Stored Cross - site scripting (XSS) issue


How to solve the Stored Cross site scripting (XSS) ?

Which is the better way?

I need the purifier for all input fields .

The example shows how i used it.

I have Updated the CActiveRecord class setAttribute function

is there any other better solutions ?

public function setAttribute($name,$value)


        //For preventing XSS- written by Rajith R

        $p = new CHtmlPurifier();

        $p->options = array('URI.AllowedSchemes'=>array(

                      'http' => true,

                      'https' => true,





            $this->$name=$p->purify($value); //Apply by Rajith R

        else if(isset($this->getMetaData()->columns[$name]))

            $this->_attributes[$name]=$p->purify($value); //Apply by Rajith R


            return false;

        return true;