purify() doesnt work?

docc · June 27, 2011, 7:23pm

Im trying to pufify code but it seems that Yii purify function doesn’t work:




   public function beforeSave($event)

    {

		if($this->clearAll)

		{

			foreach($this->getOwner()->attributes as $attribute){

				$attribute = $this->purifier->purify($attribute);

				//var_dump($attribute);				

			}		

		}

		var_dump($this->purifier->purify("<i>jee<i>"));  //HERE IS THE IMPORTANT PART


		

    }

And the output looks like this:

string(17) "<i>jee<i></i></i>"

I can’t understand, it should look like this: “jee”.

I’m trying to fix this behavior to my ActiveRecord Classes http://www.yiiframework.com/wiki/67/xss-safe-model-content.

Why those html tags are not purified?

phtamas · June 27, 2011, 9:49pm

HtmlPurifier doesn’t remove all html tags by default. Tags considered to be “safe” will be kept. You may want to configure purifier via its $options property. Configuration options can be found here.