How to output YII2 formatted text?

D

Dmitry2016-06-23 11:33:15

Yii

Dmitry, 2016-06-23 11:33:15

Good morning.
There was a question on a subject of an output of the formatted text in views.
The site is made on Yii2.
The point is the following. The user uploads text files (.docx, .odt, .txt), the text from the file is read and written to the database. The text can contain tables, lists, etc. etc.
When displayed on the site page, the text is displayed using Html::encode() and if the text contains html tags, then, of course, all tags are escaped.
To preserve the formatting, you can disable the escaping of html tags using Html::decode() , but then another problem arises. The user can enter some js code or some other muck into the file.
You can process the text with strip_tags() by passing in the second parameter which tags to not strip.
But will it be a sufficient way?
The question is, how can you keep the text formatting, but at the same time avoid running js code or some kind of nasty stuff?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Maxim Timofeev, 2016-06-23
@slo_nik

Yii has yii\helpers\HtmlPurifier. By the way, I advise you to always use it before writing to the database received from the user.
Here are the full docks for this library htmlpurifier.org
There you can flexibly configure the cleaning of any tags.