HI
How to solve the Stored Cross site scripting (XSS) ?
Which is the better way?
I need the purifier for all input fields .
The example shows how i used it.
I have Updated the CActiveRecord class setAttribute function
is there any other better solutions ?
public function setAttribute($name,$value)
{
//For preventing XSS- written by Rajith R
$p = new CHtmlPurifier();
$p->options = array('URI.AllowedSchemes'=>array(
'http' => true,
'https' => true,
));
if(property_exists($this,$name))
$this->$name=$p->purify($value); //Apply by Rajith R
else if(isset($this->getMetaData()->columns[$name]))
$this->_attributes[$name]=$p->purify($value); //Apply by Rajith R
else
return false;
return true;
}