<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">You don't want check_plain and
check_markup together. Just use check_markup and the appropriate
filter (or create one that does the filtering you want). <br>
<br>
One other thing:<br>
<br>
$text = check_markup($text,1);<br>
<br>
That's fine for D7, but D6 should be:<br>
<br>
$text = check_markup($text, 1, FALSE);<br>
<br>
That prevents any permission problems.<br>
<br>
In D7 if you want to cache the filtered output, then use:<br>
<br>
$text = check_markup($text, 1, '', TRUE);<br>
<pre class="moz-signature" cols="72">Jamie Holly
<a class="moz-txt-link-freetext" href="http://www.intoxination.net">http://www.intoxination.net</a>
<a class="moz-txt-link-freetext" href="http://www.hollyit.net">http://www.hollyit.net</a></pre>
On 9/26/2012 6:55 AM, Vaibhav Jain wrote:<br>
</div>
<blockquote
cite="mid:CAGNDeNkTa=HAWrm5R79TVZw0NnS77qfAX211rGbhivYbP1j5VA@mail.gmail.com"
type="cite">Nancy,<br>
<br>
I am trying to escape XSS attacks, like alerts....<br>
and on the same end, want to convert text URL into links.<br>
<br>
I am doing this<br>
$text = check_plain($text);<br>
$text = check_markup($text,1);<br>
print $text;<br>
<br>
is this a correct way, or can there be a better way to achieve
this.<br>
<br>
<div class="gmail_quote">On Wed, Sep 26, 2012 at 4:19 PM, Ms.
Nancy Wichmann <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:nan_wich@bellsouth.net" target="_blank">nan_wich@bellsouth.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div
style="font-size:12pt;font-family:arial,helvetica,sans-serif">
<div><span>The standard Drupal mantra is "Filter on
output." So do not filter before saving to the DB. You
should filter when rendering the data. You should not
use both functions together - that's asking for double
encoding issues. Check_markup() will run the data
through your input filters and make it safe - assuming
that your filters are properly set up.<br>
</span></div>
<div> </div>
<div><font color="#ff007f" face="bookman old style, new
york, times, serif" size="4"><i><b>Nancy</b></i></font>
<br>
</div>
<div><font face="arial, helvetica, sans-serif">Injustice
anywhere is a threat to justice everywhere. -- Dr.
Martin L. King, Jr.</font></div>
<div
style="font-style:normal;font-size:16px;background-color:transparent;font-family:arial,helvetica,sans-serif"><br>
<blockquote style="border-left:2px solid
rgb(16,16,255);margin-left:5px;margin-top:5px;padding-left:5px">
<div
style="font-family:arial,helvetica,sans-serif;font-size:12pt">
<div style="font-family:times new roman,new
york,times,serif;font-size:12pt">
<div dir="ltr"> <font face="Arial">
<hr size="1"> <b><span
style="font-weight:bold">From:</span></b>
Vaibhav Jain</font><br>
</div>
<div class="im"><br>
<div>I am using D6, want to use check_plain and
check_markup functions.<br>
What is the best time to use these functions
and why ?<br>
Should they be used before data is saved to DB<br>
OR<br>
Just before the data is rendered.<br>
<br>
I am trying to use both the functions on the
same piece of text, firstly escape with
check_plain and then implement check_markup to
implement few set of filters.<br>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
--<br>
[ Drupal support list | <a moz-do-not-send="true"
href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a>
]<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Regards,<br>
Vaibhav Jain<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>