Check form input

I was wondering if it possible to check on ‘bad’ input eg. html, css, javascript when submitting a form.

Something simular like strip_tags function… ?

You can use validation rules and also check CHtmlPurifier

I guess I have to use it like this:

	public function rules() {    

	    return array(

			array('description_user', 'filter', 'filter' => array($obj=new CHtmlPurifier(),'purify')),



But when I enter html tags in the field description_user, he still store it in the dbase …

HTML purifier has many options to control purifying process.

HTML purifier is convenient if you whant to allow the user to use some tags and remove others.

And you can still use strip_tags if you want to remove tags from the input.

You can use it in beforeSave() model’s method like this:

protected function beforeSave() {

  $this->text = strip_tags($this->text);


  $obj=new CHtmlPurifier();

  $obj->options = array(...);

  $this->text = $obj->purify($this->text);