[support] Using check_markup and check_plain
Vaibhav Jain
in.vaibhavjain at gmail.com
Wed Sep 26 10:55:26 UTC 2012
Nancy,
I am trying to escape XSS attacks, like alerts....
and on the same end, want to convert text URL into links.
I am doing this
$text = check_plain($text);
$text = check_markup($text,1);
print $text;
is this a correct way, or can there be a better way to achieve this.
On Wed, Sep 26, 2012 at 4:19 PM, Ms. Nancy Wichmann
<nan_wich at bellsouth.net>wrote:
> The standard Drupal mantra is "Filter on output." So do not filter before
> saving to the DB. You should filter when rendering the data. You should not
> use both functions together - that's asking for double encoding issues.
> Check_markup() will run the data through your input filters and make it
> safe - assuming that your filters are properly set up.
>
> *Nancy*
> Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L.
> King, Jr.
>
> ------------------------------
> *From:* Vaibhav Jain
>
> I am using D6, want to use check_plain and check_markup functions.
> What is the best time to use these functions and why ?
> Should they be used before data is saved to DB
> OR
> Just before the data is rendered.
>
> I am trying to use both the functions on the same piece of text, firstly
> escape with check_plain and then implement check_markup to implement few
> set of filters.
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
--
Regards,
Vaibhav Jain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20120926/f6fa4489/attachment-0001.html
More information about the support
mailing list