diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Form] Removed StripTagsListener. Its implementation is insufficient and needs to be replaced by a better one.

Browse Source 
The current implementation does not sanitize HTML properly. See [1] and [2] for more information.

[1] https://github.com/padraic/wibble
[2] http://blog.astrumfutura.com/?s=html+sanitising
This commit is contained in:
Bernhard Schussek 2011-04-18 14:19:20 +02:00
parent bee5d07d86
commit abb0d0cde1
1 changed files with 0 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/Symfony/Component/Form/EventListener/StripTagsListener.php
View File

@ -1,34 +0,0 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien.potencier@symfony-project.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Form\EventListener;
use Symfony\Component\Form\Events;
use Symfony\Component\Form\Event\FilterDataEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
* Strip tags from incoming input.
*
* @author Benjamin Eberlei <kontakt@beberlei.de>
*/
class StripTagsListener implements EventSubscriberInterface
{
public function onBindClientData(FilterDataEvent $event)
{
$event->setData(strip_tags($event->getData()));
}
public static function getSubscribedEvents()
{
return Events::onBindClientData;
}
}