A
A
Anton Natarov2016-04-14 11:22:52
Yii
Anton Natarov, 2016-04-14 11:22:52

Yii2 Ckeditor and html:encode how to do it safely?

Good day everyone. I use a plugin for yii2 - Ckeditor on my site . I set everything, everything works, but when you add your entries, HTML tags are escaped, and if you don’t escape it, then there is a potential vulnerability on the part of the user. How to output then correctly?
Without escaping So escaping, but not working properly ckeditor How to solve the issue of security and usability of the plug-in? Maybe there are analogues of WYSIWYG that do not require this approach?
<?= $model->description ?>
<?= Html::encode($model->conditions) ?>

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Anton Natarov, 2016-04-14
@HanDroid

Someday it will come in handy for someone. There is a helper in Yii2 that cleans up potential
HTMLPurifier
threats. Just wrap your variables in
Someday it will come in handy for someone.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question