Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton Natarov2016-04-14 11:22:52
Yii
Anton Natarov, 2016-04-14 11:22:52

Yii2 Ckeditor and html:encode how to do it safely?

Good day everyone. I use a plugin for yii2 - Ckeditor on my site . I set everything, everything works, but when you add your entries, HTML tags are escaped, and if you don’t escape it, then there is a potential vulnerability on the part of the user. How to output then correctly?
Without escaping So escaping, but not working properly ckeditor How to solve the issue of security and usability of the plug-in? Maybe there are analogues of WYSIWYG that do not require this approach?
<?= $model->description ?>
<?= Html::encode($model->conditions) ?>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Anton Natarov, 2016-04-14
@HanDroid

Someday it will come in handy for someone. There is a helper in Yii2 that cleans up potential
HTMLPurifier
threats. Just wrap your variables in
Someday it will come in handy for someone.

Similar questions
G
gitdev2017-09-01 17:26:48
Google maps api searchable by street name, how to implement? 1Reply
D
Dmitry Khaperets2015-09-05 11:54:05
What is the best way to organize communication: article-category? 1Reply
X
XenK2017-08-10 12:46:08
Correct foreach? 2Reply
H
Hancock_8882015-09-06 08:50:16
How to optimize website performance in yii? 3Reply
H
hollanditkzn2017-08-11 10:29:51
Why does the currency format not work correctly? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question