Jump to content

Field values set via API and sanitizing


pwFoo
 Share

Recommended Posts

User input should be sanitized...

If I use CKEditor at PW admin to change a field value it should be sanitized by CKEditor Advanced Content Filter (ACF) and HTML Purifier (activated at CKEditor Settings).

At the moment I play with frontend edit solutions.

  1. Frontend form (based on form api and PW inputfields) with a custom save process (set and save field value with PW api)
  2. Inline edit (jquery plugins jEditable, x-editable, jinplace) and a custom save process (see above)

So the values not saved by the PW admin / backend process and would be saved without sanitizing in both ways above... right?

Link to comment
Share on other sites

To my knowledge purifier does not run when saving textarea via api in your own forms. So you should do it yourself, according to needs.

I'm not sure how it works when using PW inputfields outside of the admin(solution 1). I never done that. Should be easy to test.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...