Add validator and filter for HTML
We need a validator that can check for malicious content in strings that are supposed to contain some HTML. And it would be nice to have a filter to clean up messy stuff of that kind.
#1 Updated by Lukas Lentner over 9 years ago
Wouldn't it make sense to deligate this function to a rich text editor who so or so has to take care about the transformations between (in the older days) BE->DB. The validator should work hand in hand with this Transformator!
Or do you have other uses for this validator?
#6 Updated by Bastian Waidelich almost 8 years ago
- Status changed from New to Needs Feedback
- Has patch set to No
I think, this one can be closed as a validator for malicious HTML doesn't make sense IMO:
The rules for malicious HTML can change and depend on the context. So the output should be secured when outputted to the client. For RTEs we probably need something like t3lib_div::removeXSS().