[jplarform] JInput & xml
41 views
Skip to first unread message
piotr_cz
Dec 29, 2011, 4:53:30 AM12/29/11
to Joomla! Platform Development
Hi,
recently I've been working on receiving xml by the component.
I haven't found any elegant way to do it, the closest is to use filter
HTML in JInput (http://docs.joomla.org/
JInput_Background_for_Joomla_Platform), which however works with
whitelist of valid xhtml tags (not html5). But JInput strips all tags,
leaving the node contents.
I found 2 workarounds:
- when used JInput filter as ARRAY, there is no cleaning at all (dirty
hack)
- encode xml using encodeURIComponent in JS and than urldecode on PHP
side (however it's hard to debug the data in console, besides that xml
is not an uri).
When using JRequest, there is an option JREQUEST_ALLOWHTML, which was
working quite fine but JRequest is deprecated.
I understand that cleaning up input is extermely important and
differentiating xml from xss may be hard, but I have a feeling I'm
missing something here.
Does anybody have any experience or any recommendations?
recently I've been working on receiving xml by the component.
I haven't found any elegant way to do it, the closest is to use filter
HTML in JInput (http://docs.joomla.org/
JInput_Background_for_Joomla_Platform), which however works with
whitelist of valid xhtml tags (not html5). But JInput strips all tags,
leaving the node contents.
I found 2 workarounds:
- when used JInput filter as ARRAY, there is no cleaning at all (dirty
hack)
- encode xml using encodeURIComponent in JS and than urldecode on PHP
side (however it's hard to debug the data in console, besides that xml
is not an uri).
When using JRequest, there is an option JREQUEST_ALLOWHTML, which was
working quite fine but JRequest is deprecated.
I understand that cleaning up input is extermely important and
differentiating xml from xss may be hard, but I have a feeling I'm
missing something here.
Does anybody have any experience or any recommendations?
Reply all
Reply to author
Forward
0 new messages