[TYPO3-project-formidable] Stripping HTML tags from user inputbefore DB insertion

Leopold Mayr leo at sprinkesnirg.de
Wed Feb 25 20:21:34 CET 2009 

Hi,

I like the idea, how can I help?

Regards,

Leo

Am 25.02.2009 um 13:36 schrieb <newgrp at googlemail.com> <newgrp at googlemail.com 
 >:

> Hi,
>
> in TinyMCE there are two functions:
> Option: valid_elements
> Option: invalid_elements
> http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/invalid_elements
> http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements
>
> You can use the standard valid_elements or set them by yourself.
> And you can set elements which will be deleted when saved.
>
> I'd like these functions to be integrated in formidable for TEXT and
> TEXTAREA  renderlets. So you do not need to use userobjects and put  
> the code
> everytime you need it.
>
> How do you think about it?
>
> Reagrds,
> Hauke
>
> ----- Original Message -----
> From: "Leopold Mayr" <leo at sprinkesnirg.de>
> Newsgroups: typo3.projects.formidable
> To: "TYPO3 project list for the FORMidable extension"
> <typo3-project-formidable at lists.netfielders.de>
> Sent: Wednesday, February 25, 2009 1:08 PM
> Subject: Re: [TYPO3-project-formidable] Stripping HTML tags from user
> inputbefore DB insertion
>
>
> Hi Jerome,
>
> First of all: thanks for this great extension, it saved me a lot of
> time and hassle!
>
>
> I was looking for some sort of flag that could be set on each
> renderlet individually, for example:
>
> <renderlet:TEXT name="example" stripHtmlTags="true" />
>
> However I am not quite sure if it would make sense to put a flag like
> that here...
>
>
> Another feature I can imagine to be useful is to allow certain tags
> for input (for text formatting e.g. <b>, <i>) and strip everything  
> else:
>
> <renderlet:TEXTAREA name="example"  allowHtmlTags="b,i" />
>
>
> Regards
>
> Leo
>
>
> Am 25.02.2009 um 10:41 schrieb Jerome Schneider:
>
>> Hi Leopold,
>> When I have to achieve this kind of processing, I use the
>> beforeInsertion too :)
>>
>> There's no other way to do so for the moment.
>>
>> What feature would you have expected ?
>>
>> Regards,
>> Jerome Schneider
>>
>> Leopold Mayr a écrit :
>>> Hi list!
>>>
>>> I have created a user database where users can edit their data
>>> themselves. I wanted to strip any html tags from the user's input   
>>> before
>>> it is stored in the DB.
>>>
>>> Therefore I wrote a beforeinsertion process (code below) to strip  
>>> the
>>> tags and it works (as far as I can tell right now).
>>>
>>> I'm just wondering if there is another possibility of doing this?   
>>> Am I
>>> missing anything?
>>>
>>> Thanks in advance,
>>>
>>> Leo
>>>
>>>
>>> Here goes the code:
>>>
>>> <datahandler:DB>
>>>   <tablename>fe_users</tablename>
>>>   <keyname>uid</keyname>
>>>   <process>
>>>       <beforeinsertion>
>>>           <userobj>
>>>               <php><![CDATA[
>>>                   //get form values
>>>                   $aData = array_pop(func_get_args());
>>>
>>>                   //create anonymous function for stripping tags
>>>                   $sanitize = create_function ('&$value, $key',
>>> '$value = strip_tags ($value);');
>>>
>>>                   //apply anonymous strip tags function to every   
>>> form
>>> field
>>>                   array_walk ($aData, $sanitize);
>>>
>>>                   return $aData;
>>>               ]]></php>
>>>           </userobj>
>>>       </beforeinsertion>
>>>   </process>
>>> </datahandler:DB>
>>>
>>>
>> _______________________________________________
>> TYPO3-project-formidable mailing list
>> TYPO3-project-formidable at lists.netfielders.de
>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-project-formidable
>
> _______________________________________________
> TYPO3-project-formidable mailing list
> TYPO3-project-formidable at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-project-formidable

More information about the TYPO3-project-formidable mailing list