Feature #6121
Add validator and filter for HTML
| Status: | Rejected | Start date: | ||
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Validation | |||
| Target version: | - | Estimated time: | 6.00 hours | |
| PHP Version: | Complexity: | |||
| Has patch: | No | |||
| Votes: | 0 |
Description
We need a validator that can check for malicious content in strings that are supposed to contain some HTML. And it would be nice to have a filter to clean up messy stuff of that kind.
History
Updated by Lukas Lentner about 3 years ago
Wouldn't it make sense to deligate this function to a rich text editor who so or so has to take care about the transformations between (in the older days) BE->DB. The validator should work hand in hand with this Transformator!
Or do you have other uses for this validator?
Lukas
Updated by Lukas Lentner about 3 years ago
Is such a package planed?
- Richtexteditor
- Viewhelper for fluid
- gui by extjs
- complex transformation & validationsOr an adaption of an existing??
Updated by Robert Lemke about 3 years ago
- Target version changed from 1.0 alpha 8 to 1.0 alpha 9
- Start date deleted (
2010-01-20) - Estimated time set to 6.00
Updated by Karsten Dambekalns about 3 years ago
Lukas Lentner wrote:
Wouldn't it make sense to deligate this function to a rich text editor
No, it wouldn't. Because that would mean you are only protected when the content to deal with has been entered using the RTE.
Updated by Robert Lemke almost 3 years ago
- Target version deleted (
1.0 alpha 9)
Updated by Bastian Waidelich over 1 year ago
- Status changed from New to Needs Feedback
- Has patch set to No
I think, this one can be closed as a validator for malicious HTML doesn't make sense IMO:
The rules for malicious HTML can change and depend on the context. So the output should be secured when outputted to the client. For RTEs we probably need something like t3lib_div::removeXSS().
Updated by Christian Mueller about 1 year ago
- Status changed from Needs Feedback to Closed
As Bastian said should be checked on output.
Updated by Christian Mueller about 1 year ago
- Status changed from Closed to Rejected