[TYPO3-project-formidable] Stripping HTML tags from user inputbefore DB insertion
newgrp at googlemail.com
newgrp at googlemail.com
Wed Feb 25 13:36:46 CET 2009
Hi,
in TinyMCE there are two functions:
Option: valid_elements
Option: invalid_elements
http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/invalid_elements
http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements
You can use the standard valid_elements or set them by yourself.
And you can set elements which will be deleted when saved.
I'd like these functions to be integrated in formidable for TEXT and
TEXTAREA renderlets. So you do not need to use userobjects and put the code
everytime you need it.
How do you think about it?
Reagrds,
Hauke
----- Original Message -----
From: "Leopold Mayr" <leo at sprinkesnirg.de>
Newsgroups: typo3.projects.formidable
To: "TYPO3 project list for the FORMidable extension"
<typo3-project-formidable at lists.netfielders.de>
Sent: Wednesday, February 25, 2009 1:08 PM
Subject: Re: [TYPO3-project-formidable] Stripping HTML tags from user
inputbefore DB insertion
Hi Jerome,
First of all: thanks for this great extension, it saved me a lot of
time and hassle!
I was looking for some sort of flag that could be set on each
renderlet individually, for example:
<renderlet:TEXT name="example" stripHtmlTags="true" />
However I am not quite sure if it would make sense to put a flag like
that here...
Another feature I can imagine to be useful is to allow certain tags
for input (for text formatting e.g. <b>, <i>) and strip everything else:
<renderlet:TEXTAREA name="example" allowHtmlTags="b,i" />
Regards
Leo
Am 25.02.2009 um 10:41 schrieb Jerome Schneider:
> Hi Leopold,
> When I have to achieve this kind of processing, I use the
> beforeInsertion too :)
>
> There's no other way to do so for the moment.
>
> What feature would you have expected ?
>
> Regards,
> Jerome Schneider
>
> Leopold Mayr a écrit :
>> Hi list!
>>
>> I have created a user database where users can edit their data
>> themselves. I wanted to strip any html tags from the user's input before
>> it is stored in the DB.
>>
>> Therefore I wrote a beforeinsertion process (code below) to strip the
>> tags and it works (as far as I can tell right now).
>>
>> I'm just wondering if there is another possibility of doing this? Am I
>> missing anything?
>>
>> Thanks in advance,
>>
>> Leo
>>
>>
>> Here goes the code:
>>
>> <datahandler:DB>
>> <tablename>fe_users</tablename>
>> <keyname>uid</keyname>
>> <process>
>> <beforeinsertion>
>> <userobj>
>> <php><![CDATA[
>> //get form values
>> $aData = array_pop(func_get_args());
>>
>> //create anonymous function for stripping tags
>> $sanitize = create_function ('&$value, $key',
>> '$value = strip_tags ($value);');
>>
>> //apply anonymous strip tags function to every form
>> field
>> array_walk ($aData, $sanitize);
>>
>> return $aData;
>> ]]></php>
>> </userobj>
>> </beforeinsertion>
>> </process>
>> </datahandler:DB>
>>
>>
> _______________________________________________
> TYPO3-project-formidable mailing list
> TYPO3-project-formidable at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-project-formidable
More information about the TYPO3-project-formidable
mailing list