More information about this topic
Reset database
 | 
CHtmlPurifier
Try to input some html tags and see what tag does it filter :



The result:


The result in html:

protected/modules/SecurityModule/views/xss/htmlpurifier.php


echo "Try to input some html tags and see what tag does it filter : ";
echo CHtml::beginForm();
echo CHtml::textArea('user_input');
echo "<br/>";
echo CHtml::submitButton();
echo CHtml::endForm();

echo "<br/><br/>The result: <br/>";
echo $user_input;

echo "<br/><br/>The result in html: <br/>";
echo CHtml::encode($user_input);

protected/modules/SecurityModule/controllers/XssController.php

 public function actionHtmlPurifier(){
                $user_input = null;
                if (isset($_POST['user_input'])){
                        $user_input = $_POST['user_input'];
                }

                $parser=new CHtmlPurifier(); //create instance of CHtmlPurifier
                $user_input=$parser->purify($user_input); //we purify the $user_input

                $this->render("htmlpurifier", array('user_input'=>$user_input));
        }
Fork me on GitHub