Closed nam-co closed 1 year ago
Hi @nam-co,
Please create an issue on the core HTML Purifier repository, as Purify simply wraps this library:
https://github.com/ezyang/htmlpurifier
I did however find a report of this issue there, and this appears to be intentional:
Thanks Steve, I will check it out, in your personal opinion do you think the laravel "string" validation is enough to keep the DB secure from a simple text input?
Happy to help @nam-co!
in your personal opinion do you think the laravel "string" validation is enough to keep the DB secure from a simple text input?
Yes, as long as you escape the content normally when outputting it in Vue/Blade using double curly brackets ({{ name }}
), or by using htmlspecialchars()
in PHP (which Laravel's Blade does automatically when using double curly brackets).
The database can contain any un-sanitized value. It's only when you output it to HTML to where it poses a security threat and must be escaped 👍
Hi @stevebauman thank you so much for the package, Im having problems trying to purify (text) something simple like "
A & B
" it turns it into "A & B
", how can I allow some letters to stay the same?The idea for this 'text' configuration is to just clean any malicious stuff
Appreciate any help