TalkPHP - TinyMCE - cleaning up user input

TalkPHP (http://www.talkphp.com/forums.php)

- General (http://www.talkphp.com/general/)

- - TinyMCE - cleaning up user input (http://www.talkphp.com/general/2933-tinymce-cleaning-up-user-input.html)

Jmz	06-09-2008 11:18 AM

TinyMCE - cleaning up user input

How should I be cleaning up the data from a tinyMCE box? I want them to be able to use html but not execute anything bad.

Enfernikus

06-09-2008 02:08 PM

Well then you'd have to disable all <scripts> tags, and you could use Regex to do so. I'm horrible with Regex so it probably won't be close to this

PHP Code:


		
			

$szRegex = '/<script .* </script>/Usx';
preg_match_all($szRegex,$szContent,$aMatches);
for($i = 0; $i < count($aMatches); ++$i){
  //just look for the matches and use str_replace to get them out
}

drewbee

06-22-2008 03:03 PM

Also, it has been a while since I have used TinyMCE, but they have some built in cleaning tools that are used as well. Check out the manual.

Personally whenever I used tinyMCE, I sent the data straight to a text file, rather then a database.

All times are GMT. The time now is 12:18 AM.