File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Best place to sanatize posted HTML

 
Gavin Donald
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am new to the structure of Jforum 2 and have found it easy to place TinyMCE editor in place of the default BB editor. I am now looking for the best place to trap the submission of posts so that I can sanatise it before it is saved to the database. I have found:

  • Post.java insert/insertSave/edit/editSave etc
  • PostCommon.java fillPostFromRequest(..) method


  • I am assuming that their is a central dispatcher that passes control over to these methods but I haven't really found it yet. Does anyone have time to throw me a bone please?
     
    Jeanne Boyarsky
    author & internet detective
    Marshal
    Posts: 33671
    316
    Eclipse IDE Java VI Editor
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Gavin,
    Welcome to CodeRanch!

    PostCOmmon.fillPostFromRequest is a good place to do it. It is called by insertSave and editSave for posts AND insertSave for private messages. You want to sanitize both of course.

    Also consider if you need to sanitize any user profile fields like the signature.
     
    Gavin Donald
    Greenhorn
    Posts: 2
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thank you Jeanne, it looks like that has done the job nicely. Previously I had edited the GenericDAO classes but it was no where near as tidy.
     
    raja gaj
    Greenhorn
    Posts: 3
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Gavin Donald wrote:I am new to the structure of Jforum 2 and have found it easy to place TinyMCE editor in place of the default BB editor. I am now looking for the best place to trap the submission of posts so that I can sanatise it before it is saved to the database. I have found:

  • Post.java insert/insertSave/edit/editSave etc
  • PostCommon.java fillPostFromRequest(..) method


  • I am assuming that their is a central dispatcher that passes control over to these methods but I haven't really found it yet. Does anyone have time to throw me a bone please?


    Hi Gavin,
    It would be great if you could share how you integrated TinyMCE with Jforum

     
    With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic