Show html tags in the template - symfony and CKEDITOR. how is security?

Question

Show html tags in the template - symfony and CKEDITOR. how is security?

I am using Symfony 1.4 and Doctrine 1.2. I installed the plugin http://www.symfony-project.org/plugins/sfCkPlugin if I add clean data from the form, this works fine, but in the template it will show me, for example:

<p><b>bold</b> <i>test</i></p>

etc.

instead

fat test

I need to add something here: getDesc ()? > but what?

In the MySQL database, I have:

 <p> <strong>bold</strong> <u>test</u></p>

Is it safety?

0

html php bbcode ckeditor symfony1

Tomy racks Aug 13 '11 at 16:42

source share

1 answer

benlumley · Accepted Answer · 2011-08-13T21:42:30+0000

This is due to the output of escaper in symfony.

You can fix this by calling getRawValue () according to the data:

 $obj->getDesc()->getRawValue();

Keep in mind that if you do this, you need to make sure that html / javascript / everything else has been entered safely for output to the page. If this comes from the backend, you're probably all right. But if it comes from end users, you have to make sure that you make it safe (block XSS attacks, prevent html that breaks the layout, etc.). This is a big topic!

Show html tags in the template - symfony and CKEDITOR. how is security?

More articles: