[TYPO3-project-formidable] Stripping HTML tags from user inputbefore DB insertion
Leopold Mayr
leo at sprinkesnirg.de
Wed Feb 25 20:21:34 CET 2009
Hi,
I like the idea, how can I help?
Regards,
Leo
Am 25.02.2009 um 13:36 schrieb <newgrp at googlemail.com> <newgrp at googlemail.com
>:
> Hi,
>
> in TinyMCE there are two functions:
> Option: valid_elements
> Option: invalid_elements
> http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/invalid_elements
> http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements
>
> You can use the standard valid_elements or set them by yourself.
> And you can set elements which will be deleted when saved.
>
> I'd like these functions to be integrated in formidable for TEXT and
> TEXTAREA renderlets. So you do not need to use userobjects and put
> the code
> everytime you need it.
>
> How do you think about it?
>
> Reagrds,
> Hauke
>
> ----- Original Message -----
> From: "Leopold Mayr" <leo at sprinkesnirg.de>
> Newsgroups: typo3.projects.formidable
> To: "TYPO3 project list for the FORMidable extension"
> <typo3-project-formidable at lists.netfielders.de>
> Sent: Wednesday, February 25, 2009 1:08 PM
> Subject: Re: [TYPO3-project-formidable] Stripping HTML tags from user
> inputbefore DB insertion
>
>
> Hi Jerome,
>
> First of all: thanks for this great extension, it saved me a lot of
> time and hassle!
>
>
> I was looking for some sort of flag that could be set on each
> renderlet individually, for example:
>
> <renderlet:TEXT name="example" stripHtmlTags="true" />
>
> However I am not quite sure if it would make sense to put a flag like
> that here...
>
>
> Another feature I can imagine to be useful is to allow certain tags
> for input (for text formatting e.g. <b>, <i>) and strip everything
> else:
>
> <renderlet:TEXTAREA name="example" allowHtmlTags="b,i" />
>
>
> Regards
>
> Leo
>
>
> Am 25.02.2009 um 10:41 schrieb Jerome Schneider:
>
>> Hi Leopold,
>> When I have to achieve this kind of processing, I use the
>> beforeInsertion too :)
>>
>> There's no other way to do so for the moment.
>>
>> What feature would you have expected ?
>>
>> Regards,
>> Jerome Schneider
>>
>> Leopold Mayr a écrit :
>>> Hi list!
>>>
>>> I have created a user database where users can edit their data
>>> themselves. I wanted to strip any html tags from the user's input
>>> before
>>> it is stored in the DB.
>>>
>>> Therefore I wrote a beforeinsertion process (code below) to strip
>>> the
>>> tags and it works (as far as I can tell right now).
>>>
>>> I'm just wondering if there is another possibility of doing this?
>>> Am I
>>> missing anything?
>>>
>>> Thanks in advance,
>>>
>>> Leo
>>>
>>>
>>> Here goes the code:
>>>
>>> <datahandler:DB>
>>> <tablename>fe_users</tablename>
>>> <keyname>uid</keyname>
>>> <process>
>>> <beforeinsertion>
>>> <userobj>
>>> <php><![CDATA[
>>> //get form values
>>> $aData = array_pop(func_get_args());
>>>
>>> //create anonymous function for stripping tags
>>> $sanitize = create_function ('&$value, $key',
>>> '$value = strip_tags ($value);');
>>>
>>> //apply anonymous strip tags function to every
>>> form
>>> field
>>> array_walk ($aData, $sanitize);
>>>
>>> return $aData;
>>> ]]></php>
>>> </userobj>
>>> </beforeinsertion>
>>> </process>
>>> </datahandler:DB>
>>>
>>>
>> _______________________________________________
>> TYPO3-project-formidable mailing list
>> TYPO3-project-formidable at lists.netfielders.de
>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-project-formidable
>
> _______________________________________________
> TYPO3-project-formidable mailing list
> TYPO3-project-formidable at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-project-formidable
More information about the TYPO3-project-formidable
mailing list