Best Way To Use Chtmlpurifier

Hi All,

I’m about to use CHtmlPurifier in order to clear any malicious code, I have been reading the doc and I found this:

Note: since HTML Purifier is a big package, its performance is not very good. You should consider either caching the purification result or purifying the user input before saving to database.

So I have doubts on how to use it, apparentely the best thing is to purify the user input before saving on db, I guess, by calling a custom class like this:

public funcion clearUserInput($text){

$p = new CHtmlPurifier();

$p->options = array('URI.AllowedSchemes'=>array(

  'http' => true,

  'https' => true,


$text = $p->purify($text);


So in every action that save data from a form… we would have something like this:










Is this approach correct?


Anyone? :mellow:

Hi menxaca

Today I post a similar issue

Yes it is corrected

you can also filter by rule validator in model

array('attribute1', 'filter', 'filter' => array(new CHtmlPurifier(), 'purify');