I have some very fundamental questions about the use of the setTagsAllowed and getTagsAllowed methods used with Zend Framework's Zend_Filter_StripTags? Specifically: Where should the list of tags defined? In the application's controller? Does the array have to include the <> eg '<h1>' or just 'h1'? Does the array have to include the ...
Hi, I need a little help clearing something up with Zend_Form and adding filters to an element. Now I was under the impression that when you add a filter to the form that, when the form is posted that filter was executed as part of dispatch in the controller. However when testing my form to my horror the filter StripTags doesn't seem ...
Hi, I'm using Zend_Filter_Input to sanitize input from a registration process. My code looks like so: $validators = array( 'user_id'=> array( array('Alnum', TRUE), 'NotEmpty', 'presence' => 'required', 'messages'=>array('Your username can contain only alphabetic or numeric letters, and must be bet...
Hello, I am trying to cut text from a database off if <!-- break --> is found then only show what is before the break. I currently have this code //get the description before the more link $project_blurb = htmlspecialchars_decode($project_data['p_desc']); if (strstr($project_blurb, '<!-- break -->')) { $project_blurb = ex...
I'm trying to use the following code and it still strips out all the tags. Am I doing something wrong? I'm using the newest V1.10 $allowed_tags = array('img', 'object', 'param', 'embed', 'a', 'href', 'p', 'br', 'em', 'strong', 'li', 'ol', 'span'); $allowed_attributes = array('style', 'src', 'alt', 'href', 'width', 'height', 'value', '...
I'm a little confused about the StripTags filter as used in Zend. I think it's meant to strip tags that could result in XSS. So shouldn't that mean it should be used when outputting data in the views? I've seen it being used with form inputs ->addFilter('StripTags') Should it be used with both input in the forms and output in the vie...