I did panic a little when I saw that Sanitize was being deprecated. I use it in all my models before save to clean inputs of non-HTML data. I even extended the Sanitize class to use htmlspecialchars instead of htmlentities (have to preserve accented characters, etc.).
-- Anyway I prefer to sanitize input before being saved as opposed to just using h() on output. For non HTML fields I think a viable alternative is to use the filter functions in PHP, for example:
For HTML input I use the HTML Purifier library as a vendor package and use a component to clean the input before saving in the controller. Just updated the Brita component that was posted long time ago in the Bakery:
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment