Using CHtmlPurifier as a filter

Hi everyone,

I'm new here and I'm currently testing Yii as a possible framework to recode my site on.

I've got one sticking point. In the documentation, it says that CHtmlPurifier can be used as a widget or a filter. A short widget usage example is given, but no example of using it as a filter is given.

I tried:

public function filters() {

  return array(

     'filtersystem.web.widgets.CHtmlPurifier + update, create'



But I get the following exception:

Filter "filtersystem.web.widgets.CHtmlPurifier" is invalid. Controller "MyController" does have the filter method "filterfiltersystem.web.widgets.CHtmlPurifier".

Could an example of using it as a filter be added to the documentation?



The array element should be either "CHtmlPurifier + update, create" or "system.web.widgets.CHtmlPurifier + update, create" (you have an extra "filter" in front it).

Also, make sure you really want to do this because the purifier will remove js code from your "update" or "create" pages.

So what exactly gets filtered when it's used as filter? View content? I'd like to filter user input $_POST data before sending it to the db. It seems to me that using it as a filter or as a widget is overkill. Why not a simple method that takes a string, "purifies" it and then returns the clean string? Something that could be used in either the controller action before sending to the db or in the view when you want to echo a variable.

CHtmlPurifier is way more confusing than it should be. Every framework I've tried in the past uses a simple method to filter strings through. I'd much rather do something like

$model->attribute = CHtmlPurifier::purify($_POST['Model']['attribute']);


$model->attribute = CHtmlPurifier::purify($_POST);

… which would return a clean array.

BTW… so far other than this, I'm finding Yii to be a breath of fresh air. Thank you!

Yes, you can use CHtmlPurifier like the way you did. Please see the doc for CHtmlPurifier::purify().

When you use CHtmlPurifier as a filter, it is meant to purify the content rendered by the view, not user input. Actually, that is what "filter" is generally being used for: pre- and postprocessing actions.

Ok, because the documentation states that CHtmlPurifier can be used as a widget or as a filter, it leads a newbie to believe that they can't use the class methods on their own. Perhaps the documentation needs to clarify that?

Thanks for your help.