this.user Posted September 8, 2010 Share Posted September 8, 2010 I'd like to use a text editor like this one: http://tinymce.moxiecode.com/examples/full.php for my forums. But I am not sure exactly how I would prevent abuse and injects to messed up the page, rather than being contained in the designated area it is meant for. Could some one please help me, I know htmlspecailchars will not work, since some of the code needs to render as html :-\ Quote Link to comment Share on other sites More sharing options...
The Eagle Posted September 8, 2010 Share Posted September 8, 2010 Well, a fully written WYSIWYG editor most likely doesn't have many injection vulnerabilities, as it's used widely and I've not heard of a complaint nor had one myself. If you'd write your own, which I must say would be extremely difficult, you'd probably have more chances of injections than using a premade one. Quote Link to comment Share on other sites More sharing options...
this.user Posted September 9, 2010 Author Share Posted September 9, 2010 So how would I handle the input? lets say the value is stored in $_POST['comment'] Here is what I am worried about for example: </div></div> Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 9, 2010 Share Posted September 9, 2010 Well as stated if you use a text-editor, it will strip out the stuff you don't want in it. I am pretty sure every editors has it's own ways of doing it, but I am also pretty sure you can just put the input right in the database. I recommend reading the documentation of the specific editor since this would be a wild guess Quote Link to comment Share on other sites More sharing options...
this.user Posted September 9, 2010 Author Share Posted September 9, 2010 thanks, ill look into it some more. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.