aspose file tools*
The moose likes JForum and the fly likes Best place to sanatize posted HTML Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "Best place to sanatize posted HTML" Watch "Best place to sanatize posted HTML" New topic

Best place to sanatize posted HTML

Gavin Donald

Joined: Aug 03, 2013
Posts: 2
I am new to the structure of Jforum 2 and have found it easy to place TinyMCE editor in place of the default BB editor. I am now looking for the best place to trap the submission of posts so that I can sanatise it before it is saved to the database. I have found:

  • insert/insertSave/edit/editSave etc
  • fillPostFromRequest(..) method

  • I am assuming that their is a central dispatcher that passes control over to these methods but I haven't really found it yet. Does anyone have time to throw me a bone please?
    Jeanne Boyarsky
    internet detective

    Joined: May 26, 2003
    Posts: 29249

    Welcome to CodeRanch!

    PostCOmmon.fillPostFromRequest is a good place to do it. It is called by insertSave and editSave for posts AND insertSave for private messages. You want to sanitize both of course.

    Also consider if you need to sanitize any user profile fields like the signature.

    [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
    Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
    Gavin Donald

    Joined: Aug 03, 2013
    Posts: 2
    Thank you Jeanne, it looks like that has done the job nicely. Previously I had edited the GenericDAO classes but it was no where near as tidy.
    I agree. Here's the link:
    subject: Best place to sanatize posted HTML
    Similar Threads
    Caret position
    Binary Search
    suggestions for rich text editor
    XML Editor - So many to choose from.... help!
    DataOutputstream writeshort doesnt work