Feature #6121

Add validator and filter for HTML

Added by Karsten Dambekalns almost 10 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
Validation
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
6.00 h
PHP Version:
Has patch:
No
Complexity:

Description

We need a validator that can check for malicious content in strings that are supposed to contain some HTML. And it would be nice to have a filter to clean up messy stuff of that kind.

History

#1 Updated by Lukas Lentner over 9 years ago

Wouldn't it make sense to deligate this function to a rich text editor who so or so has to take care about the transformations between (in the older days) BE->DB. The validator should work hand in hand with this Transformator!
Or do you have other uses for this validator?
Lukas

#2 Updated by Lukas Lentner over 9 years ago

Is such a package planed?

- Richtexteditor
- Viewhelper for fluid
- gui by extjs
- complex transformation & validations

Or an adaption of an existing??

#3 Updated by Robert Lemke over 9 years ago

  • Target version changed from 1.0 alpha 8 to 1.0 alpha 9
  • Start date deleted (2010-01-20)
  • Estimated time set to 6.00 h

#4 Updated by Karsten Dambekalns over 9 years ago

Lukas Lentner wrote:

Wouldn't it make sense to deligate this function to a rich text editor

No, it wouldn't. Because that would mean you are only protected when the content to deal with has been entered using the RTE.

#5 Updated by Robert Lemke over 9 years ago

  • Target version deleted (1.0 alpha 9)

#6 Updated by Bastian Waidelich almost 8 years ago

  • Status changed from New to Needs Feedback
  • Has patch set to No

I think, this one can be closed as a validator for malicious HTML doesn't make sense IMO:
The rules for malicious HTML can change and depend on the context. So the output should be secured when outputted to the client. For RTEs we probably need something like t3lib_div::removeXSS().

#7 Updated by Christian Müller over 7 years ago

  • Status changed from Needs Feedback to Closed

As Bastian said should be checked on output.

#8 Updated by Christian Müller over 7 years ago

  • Status changed from Closed to Rejected

Also available in: Atom PDF