting e.g. <b>, <i>) and strip everything else:

<renderlet:TEXTAREA name="example"  allowHtmlTags="b,i" />


Regards

Leo


Am 25.02.2009 um 10:41 schrieb Jerome Schneider:

> Hi Leopold,
> When I have to achieve this kind of processing, I use the
> beforeInsertion too :)
>
> There's no other way to do so for the moment.
>
> What feature would you have expected ?
>
> Regards,
> Jerome Schneider
>
> Leopold Mayr a écrit :
>> Hi list!
>>
>> I have created a user database where users can edit their data
>> themselves. I wanted to strip any html tags from the user's input  
>> before
>> it is stored in the DB.
>>
>> Therefore I wrote a beforeinsertion process (code below) to strip the
>> tags and it works (as far as I can tell right now).
>>
>> I'm just wondering if there is another possibility of doing this?  
>> Am I
>> missing anything?
>>
>> Thanks in advance,
>>
>> Leo
>>
>>
>> Here goes the code:
>>
>> <datahandler:DB>
>>    <tablename>fe_users</tablename>
>>    <keyname>uid</keyname>
>>    <process>
>>        <beforeinsertion>
>>            <userobj>
>>                <php><![CDATA[
>>                    //get form values
>>                    $aData = array_pop(func_get_args());
>>
>>                    //create anonymous function for stripping tags
>>                    $sanitize = create_function ('&$value, $key',
>> '$value = strip_tags ($value);');
>>
>>                    //apply anonymous strip tags function to every  
>> form
>> field
>>                    array_walk ($aData, $sanitize);
>>
>>                    return $aData;
>>                ]]></php>
>>            </userobj>
>>        </beforeinsertion>
>>    </process>
>> </datahandler:DB>
>>
>>
> _______________________________________________
> TYPO3-project-formidable mailing list
> TYPO3-project-formidable at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-project-formidable

More information about the TYPO3-project-formidable mailing list